On November 6th, 2019, Detectify added security tests for 50+ of the most popular WordPress plugins, including Easy-WP-SMTP. Although the zero-day affecting Easy-WP-SMTP (CVE-2020-35234) was recently patched, WordPress estimates that many of the 500,000+ active installs of the plugin remain unpatched. Detectify scans your applications for this vulnerability and alerts you if you are running a vulnerable version of WordPress and WordPress plugins.

If 2020 taught us anything, it’s to expect the unexpected. While there don’t seem to be enough words to cover the changes that we all did our best to adjust to, we are more than happy to give you our rundown of the top 10 open source vulnerabilities in 2020.

CVE-2020-28052 is an authentication bypass vulnerability discovered in Bouncy Castle’s OpenBSDBcrypt class. It allows attackers to bypass password checks.

For our annual State of Software Security report, we always look at the most common types of security flaws found in applications. It’s important to look at the various types of flaws present in applications so that application security (AppSec) teams can make decisions about how to address and fix flaws. For example, high-severity flaws, like those listed in OWASP Top 10 or SANS 25, or highly prevalent flaws can be detrimental to an application.

On Tuesday 8th December in an unprecedented move leading cybersecurity provider FireEye admitted they had been breached and several of their red team tools and scripts had been stolen. In this blog we look at the list of vulnerabilities in these tools and how to protect your organization.

With a CVSS score of 10, Zerologon is a privilege escalation vulnerability that can be used to spoof domain controller accounts and hijack domains.

2020 will always be remembered as the year our lives changed dramatically due to the Coivd-19 pandemic. Here our panel of security experts look back at the lessons learned in the past 12 months and share their predictions for the key security challenges organizations will face in 2021.

This week Synopsys released the “DevSecOps Practices and Open Source Management in 2020” report, findings from a survey of 1,500 IT professionals working in cyber security, software development, software engineering, and web development. The report explores the strategies that organizations around the world are using to address open source vulnerability management, as well as the problem of outdated or abandoned open source components in commercial code.

Organizations face an ever-evolving threat landscape. With this in mind, it is imperative that organizations keep an up-to-date vulnerability management policy for remediating and controlling security vulnerabilities that may lead to a breach. A good vulnerability management policy should contain the following.

On October 29th, Detectify released a security test to detect a critical Oracle WebLogic Server RCE – CVE-2020-14882. Again in November, Oracle released an out-of-band security patch to fix a related RCE for Oracle Fusion Middleware. These vulnerabilities are currently being exploited by multiple botnets in the wild. Detectify scans your application for both of these vulnerabilities and will alert you if you are running a vulnerable version of Oracle WebLogic Server.