Infrastructure as Code (IaC) is a powerful mechanism to manage your infrastructure, but with great power comes great responsibility. If your IaC files have security problems (for example, a misconfigured permission because of a typo), this will be propagated along your CI/CD pipeline until it is hopefully discovered at runtime, where most of the security issues are scanned or found. What if you can fix potential security issues in your infrastructure at the source?

CVE-2022-39063 is a vulnerability in the Open5GS project, an open source implementation of 5G components. The Synopsys Cybersecurity Research Center (CyRC) has exposed a denial-of-service vulnerability in Open5GS. Open5GS is an open source project that provides LTE and 5G mobile packet core network functionalities with an AGPLv3 or commercial license. It can be used to build private LTE/5G telecom networks by individuals or telecom network operators.

For many years, the U.S. government was hesitant about moving data and applications to the public cloud. Concerns around security were prevalent. Today, cloud has become a central proposition of IT spend in government institutions. With the government urging federal agencies to move to the cloud for its agility, scalability, and cost efficiency, those agencies need access to FedRAMP®-authorized vendors.

We’ve seen major shifts in the digital landscape that have far reaching implications on organizations around the world. These include the widespread adoption of hybrid work, the accelerated migration from on-premise to cloud resources, and the exponential increase of data in the cloud.

SMTP Injection vulnerabilities are often misunderstood by developers and security professionals, and missed by static analysis products. This blog will discuss how common SMTP Injection vulnerabilities can exist in libraries and applications, and provide tips for finding and remediating them quickly.

Authentication as a baseline security control is essential for organizations to know who and what is accessing corporate resources and assets. The Cybersecurity and Infrastructure Security Agency (CISA) states that authentication is the process of verifying that a user’s identity is genuine.

‍ NIST Special Publication 800-171 (NIST SP 800-171 or NIST 800-171) is a set of security controls within the NIST Cybersecurity Framework that establishes baseline security standards for federal government organizations. NIST SP 800-171 is mandatory for all non-government organizations operating with federal information systems.

Cyber VRM is the practice of identifying, assessing, and remediating the cybersecurity risks of third-party vendors. This involves combining objective, quantifiable data sources like security ratings and data leak detection with subjective qualitative data sources like security questionnaires and other security evidence to get a complete view of your third-party vendors’ security posture. A Cyber VRM solution facilitates this practice.

As we move further into 2022, the world of web application testing is changing. We are seeing new challenges and opportunities as businesses become more reliant on online applications. In this blog post, we will discuss the latest trends in web application testing and how you can prepare your business for the future.