Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Preparing for PCI DSS 4.0: what you need to know

The PCI DSS is a minimum set of requirements designed to help organisations protect customer cardholder data, minimise fraud, plus prevent, detect and respond to cyber-attacks. All organisations that accept and/or process credit card payments are required to undertake an annual PCI DSS audit of security controls and processes, covering areas of data security such as retention, encryption, physical security, authentication and access management. Version 3.2 of the PCI DSS was introduced in 2016.

What's in a (re)name: RCE Hunting in CMSs via Unrestricted File Upload

During a recent bug hunting binge I discovered my first two vulnerabilities that could be exploited to achieve remote code execution (RCE). No bragging rights were earned though, because finding and exploiting these issues was incredibly straightforward. I’m not humble bragging here (I wish). In fact, the issue underlying both vulnerabilities, which each affect a different content management system (CMS), is very basic and was literally the second thing I checked for.

Protecting remote endpoints

Although businesses have been tasked with addressing a number of remote assets associated with off-site resources such as a sales force that’s often mobile, the number of remote endpoints has grown exponentially. The laptops and mobile devices needed to facilitate working from home full-time for a large percentage of their workers given recent global events has exploded.

OWASP Top 10 Application Security Risks (With Examples & Recommendations)

OWASP stands for The Open Web Application Security Project. It is a non-profit foundation that works to improve application security for software. Through community-led projects globally, it is a great source for tools, resources, education & training for developers and technologists to secure the web and mobile applications. Read our article to learn more about the OWASP top 10 vulnerabilities with examples.

Common Nginx misconfigurations that leave your web server open to attack

Nginx is the web server powering one-third of all websites in the world. Detectify Crowdsource has detected some common Nginx misconfigurations that, if left unchecked, leave your web site vulnerable to attack. Here’s how to find some of the most common misconfigurations before an attacker exploits them. Nginx is one of the most commonly used web servers on the Internet due to it being lightweight, modular, and having a user-friendly configuration format.

In the Financial Services Industry, 74% of Apps Have Security Flaws

Over the past year, the financial services industry has been challenged with pivoting its operations to a fully digital model, putting the security of its software center stage. Despite the unanticipated pivot, our recent State of Software Security v11 (SOSS) report found that the financial services industry has the smallest proportion of applications with security flaws compared to other sectors, along with the second-lowest prevalence of severe security flaws, and the best security flaw fix rate.

The Federal Office Has a New Look: Here's How to Keep it Secure

A Government Business Council report from September of this year found 63% of federal employees are fully remote, with many expecting to remain that way for at least the next six months. In this new reality, mobile devices have become a critical lifeline. But the mobile phones and tablets that keep us efficient and effective also open our organizations up to new risks against which existing security does not defend.

Attackers vs. Hackers - Two *Very* Different Animals

The cybersecurity industry is more well-informed than most, but even so, misconceptions arise and spread, helped along by the fact that the rise in cybersecurity incidents has led to substantial “pop culture” intrigue with all things cybersecurity. One of the more harmful of these misconceptions is the conflation of “hacker” and “attacker,” terms which are treated as interchangeable. They’re not.

CloudFabrix announces Observability-in-a-Box with Edge AI Capabilities to simplify and accelerate AIOps deployments

CloudFabrix is enhancing its AIOps platform with native Observability and AI at the edge capabilities to bridge the gap between Observability and AIOps solutions. Enterprises are struggling with unifying multitude of expensive monitoring deployments as well as gaps in observability, specifically for modern application architectures that include usage of microservices, containers and Kubernetes.

Protecting PHI in Slack: Nightfall adds DLP (and value) to Perry Health

Pan Chaudhury created Perry Health in 2017 to streamline healthcare delivery. He and his co-founders envisioned a digital health tool to assist healthcare providers in managing chronic conditions like diabetes and hypertension by coordinating care and communication. Perry Health supports better healthcare outcomes by monitoring and engaging with patients when they’re not in the doctor’s office.