Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As digital threats evolve, safeguarding sensitive data has become more important than ever, especially for businesses using removable storage devices like USB drives. While these external devices boost productivity, they also increase the risk of data breaches if not properly managed. Unprotected peripheral ports serve as unguarded entry points for data thieves and malicious software, highlighting the critical need to secure these access interfaces.

Phishing attacks occur when cybercriminals trick their victims into sharing personal information, such as passwords or credit card numbers, by pretending to be someone they’re not. Artificial Intelligence (AI) has made it easier for cybercriminals to carry out phishing attacks by writing believable phishing messages, mimicking people’s voices, researching targets and creating deepfakes.

So far in 2024, many major companies have fallen victim to credential stuffing attacks. Some of these notable credential stuffing victims include Roku, Okta, General Motors and Levi’s. Credential stuffing attacks occur when a cybercriminal uses stolen login credentials to attempt to log in to multiple accounts simultaneously. Since many people reuse their passwords, cybercriminals can use stolen credentials to sign in to many accounts, compromising employee, customer and organizational data.

Developers are constantly exploring new technologies that can improve the performance, flexibility, and usability of applications. GraphQL is one such technology that has gained significant attention for its ability to fetch data efficiently. Unlike the traditional REST API, which requires multiple round trips to the server to gather various pieces of data, GraphQL allows developers to retrieve all the needed data in a single request.

Discover how UEM strengthens device management efforts and how endpoint management is evolving to meet modern endpoint security needs.

This guide for IT and security professionals shows how to detect that the CrowdStrike agent is installed and properly configured, using either vanilla osquery or 1Password Extended Access Management.

In emergency situations, 1Password Extended Access Management can get devices patched faster than MDM alone.

On February 28, 2024, our team of pentesters at Astra discovered a critical stored cross-site scripting (XSS) vulnerability in the Personal Management System by Volmarg. This web-based tool helps you create to-do lists, take notes, and manage files in a convenient dashboard.

A critical security flaw has been discovered in SPIP, a popular open-source content management system (CMS). This flaw, identified as CVE-2024-8517, stems from a command injection issue in the BigUp plugin. The vulnerability allows attackers to execute arbitrary OS commands remotely and without authentication, simply by sending a malicious multipart file upload HTTP request. This blog will explore the details of this vulnerability, its potential impacts, and the essential steps for mitigation.

The State of Application Security report shows that over 2.37 billion attacks were blocked on AppTrana WAAP from April 1, 2024, to June 30, 2024. Attacks targeting vulnerabilities surged by 1,200% in Q2 2024 compared to last year, an alarming fact. This sharp rise highlights that vulnerabilities are the prime target. Moreover, they are now easily exploitable thanks to readily available scripts on known vulnerabilities. This could be because of rapid adoption of AI and LLM models even among hackers.