Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Dynamic Application Security Testing (DAST): An Overview

Dynamic Application Security Testing (DAST) is an advanced testing method that tests the production environment and analyzes application security at runtime. This type of black box testing identifies real-world vulnerabilities externally without much need for insights into the product provenance of any single component. By simulating real-world attacks in your system, DAST identifies critical security gaps that other vulnerability assessments and static methods might miss.

New 1Password SIEM integrations with Rapid7, Blumira, and Stellar Cyber

Spend less time collating security reports and investigating security issues by creating integrated, customizable dashboards with data from 1Password. The new Rapid7, Blumira, and Stellar Cyber integrations for 1Password allow you to monitor potential risks around company data or credentials stored within 1Password.

CVE-2024-20439 & CVE-2024-20440: Critical Cisco Smart Licensing Utility Vulnerabilities

On September 4, 2024, Cisco released fixes for two critical vulnerabilities in Cisco Smart Licensing Utility (CSLU), a tool used to manage licenses across Cisco products in a network. Cisco has stated that these vulnerabilities are only exploitable if the Smart Licensing Utility is actively running and has been started by a user. Note: These vulnerabilities do not impact Cisco’s Smart Software Manager On-Prem or Satellite.

CVE-2024-7261: Critical OS Command Injection Vulnerability in Zyxel APs and Security Routers

On September 3, 2024, Zyxel released patches for a critical OS command injection vulnerability, identified as CVE-2024-7261, affecting Access Points (APs) and security routers. This vulnerability stems from improper handling of special elements in the “host” parameter within the CGI program of certain AP and router versions, potentially allowing an unauthenticated attacker to execute OS commands by sending a specially crafted cookie to the vulnerable device.

Key considerations for digital asset startups: Custody and beyond

Blockchain technology continues to grow in prominence, and as it expands, a wide range of businesses are looking to develop digital asset products. At the same time, many startups are launching with digital assets at the center of their businesses. If you are running a digital asset business or building a blockchain product, it’s important to consider what type of custody management solution will best support your business.

A Comprehensive Guide to X-Powered-By Header

An X-Powered-By header is a type of HTTP response in the header field (most headers prefixed with an ‘X-‘ are non-standard) that informs the user which technology stack or framework is running on the web server. For example, if a web server is running Node.js, the header would be “X-Powered-By:Express”, which indicates an Express framework is being used.

Lost in Translation: Vulnerability Management Communication Gaps

Vulnerability management is absolutely critical to protecting an organization’s IT and cloud infrastructure, systems, or applications from incoming threats. The ability to remediate the most relevant vulnerabilities quickly is the only way to keep your perimeter safe. Yet, security teams struggle with managing vulnerabilities. Why? At the core lies a fundamental communication and collaboration problem.