Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Product Update: Address Net Model for Address Verification

Complex address systems and its verification have continued to be a big riddle for technology companies. Currently address verification is done manually by matching the address mentioned in the identity document with the address filled in any kind of application form filled by the customer.

SuiteCRM: PHAR deserialization vulnerability to code execution

SuiteCRM is a free and open source Customer Relationship Management application for servers. This advisory details a PHAR deserialization vulnerability that exists in SuiteCRM which could be leveraged by an authenticated administrator to execute commands on the underlying operating system. This issue has been fixed in release 7.11.19. In PHP, PHAR (PHP Archive) files can be used to package PHP applications and PHP libraries into one archive file.

Weekly Cyber Security News 07/05/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. With images of all the best spy movies out there, you just can’t help enjoy this one. While its not possible to control the driving of the car, flinging the car doors open at speed might have an interesting effect on the occupants (and allow our spy to gain access of course while swinging from the drone).

What is FIPS 140-3? The Critical Updates You Must Be Aware Of

FIPS 140-3 is the long-awaited update to FIPS 104-2 which was established on May 25, 2001. This updated validation process is finally capable of addressing the cryptographic modules that have evolved since 2001. This validation process includes testing with respect to certain standards or protocols and then the issuing of an official certificate from NIST (National Institute of Standards and Technology) confirming compliance with FIPS 140-3.

What is inherent risk? Your sensitive data could be In danger

Inherent risks are the cyber risks and vulnerabilities within an organization before security measures are implemented. In contrast, residual risk is calculated after cybersecurity protections have been put in place to protect against all of these inherent risks; its calculation includes every possible attack vector that could affect a system or data.

4 Reasons Cloud-Native Organizations Benefit from Cloud-Native Logging and SIEM

For cloud-native organizations — those begun in the past decade or so — obtaining critical services from other cloud-native companies makes sense. After all, the whole point of being cloud native is to avoid physical infrastructure wherever possible. You want to focus on your business, not managing the systems and infrastructures that support it. That strategy applies to your logging and security information and event management (SIEM) solution, as well.

Password security tips and best practices for enterprises

In honor of World Password Day, we’re doing our part to help keep your business secure by discussing the good, the bad, the ugly and the critical about passwords. Let’s face it: between all the logins we need for work and all the accounts we use in our personal lives, there are too many passwords to remember. So many of us do what seems natural—use the same password for multiple accounts.

What is an attack vector? Assess your attack surface and how to avoid cyber attacks.

Attack vectors are defined as the means or paths by which hackers gain access to computers remotely with malicious intentions such as delivering payloads or carrying out other harmful activities. Some common ones are malware, social engineering, phishing and remote exploits.

Snyk Code is now available for free

Snyk’s mission is to empower developers and DevOps teams to secure their applications. As part of that security mission, Snyk offers a Free plan for Snyk Open Source, Snyk Container, and Snyk Infrastructure as Code, so all developers can code securely. Today, we’re excited to announce that Snyk Code is now available for free as well.