JFrog has recently disclosed a directory traversal issue in CivetWeb, a very popular embeddable web server/library that can either be used as a standalone web server or included as a library to add web server functionality to an existing application. The issue has been assigned to CVE-2020-27304.

In today’s highly interconnected worlds, CISOs face a dual challenge: protecting data and reporting to the Board of Directors. Log management has long been a tool in the CISO’s back pocket, helping gain insight into potential security issues. However, the rise of cloud-based infrastructures changes this, making log management increasingly difficult.

Many organizations allow their corporate devices to be shared by different employees, or hand them out to teams or departments on a rotating basis. Healthcare providers, logistics companies, retailers, and schools often deploy mobile devices that are shared to ease the device management process, cut down on inventory costs, solve issues arising from workspace changes, and efficiently manage contract employees and students.

Dealing with the massive architecture of client-server networks requires effective security measures. Everyone has become painfully aware of all dangerous fishes roaming around the pool of the network, trying to get access to the system. Having a weak password policy is a key vector for attackers to gain system access. However, admins can help protect password security of the wide-reaching network using Group Management Policy (GPO).

The 1Password Security team is a crew of wonderful characters responsible for security, privacy, and compliance. We have three very high-level objectives: to keep customer data safe, to keep company/employee data safe, and to keep the product safe.

Solvo is empowering developers and DevOps engineers by enabling them to run their cloud infrastructure with least privilege access, at speed and scale. In this article, we’ll go through a workflow combining Solvo’s automatic platform with Snyk Infrastructure as Code (Snyk IaC) to create customized and secured access from a Lambda function to an AWS S3 bucket. This blog was originally posted on the Solvo website.

Today’s business landscape means having various business partners. From contractors to technology vendors, third parties are now part of everyone’s daily operations. However, with every new third-party you onboard, you also add a new risk. Supply chain attacks compromise your data, even if the third-party isn’t providing you a technology solution. To secure your data, you need to identify and classify high-risk third parties.

Software and Data Integrity Failures is #8 in the current OWASP Top Ten Most Critical Web Application Security Risks.

Server-Side Request Forgery is #10 in the current OWASP Top Ten Most Critical Web Application Security Risks.