Just recently, our open-source fuzzing engine Jazzer found an Expression DoS vulnerability in Spring (CVE-2023-20861). Now, three weeks later, Jazzer found another similar Expression DoS in the Spring framework, labeled CVE-2023-20863. This new finding has an even higher CVSS score of 7.5 (high), compared to the previous finding which came in at 5.3 (medium).

With a surplus of software security testing solutions on the market, identifying the right SCA solution has never been more important. In today’s world, there is an increasingly large number of software security tools and testing solutions available with a range of capabilities, including software composition analysis (SCA), for managing open source risks.

Nexx is a home security company that specializes in internet-connected security devices such as alarms, garage door openers, cameras, plugs, and more. The company works to make homes safer and to help with home automation goals. Unfortunately, it appears that Nexx products are vulnerable to some major security issues, and it doesn't appear that the company is actively working to fix the issues.

Password security plays a fundamental role in Identity and Access Management (IAM). The easiest way for cybercriminals to breach an enterprise network is to obtain a set of legitimate login credentials. This allows them to bypass firewalls, intrusion detection systems and other technical security solutions. Once inside, they can remain undetected for extended periods of time.

When researching which managed detection and response (MDR) service provider to partner with, security professionals would do well to consider whether the provider also has experience with threat hunting, a topic we covered in a previous post. As with MDR, however, threat hunting offerings can vary dramatically, and an innovative, human-led form promises significant gains in terms of cyber protection: advanced continual threat hunting.

The use of Amazon Web Services (AWS) in organizations around the world is prolific. The platform accounted for 31% of total cloud infrastructure services spend in Q2 2022, growing by 33% annually. Despite its widespread use, many organizations still fail to consider the nuances of incident response in AWS.

The attack surface is bigger than ever before, and it’s only going to keep growing. As the hybrid work model puts endpoints in employee homes, IoT devices grow in number and complexity, and the very definition of endpoint itself evolves, the task of seeing into and securing all endpoints in an organization’s environment has grown into a colossal task for already overworked and overtaxed IT teams.

ChatGPT may not be used by all organizations and may even be banned. But that doesn't mean you don't have exposure to the security risks it contains. This post looks at why ChatGPT should be part of your threat landscape.