Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Fixing CRLF Injection Logging Issues in Python

It can sometimes be a little challenging to figure out specifically how to address different vulnerability classes in Python. This article addresses one of the top finding categories found in Python, CWE 117 (also known as CRLF Injection), and shows how to use a custom log formatter to address the issue. We’ll use this project, which deactivates or deletes user accounts from the Veracode platform, to illustrate the functionality.

Continue Clean-up of Compromised SolarWinds Software

Last week, the United States Cybersecurity & Infrastructure Security Agency (CISA) advised on initial steps to take in response to the SolarWinds software that was compromised by advanced persistent threat actors. While federal agencies were under a deadline to complete certain actions, this issue will require continued clean-up and longer-term efforts to mitigate the threat.

Top Three Devo Cybersecurity Predictions for 2021

For any organization that felt prepared, with their operations well-planned as they headed into 2020, that feeling disappeared quickly. 2020 became the year of the unexpected, forcing organizations to adapt, repeatedly. Looking ahead to 2021, companies of all types and sizes are working to be as prepared, agile, and adaptable as possible. This is certainly true when it comes to building or restructuring an organization’s cybersecurity posture.

Things to consider when choosing a software composition analysis tool

The rise of open source software is not without risks for today’s applications. Use a software composition analysis tool to mitigate these risks. Gartner, in its “Market Guide for Software Composition Analysis,” details the need to make software composition analysis (SCA) part of your application security testing tool suite. We discussed the what and why in a recent blog post; today let’s discuss the how.

The 2020 Must-Know Security Breach Statistics

Security breaches are becoming increasingly commonplace and dangerous. The World Economic Forum nominated cyber-attacks as one of the major threats to global stability for 2019. Not only money is at stake, as breaches have an appalling effect on organizations’ reputation, trustworthiness, and often prove to a business killer. Most important, however, is the data – our personal data that once stolen is available to cybercriminals to exploit.

The 10 Most Common Website Security Attacks (and How to Protect Yourself)

Every website on the Internet is somewhat vulnerable to security attacks. The threats range from human errors to sophisticated attacks by coordinated cyber criminals. According to the Data Breach Investigations Report by Verizon, the primary motivation for cyber attackers is financial. Whether you run an eCommerce project or a simple small business website, the risk of a potential attack is there.

IT security under attack: Why are group memberships so crucial?

Security groups either make or break your IT security. Group memberships are responsible for administrative access in your your network and define access to other privileged resources and data on your domain. Ever wondered how a simple misconfiguration of a group membership could lead to a security incident? This blog elaborates the most common misconfiguration or security loopholes that can cause damage to the sensitive data in your network.

Weekly Cyber Security News 18/12/2020

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24 What an interesting week. I’m going to skip the issues over SolarWind breach and go for the usual non-sensationalist articles. The first, and one I so welcome along with many out there I’m sure is the final, and I mean final end of Flash. Yay.

Helpful Answers to Your SASE-est Questions

If you joined us for Netskope’s SASE Week, you’ll know that we covered quite a bit of ground with our talks and programming. For a relatively new concept, there’s still so much potential to explore and discuss that we could probably talk about it for much longer than just a week. Netskope customers, large and small, are seeing the cost and business benefits of moving to a cloud-native control point, with the security posture and risk management tools they need.