From Threats to Solutions: Strengthening Digital Resilience
Explore actionable solutions for safeguarding your business against modern digital threats. Learn how to build a secure, resilient infrastructure for long-term protection.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
%term
Path Traversal in 2024 - The year unpacked
Path traversal, also known as directory traversal, occurs when a malicious user manipulates user-supplied data to gain unauthorized access to files and directories. Typically the attacker will be trying to access logs and credentials that are in different directories. Path traversal is not a new vulnerability and has been actively exploited since the 90s when web servers gained popularity, many relied on Common Gateway Interface (CGI) scripts to execute dynamic server-side content.
How to Boost Mobile Security Across International Borders
Today, our smartphones store a wealth of personal and financial information, which can be especially vulnerable when traveling internationally. When traveling, your device is more vulnerable to increased surveillance, hacking attempts, and theft. The solution is straightforward: take as many precautions as possible to safeguard your device.
FAQ: What Steps Can You Take to Speed Up ISO 27001?
ISO 27001 is one of the most important security frameworks in the world. Any business that wants to operate internationally, especially if they have contracts with certified brands or international governments, or they want to open the door to those contracts, will need to achieve ISO 27001 certification. There’s just one problem: it can take a long time to achieve. How long?
Upping An Offensive Security Game Plan with Pen Testing as a Service
While most security professionals recognize the value of penetration testing, they too often conduct pen tests only sporadically – maybe quarterly at best. Pen Testing as a Service (PTaaS) is a way to change that equation, enabling companies to conduct pen tests more regularly, or whenever a particular need arises. That’s important because of the crucial role pen testing plays in providing offensive security –finding problems before bad actors do.
Bypassing the Bypass: Detecting Okta Classic Application Sign-On Policy Evasion
In September 27, 2024, Okta disclosed a critical vulnerability affecting their Classic environment that created a concerning security gap in identity protection. The vulnerability, active since July 17, 2024, allowed attackers with valid credentials to bypass application-specific sign-on policies by simply modifying their user-agent string.
CosmicSting: A Critical XXE Vulnerability in Adobe Commerce and Magento (CVE-2024-34102)
The e-commerce world was recently shaken by the discovery of a vulnerability in Adobe Commerce and Magento, two of the most widely used e-commerce platforms. Dubbed "CosmicSting" and designated as CVE-2024-34102, this vulnerability exposes millions of online stores to potential remote code execution and data exfiltration risks.
Privileged Access for Modern Infrastructure: The Top Four Challenges
As organizations have transitioned from legacy IT infrastructure to cloud-native, ephemeral modern infrastructure, the needs of how privileged access is handled have shifted, too. Modern infrastructure presents unique challenges that legacy Privileged Access Management (PAM) tools, originally architected for more static environments, weren’t designed to handle. In this post, we explore why characteristics of modern infrastructure require a modern approach to PAM.
How Does Incognito Mode Work?
Incognito mode, also known as private browsing mode, stops your web browser from saving your browsing history on your device. By turning on incognito mode, you can browse the internet with the assurance that closing incognito mode will erase your cookies and data. Incognito mode also logs you out of your online accounts, which is useful if you’re sharing a device with others and want to maintain your privacy.
The Future (and Present) of the Internet, AI, and Tech with Nicholas Thompson
This week, host João Tomé is joined by Nicholas Thompson, CEO of The Atlantic and former editor-in-chief of Wired, during his participation at Web Summit, the international event held in Lisbon with over 70,000 attendees. In this conversation, Thompson discusses the Internet, AI, social media, and the challenge of protecting content creators from AI crawlers—a problem Cloudflare’s AI Audit is designed to address. We also explore the 2024 media landscape, its future, and its role in supporting democracy.