HTTP Response Splitting entails a kind of attack in which an attacker can fiddle with response headers that will be interpreted by the client. The attack is simple: an attacker passes malicious data to a vulnerable application, and the application includes the malicious data in the single HTTP response, thus leading a way to set arbitrary headers and embedding data according to the whims and wishes of the attacker.

Enterprise data systems are like busy family households. You see a constant flow of activity to varying degrees from room to room. This activity includes people wandering, opening and closing doors. And then there are other streams constantly flowing through the household- electricity, water, Wi-Fi networks and more. In modern enterprises, the data deluge is a critical issue. While we take the complexity for granted in a household, such is not allowed in a connected enterprise.

The average company can’t do business without their third parties. Vendors, suppliers, partners, distributors, and contractors — third parties make it so much simpler to build, distribute and sell a product or service.

Managing the risks of your software supply chain requires more than a basic understanding of the software components that make up your applications. My wife and I have four children, which means we’ve done a ton of shopping at Costco over the years. First it was diapers, then cereal, then every other kind of food, all of which provided significant savings for our family of six.

A few days ago, Snyk reported on a new type of threat vector in the open source community: protestware. The advisory was about a transitive vulnerability — peacenotwar — in node-ipc that impacted the supply chain of a great deal of developers. Snyk uses various intel threat feeds and algorithms to monitor chatter on potential threats to open source, and we believe this may just be the tip of a protestware iceberg.

Just a few years ago, security orchestration, automation and response (SOAR) was the new buzzword associated with security modernization. Today, however, SOAR platforms are increasingly assuming a legacy look and feel. Although SOARs still have their place in a modern SecOps strategy, the key to driving SecOps forward today is no-code security automation.

This is the second post in the Threat-Based Methodology series. The first post introduced Threat-Based Methodology and the analysis conducted by the FedRAMP PMO and NIST. That post concluded with a list of the top seven controls based on their Protection Value. This post will explore CM-6 in greater depth and explain how Devo supports the ability to meet this control. CM-6, Configuration Settings, was determined to provide the most Protection Value with a score of 208.86.

Given Russia's reputation for highly-sophisticated cyberattacks, the country's invasion of Ukraine has sparked justified fears of an imminent global cyberwar. While, for the time being, Putin’s cyber efforts against Ukraine are surprisingly restrained, this may not be the case for other countries.

A joint Cybersecurity Advisory (CSA) was issued by the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) recently warning organizations about a Russian state-sponsored cyber-attack. The cyber actors ran arbitrary code using system privileges by exploiting a Windows Print Spooler vulnerability, “PrintNightmare.”

Endpoint devices played a big part in malware and ransomware attacks in 2021. According to a study covered by Help Net Security, security researchers detected more malware and ransomware endpoint infections in the first nine months of the year than they did for all of 2020. Attack scripts leveraging PowerSploit, Cobalt Strike, and other tools were particularly prevalent in that nine-month period, having grown 10% over the previous year after having already climbed 666% compared to 2019.