The rise of cloud-based software applications has changed the way many companies operate. Leveraging SaaS platforms allows organizations to streamline their workflows and better accommodate remote and hybrid workforces. However, spreading your data throughout the cloud can leave it vulnerable — unless you have strong SaaS security practices in place.

Containerization is now an important tool for businesses that want to make their apps scalable and efficient. A lot of people use Kubernetes because it can easily manage containers in many different environments. It is the best open-source platform for handling containerized workloads and services. But Kubernetes systems can be hard to manage and keep an eye on because they are spread out and have changing workloads.

Elastic Security Labs discovers that threat actors are taking advantage of readily available abused security tools and misconfigured environments. Elastic Security Labs has released the 2024 Elastic Global Threat Report, surfacing the most pressing threats, trends, and recommendations to help keep organizations safe for the upcoming year. Threat actors are finding success from the use of offensive security tools (OSTs), a misconfiguration of cloud environments, and a growing emphasis on Credential Access.

Most modern applications contain a substantial number of open source packages, libraries, and frameworks. In fact, it's estimated that at least 80% of the source code in modern applications is from open source. In addition to relying heavily on commodity components to build applications, development teams often deploy these apps and services via community-sourced container base images.

We are thrilled to announce that, thanks to your support and trust, Veracode has been recognized as a Customers' Choice in the 2024 Gartner Peer Insights Voice of the Customer for Application Security Testing for the fifth consecutive year! We believe this distinction is not just a testament to our solutions and services but, more importantly, a reflection of the strong partnerships we have formed with each of you.

If you’re a pentester, or a consumer of application security pentest reports, you’ll probably have come across Cross-Origin Resource Sharing (CORS) and its commonly associated misconfigurations. In either case, you’ll likely have quickly dismissed the finding because it resulted in yet another “recommendation” (a vulnerability without any impact).

The criminal prosecution of the threat actors behind the "OTP Agency" has highlighted an ingenious new tactic that cybercriminals can use to bypass multi-factor authentication. The OTP Agency launched back in November of 2019. Their service was simple: if you have a compromised credential, their service would call the credential owner and pose as the website the account was for citing fraudulent activity, and ask the owner to verify themselves by providing the one-time password (OTP) sent to them via SMS.

Network security is no longer a luxury but a necessity in the world that is going digital, and Network based Intrusion Detection Systems (NIDS) have become one of the major parts of securing your system. NIDS is like a loyal watchdog that keeps looking into the traffic across the network. But what are the cybersecurity basics behind network intrusion detection? At its core, you need to understand that Network-based Intrusion Detection Systems monitors incoming and outgoing network traffic in real time.

CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine. The National Institute of Standards and Technology (NIST) has not yet evaluated this vulnerability’s CVSS score but HashiCorp assigned it a base score of 7.5 (high). An outside security researcher, Jörn Heissler, discovered an issue with the valid_principals field in Vault’s SSH secrets engine.

Have you ever stopped to consider all of the components that comprise a working automobile? Even a cursory examination reveals more parts than might be considered when we turn the ignition key. However, many of these components are useless when detached from the full product. A steering wheel without a car is not exactly an efficient mode of transportation.