Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Top 5 Security Testing Types with Tools & Examples

Technology has shaped the world magnificently and has become a driving force for businesses and organisations. From academia to big enterprises, everyone is enjoying the perks of technological advancement in the form of applications, IoT devices, online shopping and businesses, portals, etc. including amateur to non-technical people, everyone now utilises some form of a networked-enabled communication system such as email, social media, etc.

What is the Difference Between Vulnerability Assessment and Penetration Testing?

A vulnerability assessment is the process of identifying IT security weaknesses in your network, operating systems, firewalls, and hardware, and then taking steps to fix them. Penetration testing, also known as “pen testing,” is an intentional, simulated cyberattack against your IT systems to find vulnerabilities and test the efficacy of cybersecurity controls. Both are essential components of a comprehensive vulnerability management and network security protocol.

7 Internet of Things Threats and Risks to Be Aware of

The internet of things (IoT) is a highly developed space that is home to a vast amount of sensitive data, making it a very attractive target for cybercriminals. Threats and risks continue to evolve as hackers come up with new ways to breach unsecured systems -- posing a threat to the ecosystem itself. Let’s take a look at the leading threats and risks to the IoT and the associated vulnerabilities that must be secured.

How to run your CodeXM checker

In part two of our series on writing checkers with CodeXM, we explore how to run your CodeXM checker with Coverity using a command line interface. In the last post, we discussed how to write a simple checker using CodeXM. But writing the checker is not our final purpose; our target is to use that checker on our own business code. In this post, we look at how to run your CodeXM checker with Coverity® using a command line interface.

INFRA:HALT 14 New Security Vulnerabilities Found in NicheStack

NicheStack is a TCP/IP network stack commonly used in millions of Operational Technology (OT) devices around the world, including in critical infrastructure such as manufacturing plants, power generation/transmission/distribution, water treatment, and more. JFrog’s security research team (formerly Vdoo), together with Forescout Research Labs, recently discovered 14 new security vulnerabilities affecting the NicheStack TCP/IP stack.

Are vulnerability scan reports dangerous?

Vulnerability scan reports are requested from a wide variety of people or entities for many different reasons. Historically a report meant a static snapshot of the scan data. Some company stakeholders may want an executive overview of the current vulnerabilities present in their environment. In contrast, others may want additional data points such as trending to reflect how well they have made progress in remediating previous vulnerability scans detected.

Mapping the Attack Surface for Insurance Applications

As insurance organizations look to attract and engage customers, the growing use of web applications has increased their cyber exposure and the risks of cyberattacks. In this benchmark study, we analyzed the attack surface of the top 10 insurers in Europe to highlight the common attack vectors and security weaknesses that could be exploited – from page creation method to vulnerable components – and our top tips for reducing web application security risks.

Announcing Social Trends: Use social media for security intelligence

We are excited to announce the availability of Social Trends, adding social media intelligence (SOCMINT) to Snyk’s vulnerability data to help development and security teams prioritize vulnerabilities more effectively. Given the size of vulnerability backlogs facing organizations today, finding and fixing security vulnerabilities in a timely manner is a monumental task. There simply are not enough hands on deck to triage and tackle all the vulnerabilities on the list.

Common web vulnerabilities every hacker and developer should know

Web applications and hosted software make up the largest attack surface for modern tech organizations. The most common web vulnerabilities being exploited go beyond the OWASP Top 10 list. At Detectify, we work in close collaboration with an invite-only community called Detectify Crowdsource to get the latest vulnerability research into the hands of security defenders. Besides knowing the vulnerabilities, you need the know how on how to mitigate them.

How to mitigate CVE-2021-33909 Sequoia with Falco - Linux filesystem privilege escalation vulnerability

The CVE-2021-33909, named Sequoia, is a new privilege escalation vulnerability that affects Linux’s file system. It was disclosed in July, 2021, and it was introduced in 2014 on many Linux distros; among which we have Ubuntu (20.04, 20.10 and 21.04), Debian 11, Fedora 34 Workstation and some Red Hat products, too. This vulnerability is caused by an out-of-bounds write found in the Linux kernel’s seq_file in the Filesystem layer.