NicheStack is a TCP/IP network stack commonly used in millions of Operational Technology (OT) devices around the world, including in critical infrastructure such as manufacturing plants, power generation/transmission/distribution, water treatment, and more. JFrog’s security research team (formerly Vdoo), together with Forescout Research Labs, recently discovered 14 new security vulnerabilities affecting the NicheStack TCP/IP stack.
There are multiple advantages of outsourced networking monitoring. No matter your organization’s size, it’s vitally important to protect the data that can be accessed inside and outside of the perimeter.
Open Policy Agent (OPA) is rapidly becoming a cornerstone in the management and maintenance of secure and compliant systems that align with industry and organizational best practices. As more organizations begin — or continue — their cloud-native digital transformation, the importance of policy-as-code only increases. Sometimes, though, becoming an expert in yet another tool or language isn’t in the cards.
Vulnerability scan reports are requested from a wide variety of people or entities for many different reasons. Historically a report meant a static snapshot of the scan data. Some company stakeholders may want an executive overview of the current vulnerabilities present in their environment. In contrast, others may want additional data points such as trending to reflect how well they have made progress in remediating previous vulnerability scans detected.
I previously talked about how to get started with a threat intelligence program, which is the cornerstone to any security operation. Such a program enables security teams to gain a deeper understanding of adversaries and their tactics, techniques and procedures (TTPs), in order to determine what is relevant to the organization and how to mitigate risk.
Detectify is expanding its web app fuzzing engine to scan public-facing APIs for vulnerabilities. Earlier in the year, we released a new fuzzing engine, and it was developed with API scanning in mind. In Fall 2021, we will roll out open beta testing. You can register for Detectify API fuzzer updates and beta testing program.
Since our last update in January, there has been an unprecedented amount of activity in the data privacy world. And yes, we probably do say that every time! New laws have passed in Virginia and Colorado. The UK’s post-Brexit EU adequacy was confirmed. Plus of course, the EU’s significant changes to Standard Contractual Clauses and the reawakening of the debates over Identity Verification, especially in the context of social media.
