A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Complex features require a little more care and understanding. If unsure I would advise disabling them and looking at the documentation – that is assuming such features have correct documentation!.

In cybersecurity, an attack vector is a method of gaining unauthorized access to a private network. These pathways are either unintentional, such as vulnerabilities in third-party software, or intentionally designed by hackers, such as malicious software (malware). Cybercriminals primarily exploit attack vectors to advance extorsion tactics, the most popular being the deployment of ransomware.

During a web shell attack, a cybercriminal injects a malicious file into a target web server's directory and then executes that file from their web browser. After launching a successful web shell attack, cybercriminals could gain access to sensitive resources, recruit the target system into a botnet, or create pathways for malware or ransomware injections. If you haven't implemented defense strategies against this cyber threat, your systems are at a high risk of exploitation.

It doesn’t seem that long ago that I wrote about the OWASP Top 10 changes that came in 2017. OWASP has announced the release for the new 2021 Top 10. Find out more about Broken Access Control and Cryptographic Failure vulnerabilities and understand what it means for application development and DevSecOps

Nightfall has added remediation actions for Google Drive violations, so you can fix the issue automatically or with just a click. Nightfall for Google Drive is one of our most popular integrations, helping customers to discover and classify sensitive data across Google Drive. Once sensitive data violations are found to exist in Google Drive, you want to take steps to protect the data – because removing the risk is really the point, isn’t it?

Customers using Microsoft SQL Server tend to grow horizontally in terms of the number of databases. For recent versions of SQL Server, the max number of databases you can have on a single instance is 32,767 and it is common to see customers push that limit. At Rubrik, we have run into several customers who approach 10,000 databases on a single host. As SQL Server accelerates the push into the enterprise segment, one needs to address the problem of managing and protecting these servers at scale.

Do you want to archive old emails now? We’ve all seen the prompt and many of us choose to consign thousands of emails to an uncertain fate, protected (somewhere) in case we should ever need to cover our arses in some future argument. But this paints a very limited and negative picture of the importance and indeed relevance of archives. Today archives are associated with rearward-facing research, often seeking to uncover a truth long after alternative facts have taken hold.

The Open Web Application Security Project (OWASP) is a not-for-profit organisation that aims, through community-led open-source projects, to improve the security of web-based software. OWASP develop and manage a public framework that documents the top 10 risks to application security, the OWASP Top 10. It provides developers and security professionals with the industry’s consensus on the most significant risks to web applications and recommends security controls to mitigate them.

Our team of penetration testers arguably have the most interesting and exciting roles within the business, or perhaps, in the world. From robbing banks to breaking and entering, pen testing isn’t your typical desk job. So we’ve asked them to share some of their most interesting stories to really give you career envy! Let’s see what we can find out about a day in the life of a pen tester.

Network traffic analysis is the routine task of various job roles, such as network administrator, network defenders, incident responders and others. Wireshark plays a vital role during the traffic analysis; it comes pre-installed in many Linux OS’s, for instance, Kali. otherwise, it is available to download from the official website. This article covers the traffic analysis of the most common network protocols, for example, ICMP, ARP, HTTPS, TCP, etc.