Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

September 2024

indusface

How do Compliance Regulations Drive Application Security?

Sep 27, 2024 By Vinugayathri Chinnasamy In Indusface
A zero-day flaw in MOVEit software exposed the data of 66.4 million individuals, revealing businesses are increasingly vulnerable to cyberattacks. Applications, which manage sensitive data, are prime targets for these threats. Compliance regulations recognize the risks and establish guidelines aimed at ensuring applications meet data protection, privacy, and overall security. PCI DSS v4.0 for example introduces 64 new requirements including strict security measures to protect public-facing applications.
Read Post

17 Best Cloud WAAP & WAF Software in 2024

Sep 26, 2024 By Indusface In Indusface
WAAP encompasses a comprehensive suite of tools, technologies, and practices that detect, prevent, and mitigate attacks, such as cross-site scripting (XSS), SQL injection, and API abuse. By implementing a robust WAAP, organizations can fortify their applications and APIs, safeguard sensitive data, and uphold the trust of their users in an ever-evolving threat landscape. Examine the functionality and effectiveness of the leading WAAP & WAF software, along with their key features, reviews, ratings, and insights into who they are best suited for.
View Video
indusface

CVE-2024-8190 - OS Command Injection in Ivanti CSA

Sep 24, 2024 By Pavithra Hanchagaiah In Indusface
A high severity OS command injection vulnerability, CVE-2024-8190, has been found in Ivanti Cloud Services Appliance (CSA) versions 4.6 Patch 518 and earlier. This flaw allows attackers with admin access to remotely execute malicious commands, potentially taking full control of the system. Ivanti has already released updates, but this command injection vulnerability is actively exploited in the wild, making immediate action critical.
Read Post
indusface

Top 8 Vulnerability Management Challenges and How to Overcome Them

Sep 13, 2024 By Vinugayathri Chinnasamy In Indusface
The State of Application Security report shows that over 2.37 billion attacks were blocked on AppTrana WAAP from April 1, 2024, to June 30, 2024. Attacks targeting vulnerabilities surged by 1,200% in Q2 2024 compared to last year, an alarming fact. This sharp rise highlights that vulnerabilities are the prime target. Moreover, they are now easily exploitable thanks to readily available scripts on known vulnerabilities. This could be because of rapid adoption of AI and LLM models even among hackers.
Read Post
indusface

CVE-2024-8517 - Unauthenticated Remote Code Execution in SPIP

Sep 13, 2024 By Pavithra Hanchagaiah In Indusface
A critical security flaw has been discovered in SPIP, a popular open-source content management system (CMS). This flaw, identified as CVE-2024-8517, stems from a command injection issue in the BigUp plugin. The vulnerability allows attackers to execute arbitrary OS commands remotely and without authentication, simply by sending a malicious multipart file upload HTTP request. This blog will explore the details of this vulnerability, its potential impacts, and the essential steps for mitigation.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.