Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

Multiple vulnerabilities discovered in Pyrescom Termod4 smart device

The Internet of things, cyber-physical systems, smart offices, smart homes. We are getting accustomed to these ‘smart’ concepts; lights turn off automatically when you leave home. Your car drives you, instead of the other way around and you quickly scan your access badge to check-in at work. All the little conveniences that make our lives easier, our work more enjoyable and ever so slightly improves our lives… Until they bite you in the behind.

Price scraping: How does it work and who is at risk?

Scraper bots are commonly used to acquire prices and content from websites for competitive advantage. Aggressive scraper bot activity slows down websites for customers, resulting in a bad user experience that costs the retailer revenue as frustrated customers are driven to competitors, while exposing vital pricing data.

How to Use Workplace Investigation Software

Human Resources departments are typically tasked with conducting workplace investigations into allegations of misconduct or criminal activity. Every complaint or allegation has the potential to turn into a lawsuit or criminal case, which is why it’s so important to conduct thorough investigations to find out exactly what happened. Having the right tools can make it far easier for Human Resources departments to uncover the truth.

Hacking Pandemic Workplace Isolation to Enhance Collaboration

Since the onset of the pandemic, many workplaces were suddenly merged into home spaces. In my case, my bedroom became my office. In this new mode of working, what I missed the most is the office chatter and the water cooler conversations which often lead to some brilliant ideas for a new project or design solutions to a technical problem.

Lessons Learned from the SolarWinds Hack

Supply chain attacks are one of the trickier challenges for organizations to defend against since they undermine our trust in otherwise trusted systems that we depend on for running our software and protecting our data. If an adversary is able to successfully compromise a key component of a popular supply chain product, the impact can be widely felt by many organizations.

Serverless computing: Is it worth the risk?

A new trend for developers is emerging, as many companies shift towards using serverless computing. The name is a bit misleading, as serverless computing still relies on servers for storing data, but those who use serverless computing leave the maintenance of the server to their provider. They pay only for the storage needed to execute the code they develop.

Open Source Licenses in 2021: Trends and Predictions

As this year comes to a close, it is a good time to take a look at the trends of open source license usage in 2020 and compare them to previous years. Our research team has collected information from the WhiteSource database, which includes more than 4 million open source packages and 130 million open source files covering over 200 programming languages, to learn which were the most popular open source licenses in 2020.

iOS App Security: 6 Ways How Apple Protects the User's Data

Apple loves bragging about how secure their devices are. Not without reason: there are lots of security features you probably use daily, including code autofill, password reuse auditing, Safari built-in privacy, and many more. Same for developers. For example, Apple doesn't release their source code to app developers for security reasons. And the owners of iOS devices can't modify the code on their phones themselves.

Identify, prioritize, and fix vulnerabilities with Reachable Vulnerabilities for GitHub

Imagine you are a Java programmer and that you just decided you want to use Snyk Open Source scanning to help you find security problems in your third party libraries. Good call! However, after connecting your repository to the Snyk Open Source scanner, you find out that you have ten or maybe even 50 vulnerabilities in the packages you depend on. The major question is: where do I start?

How to detect sudo's CVE-2021-3156 using Falco

A recent privilege escalation heap overflow vulnerability (CVSS 7.8), CVE-2021-3156, has been found in sudo. sudo is a powerful utility built in almost all Unix-like based OSes. This includes Linux distributions, like Ubuntu 20 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2). This popular tool allows users to run commands with other user privileges.