Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

What Are Risk Assessment Methodologies?

Risk is inescapable. However careful your company might be, it cannot experience growth without accepting a certain amount of risk. The key to a successful risk management program is to prepare for risk as thoroughly and efficiently as possible. This includes regular risk assessments to understand which risks should be prioritized and how best to prevent any potential losses.

Emerging Risk Management Trends You Need to Know

With every passing day, businesses become more entwined in an ecosystem of partners, vendors, and suppliers in global markets. A local natural disaster, for example, can have far-reaching consequences throughout a global supply chain; so controlling, recognizing, and mitigating risks is critical to a company’s business continuity and financial stability.

PCI Scope: What Is it & Best Practices

E-commerce is a huge commercial realm, with some 2.14 billion digital buyers worldwide by the end of 2021. At the heart of e-commerce is the ability to keep payment card data secure during online transactions, and at the heart of payment card security is PCI compliance. Technically PCI compliance is not required by law, but it has been considered mandatory in court rulings, and credit card companies require it for merchants to process online transactions.

Log4j Log4Shell 0-Day Vulnerability: All You Need To Know

Last Thursday, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java (specifically, the 2.x branch called Log4j2). The vulnerability was originally discovered and reported to Apache by the Alibaba cloud security team on November 24th. MITRE assigned CVE-2021-44228 to this vulnerability, which has since been dubbed Log4Shell by security researchers.

Glide to JFrog DevSecOps with the New Experience

We’re excited to share with you that we have launched a completely new way to start using the JFrog DevOps Platform that you – as a developer – will love. We’ve provided a super-easy, developer-friendly path to discovering how Artifactory and Xray can help you produce safer apps, faster, getting started through the command line shell and IDE that you use every day.

Apache Log4j Vulnerability CVE-2021-44228 - How to discover and minimize your exposure

On Thursday, December 9, a zero-day vulnerability CVE-2021-44228 (a.k.a. Log4Shell, LogJam, and Log4j) was made public. This vulnerability impacts Apache Log4j versions 2.0-beta9 to 2.14.1, and it has the highest possible CVSS score of 10.0. As of today, it is widely regarded as one of the most dangerous and widespread vulnerabilities to date.

New test added for actively exploited critical CVE-2021-44228 Apache Log4j RCE

Thanks to Detectify Crowdsource hackers, Detectify quickly developed a security test to detect Critical vulnerability CVE-2021-44228 Apache log4j RCE. This vulnerability has set the internet alight over the past few days. Right now, exploit developers and security researchers are still understanding the potential capabilities provided by the vulnerability. Detectify received a working POC for this critical 0-day vulnerability from the Crowdsource community on Friday.

CVE-2021-44228: Log4J2 Remote Code Execution

On Dec. 9, 2021, a remote code execution (RCE) vulnerability in Apache log4j 2 was identified, (Dubbed “Log4Shell” by researchers), affecting massive amounts of servers all over the world. As this vulnerability gains high traction worldwide, it’s important to note, that not only internet facing java applications are vulnerable, as user input can traverse to another non-internet facing machines and exploit these as well.