ServiceNow recently patched critical vulnerabilities (CVE-2024-4879, CVE-2024-5178, CVE-2024-5217) that allow remote code execution and sensitive file reads. Exploits involve server-side template injection using Apache Jelly. Traceable has deployed protection mechanisms to safeguard against these threats.

APIs are essential for modern web applications, but they also introduce significant security challenges. Even large enterprises can fall prey to simple API vulnerabilities, as demonstrated by Traceable's discovery of a critical security flaw in Honeywell’s BEDQ system. This incident underscores the importance of robust API security measures.

In today's connected world, automobiles are complex systems driven by APIs, but this brings risks; Traceable ASPEN's latest research highlights urgent automotive security needs by analyzing recent vulnerabilities, including real-time vehicle tracking and data breaches.

Researchers have identified a critical remote code execution vulnerability in PHP, known as CVE-2024-4577. This flaw, affecting PHP installations on Windows, exploits a Unicode processing oversight, allowing attackers to inject arbitrary command-line arguments. With a CVSS score of 9.8, it poses a severe threat to server security. Read on to understand the vulnerability, its impact, and essential protective measures.

Mobile device management systems (MDMs) are a staple in any large enterprise IT toolkit. When your organization has a large number of employees, it’s important to keep a catalog of all devices that have access to the corporate network.

Many consumers are big fans of smart appliances and toys for their ease of use and integration into their smart home setups. However, whenever you can remotely access your smart device, there is always a chance that someone else can too if the manufacturer has not implemented proper security measures. One such incident has caused a wave of media coverage recently - a connected/smart laundry system created by CSC ServiceWorks could be tricked into giving free laundry cycles.

CVE-2024-3400 targets Palo Alto GlobalProtect, allowing attackers to write arbitrary files and execute system commands. Upgrade PAN-OS immediately and learn best practices for preventing future exploits.

Traceable launches Traceable ASPEN, a specialized research team dedicated to revolutionizing API security. Discover how Traceable ASPEN is tackling API sprawl, vulnerability discovery, and threat intelligence. Meet our expert team of security professionals, including OWASP project leaders and industry researchers. Stay ahead of the API security curve with Traceable ASPEN's groundbreaking research and insights.

Critical SSO Vulnerability Exposed in Fortune 500 Application. Researchers discovered a flaw in Single Sign-On implementation that could have compromised millions of user records. Learn about SSO security risks, essential fixes, and how to protect your APIs from similar attacks.