Vulns Unleashed: Dompdf
During this live stream, we explored the vulnerability known as Dompdf. We looked at what DomPDF is, how DomPDF makes your applications vulnerable, and most importantly what you can do to protect yourself.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Security
Introducing the Ransomware Content Browser
Splunk SURGe recently released a whitepaper, blog and video that outline the encryption speeds of 10 different ransomware families. The outcome of this research was that it is unlikely that a defender will be able to do anything once the encryption has started. Ransomware today is also mostly “human-operated” where many systems are sought out and compromised before any encryption activities occur and, once they do, the encryption is just too fast to meaningfully affect the damage done.
GDPR ARTICLE 14: Where did you get my personal data?
Articles 13 and 14 of the GDPR state that information must be provided where personal data has been obtained directly from a data subject, or where personal data has not been collected directly from the data subject, respectively.
6 Ways to Manage Regulatory Risk in Cybersecurity
Keeping up with ever-changing regulatory requirements for cybersecurity can prove difficult for many organizations, which may unknowingly become non-compliant if they fail to adapt to new laws and regulations. Healthcare organizations and financial services must be even more vigilant with compliance. Both sectors are subject to even stricter requirements due to the large quantities of personally identifiable information (PII) they manage.
Black Hat USA 2022: Key Highlights
Arriving at the keynote hall for Black Hat 2022, I was immediately struck by the size of the crowd – after the seemingly endless pandemic hiatus, the cyber industry had come out in force. The mood was one of enthusiasm, and the entire place reverberated with the vibrancy of reunion. It was a great event for the industry – and for HelpSystems – and a few things stuck out.
Financial Services Organizations Have Fewer Security Flaws in Applications
According to our most recent State of Software Security Report, the financial services industry has fewer security flaws in its applications than last year. Great news, right? That said, the reduction in security flaws isn’t as significant as we would hope to see. The financial services industry has traditionally been recognized for having the least amount of security flaws.
The 443 Podcast Episode 206 - 2022 Black Hat and Def Con Recap
This week on the podcast we review our time at this year's Black Hat and Def Con cybersecurity conferences in Las Vegas. We'll cover how the WatchGuard CTF contest went this year and discuss takeaways from a few of the briefings we attended. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.
Email and cybersecurity: Fraudsters are knocking
Can you remember your first email? Either sending one, or receiving it? I certainly remember explaining to people what email was, and I also remember someone telling me they could live without their email server for “about a month before it becomes a problem”. Can you imagine that now? A month without email?
Rubrik and GraphQL - Episode 3 - GraphQL Mutations
Mutations within GraphQL are simply queries that modify or change data within the target platform. In this episode, we will cover some of the various mutations available within the Rubrik GraphQL schema, and show you how they can be used to insert, update, or delete data.
Code repository scanning & Container image registry scanning with Kubescape
New exciting Kubescape features have recently landed - Code repository scanning & Container image registry scanning! By enhancing Kubescape's security posture capabilities, you will be able to embed security even earlier in the SDLC (Software Development Lifecycle) and in a broader range of places in your CI/CD pipeline.