CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is designed to prevent bots or spam attacks from accessing a webpage. Traditionally users were tasked with typing text from a simple image, but over time CAPTCHA has evolved into more complex images and voice recognition in response to the increasing sophistication of attacks.
Fuzzing can be dangerous. After all, you’re trying to break things. In fuzzing, you deliver deliberately malformed inputs to software to see if the software fails. If it does, you’ve located a vulnerability and can go back to the code and fix it. It’s an excellent, proactive method for software development organizations to fix security weaknesses. And it should be no surprise that fuzzing is also the preferred method for attackers who want to locate zero-day vulnerabilities.
It is common and intuitive to think that a security manager is responsible for the protection of their own team and organization. Spending the company’s resources on the security of another organization may sound unreasonable. However, recent events in the retail industry teach us otherwise. Today more than ever, as 3rd-party risk is gaining speed, executives are exposed to threats from unexpected directions and involving new weak points.
Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.
Whether you’re a developer or a security engineer, Software Composition Analysis—or SCA for short—is a term you will start to hear of more and more. If you haven’t already, that is. The reason for this is simple. Your company is increasingly relying on open source software and containers to develop its applications and by doing so is introducing risk in the form of security vulnerabilities and license violations.
XML External Entities (XXE or XML injection) is #4 in the current OWASP Top Ten Most Critical Web Application Security Risks.
The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world, yet few organizations are completely compliant with its statutes. Complacency is dangerous territory. Non-compliant entities could be fined up to £18 million or 4% of annual global turnover (whichever is greater). This post clearly outlines the standards set by the GDPR and provides a checklist to help organizations remain compliant.
Digital attackers are increasingly targeting energy organizations including those that support national electric grids. As reported by Morning Consult, security researchers found that utilities worldwide had suffered a recorded 1,780 distributed denial-of-service (DDoS) attacks between June 15 and August 21, 2020. That’s a 595% year-over-year increase.
Life sciences teams are more decentralized than ever, yet the need for speed persists. Even before the pandemic, the ability to bring together quality, clinical, and regulatory personnel to hit project timelines is what separated successful projects from those that languished. The pandemic added another barrier to an already complex venture.
Having closed brick-and-mortar operations on March 16, 2020 for safety reasons, the nearly overnight shift to a purely e-commerce revenue model brought uncertainty. However, a rapid uptick in online sales provided a sense of relief, albeit short-lived. Our client became concerned when a closer look at the online transactions revealed an unusually large volume of electronic gift card purchases made using their private label credit card.
