Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the dynamic sphere of digital security, facial recognition technology stands at the forefront, playing a pivotal role in authentication, identification, and verification processes. Advanced software solutions, including facial recognition programs, face identification software, and facial recognition AI, are revolutionizing online security paradigms. This comprehensive exploration aims to delve deep into the fundamental elements that define efficient online facial recognition software.

EPSS is a relatively recent addition to the world of freely available security scoring systems. While it’s not without its flaws and limitations, EPSS can be a powerful predictor of exploits to come and a useful tool in your arsenal, as long as you wield it correctly.

ID badges are a two-edged sword, providing security and convenience on one hand, but risking exposure of sensitive data on the other.

A fresh entrant, “Exodus,” has recently emerged on the dark web scene, positioning itself to potentially become one of the key players in the info stealer logs marketplaces. Launched in January 2024, it quickly began to draw attention by mid-February on several dark web forums for its potential to become a significant player, alongside established names like Russian Market and 2easy Shop.

The thriving online marketplace holds boundless opportunities for businesses and consumers. But lurking beneath the surface of convenient digital transactions is a persistent threat: ecommerce fraud. Consider the unsuspecting customer who stumbles upon what looks like your online store, snags a coveted deal, and enters their payment details—only to find out later that a fraudster has stolen their financial data from a spoofed website.

There are times where being unusual is a good thing - unconventional thinking can lead to innovation in industry, science and culture, enabling everyone from businesses to artists to stand out from the pack. The Splunk App for Behavioral Profiling (SABP) helps users tackle the other kind of unusual - the bad kind.

The Iranian government has made the claim that a cyber threat group, identified as Gonjeshke Darande or "Predatory Sparrow" in Persian, is linked to Israel and has taken responsibility for the disruption of gasoline pumps throughout Iran on December 18, 2023. Gonjeshke Darande’s (Predatory Sparrow) Telegram channel statement claiming an attack against Iranian gas pumps. In many instances, statements and claims of this nature often prove to be unsubstantiated.

A week before my 15th birthday in September 2023, and quite coincidentally in time for my favorite phone's 15th iteration (cough cough, parents, hint hint), AT&T along with AST-Science successfully made a call. Well, in the 21st century that’s not very “Mr. Watson, come here. I want to see you.”, but this call was on another level, or as one could say, out of this world!

On December 20, 2023, NIST updated a CVE to reflect a new path traversal vulnerability in struts-core. This is CVE-2023-50164, also listed on the Snyk Vulnerability database, with 9.8 critical severity CVSS. If you’ve been doing cybersecurity long enough, you remember the 2017 Equifax breach, which also took place due to an unpatched Struts vulnerability. In this post, I outline the issue, discuss its severity, walk you through a proof-of-concept exploit, and provide remediation advice.

In this first in a series of articles looking at how to remediate common flaws using Veracode Fix – Veracode’s AI security remediation assistant, we will look at finding and fixing one of the most common and persistent flaw types – an SQL injection attack. An SQL injection attack is a malicious exploit where an attacker injects unauthorized SQL code into input fields of a web application, aiming to manipulate the application's database.