No patches have been issued for 35 of 55 security vulnerabilities impacting the popular open-source caching and forwarding proxy Squid that were identified two years ago, according to SecurityWeek.
Attackers could leverage many of the flaws to trigger crashes, while some could prompt arbitrary code execution against more than 2.5 million internet-exposed Squid proxy instances, said security researcher Joshua Rogers, who discovered and reported the bugs. With the Squid Team's lack of resources hindering the release of security patches, organizations using the proxy have been urged by Rogers to examine their implementations.
"With any system or project, it is important to regularly review solutions used in your stack to determine whether they are still appropriate. If you are running Squid in an environment which may suffer from any of these issues, then it is up to you to reassess whether Squid is the right solution for your system," said Rogers.
Several new features have been added by DevOps security firm Cycode to its application security posture management platform led by the inclusion of generative artificial intelligence into its Risk Intelligence Graph, reports SiliconAngle.
Incident response firm BreachQuest has been purchased for an undisclosed amount by cyber risk management provider Resilience to facilitate more efficient cyber incident response efforts, SiliconAngle reports.