During a recent customer engagement, we encountered an interesting situation. The customer had raised concerns about a Java XXE (XML External Entity) vulnerability that had left their developers puzzled. Notably, their Static Application Security Testing (SAST) scans consistently identified this as a potential vulnerability.

As Cybersecurity Awareness Month winds down and you prepare for Halloween festivities like trick-or-treating and pumpkin carving, don't forget to protect against real-world monsters: artificial intelligence-driven cyber threats. Here are a few steps that may help ward off such threats like garlic protects against Dracula: Taking precautionary steps against them may keep the real monsters at bay!

Over the past decade, ThreatQuotient has dedicated itself to the task of transforming obscure digital threat data into actionable intelligence. Throughout this period, we’ve earned the trust of our partners and customers, forging strong relationships with each of them. Each team we’ve encountered in the field has brought unique insights, skill sets, perspectives, and ideas, significantly influencing our approach and perception of the ever-evolving threat landscape.

This month's release rollup includes product updates and enhancements from Egnyte such as the introduction of the Egnyte Document Room, E2E Connector, and Co-editable links for Google files. Below is a summary of these and other new releases. Visit the linked articles for more details. ‍ Featured Platform Enhancements and Releases Egnyte Document Room: The Egnyte Document Room is a secure hub for sharing sensitive information.

In terms of financial and reputational impact, a data breach is one of the most serious security challenges an organisation can experience. Kroll’s 2021 Data Breach Outlook report states that the pattern of data attacks becoming broader and deeper during the pandemic has continued, even during the recovery phase. With the volume of data breaches continuing to increase, it is essential that organisations take steps to prepare their incident response before they are affected by a breach.

NjRAT (also known as Bladabindi) malware is a Remote Access Trojan (RAT) that was first discovered in 2012. This malware strain has persisted in the threat landscape up to the present day, most recently earning notoriety for its active campaigns against agencies and organizations located in the Middle East and North Africa. Upon successful infiltration into a target host or system, NjRAT can allow the attacker to remotely access and exercise control over the compromised system.

We close out Cybersecurity Awareness Month for 2023 with a few final points that show that a company's security is a team sport, one in which everyone must participate. As noted in Trustwave SpiderLabs recent report, 2023 Financial Services Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies, phishing is one of the most effective methods attackers use to gain an initial foothold in financial services organizations.

Learn how to enhance secrets manager security with GitGuardian Honeytoken. Strengthen your system's security and protect your critical assets effectively.

In this episode of The Future of Security Operations podcast, Thomas interviews industry veteran Dmitriy Sokolovskiy. Dmitriy is a founding member of (ISC)2 Eastern Massachusetts Chapter, and has over 25 years of experience in the security industry, having led teams at Putnam Investments, CyberArk, and, most recently, Avid. He’s a mentor and advisor to several successful startups and sits on the advisory board of companies like Audience 1st.

Over 75% of all cybercrimes primarily target web applications and their vulnerabilities. Attackers focus on exploiting weaknesses such as design flaws, vulnerabilities in APIs, open-source code, third-party widget issues, and access control problems. A recent study predicts that all this cybercrime will cost a massive $5.2 trillion by 2024 across all industries. How do you protect your web application from all the risks out there? Here is a go-to web app security checklist to get started.