On January 30, 2023, QNAP Systems Inc. disclosed a new critical vulnerability that could allow remote attackers to inject malicious code on QNAP NAS devices that were exposed to the internet. QNAP has stated that the vulnerability is a SQL Injection flaw being tracked as CVE-2022-27596 and can be abused in low-complexity attacks by unauthenticated malicious remote threat actors without requiring user interaction.

Regardless of how last year went, a few things probably come to mind that you’d like to leave in 2022. Maybe it’s a bad habit you’d like to drop or a mindset you’d like to change. But speaking of ditching bad habits, some poor cloud application security practices shouldn’t carry over to 2023 either!

Containerization is becoming increasingly common due to portability, ability to isolate application dependencies, scalability, cost effectiveness, and ease of use. The ability to easily package and deploy code has changed the way that organizations work with applications. But like with Windows servers years ago, or AWS today, any time one specific technology gains a significant portion of the market share, it becomes a target for attackers.

All it takes for cybercriminals to breach your mission-critical networks, database, and IT systems is a single unpatched vulnerability. To prevent this and maintain good cyber hygiene, you need to obtain real-time vulnerability data. ‍ Vulnerability scans generate a lot of data that when analyzed reveal several security flaws.

Sliver’s growing popularity as an open-source C2 framework, Emotet’s comeback and new evasion techniques, and how Chinese hackers exploited a Fortinet flaw using a 0-Day.

The OWASP API Top 10 is a list of common vulnerabilities found in APIs. OWASP created it as a resource for developers, testers, and security professionals to help them understand how to protect against API threats. Many people think that APIs are just another type of web application, but they're not; they have their own set of risks and challenges that need to be addressed. A simple API call can result in a data breach that could have lasting consequences for your business.

Learn about CVE-2022-23846, a denial-of-service-vulnerability affecting GTP libraries found in Open5GS.

Python is a popular and powerful programming language that is often used for building web applications, data analysis, and automation. One of the key challenges in such projects is ensuring the security of network communication, which can be vulnerable to various threats such as man-in-the-middle attacks and eavesdropping. Fortunately, Python offers a range of libraries for encrypting and securing network communication.

I recently finished writing my debugging book and a debugging course. And as a result, I frequently get asked about my favorite debugging features. Debugging is much more than the IDE debugger. In fact, only the first chapter in the book deals with that aspect. But when we think about debugging, tour mind gravitates to the IDE. However, there are still many nooks and crannies to discover inside these amazing tools. The core reason for this is simple — we never learned to debug.