Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Apple's Vulnerability

Apple has issued an emergency software update after a cyber-surveillance company created invasive spyware that could infect any iPhone, iPad, Apple Watch, or Mac Computer. Toronto-based internet watchdog security group Citizen Lab said that NSO, the surveillance company which is an Israeli spyware company, developed the tool with a technique that could easily exploit Apple software.

Supply Chain Security Update: How Secure is Composer?

When it comes to PHP, composer is without discussion, THE package manager. It’s fast, easy to use, actively maintained and very secure — or so most thought. On April 21, 2021, a command injection vulnerability was reported, which shook the PHP community. Fortunately it didn’t have a very big impact, but it could have. The problem with the vulnerability is that it affected the very heart of the Composer supply chain: Packagist servers.

Missing Critical Vulnerabilities Through Narrow Scoping

The typical process when scoping a penetration test is to get a list of targets from the client, which are typically a list of IP addresses and/or hostnames. But where does this information come from, and how accurate is it? Chances are the client has documentation that lists the devices they think they have, and what addresses or names they have been assigned. This documentation will form the basis of the scope when conducting testing or scanning against a target environment.

What is a Network Vulnerability Assessment?

A network vulnerability assessment is the reviewing and analyzing of an organization’s network infrastructure to find cybersecurity vulnerabilities and network security loopholes. The assessment can be carried out either manually or by using vulnerability analysis software — although the latter is preferred because it’s less susceptible to human error and usually delivers more accurate results.

A guide to OWASP's secure coding

Modern organizations rely heavily on software and systems. Secure coding standards are significant, as they give some assurance that software installed on the organization’s system is protected from security flaws. These security standards, when used correctly, can avoid, identify, and remove loopholes that might jeopardize software integrity. Furthermore, whether developing software for portable gadgets, desktop systems, or servers, secure coding is critical for modern software development.

Detect and prevent dependency confusion attacks on npm to maintain supply chain security

On February 9, 2021, Alex Birsan disclosed his aptly named security research, dependency confusion. In his disclosure, he describes how a novel supply chain attack that exploits misconfiguration by developers, as well as design flaws of numerous package managers in the open source language-based software ecosystems, allowed him to gain access and exfiltrate data from companies such as Yelp, Tesla, Apple, Microsoft, and others.

Tips for Patching Security Vulnerabilities

Given the countless cyber threats facing organizations these days, security has become one of the most pressing issues on the executive mind. Yet when we talk about cybersecurity, we rarely focus on security vulnerabilities and how patching those vulnerabilities is crucial for a cybersecurity program. So what is vulnerability patching, exactly? A vulnerability is a flaw that cybercriminals can exploit to gain unauthorized access or to perform unauthorized actions on a computer system.

Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling

JFrog Security research teams are constantly looking for new and previously unknown vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a potentially critical vulnerability in HAProxy, a widely used open-source load balancer proxy server that is particularly suited for very high traffic web sites and used by many leading companies.