Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Understanding CVE-2024-50340 - Remote Access to Symfony Profiler

According to security researcher nol_tech CVE-2024–50340 is a critical vulnerability (CVSS: 7.3) affecting Symfony applications when the PHP directive register_argc_argv is enabled. By appending ?+--env=dev to a URL, attackers can force the application into the dev environment, granting remote access to the Symfony profiler. This exposure can lead to the leaking of sensitive information and potentially executing arbitrary code.

The Difference Between Cybersecurity AI and Machine Learning

In what feels like 10 minutes, cybersecurity AI and machine learning (ML) have gone from a concept pioneered by a handful of companies, including SenseOn, to a technology that is seemingly everywhere. In a recent SenseOn survey, over 80% of IT teams told us they think that tools that use AI would be the most impactful investment their security operations centre (SOC) could make.

Threat intelligence feeds: essential arsenal in cybersecurity

Cyber threats are relentless, sophisticated, and growing. To stay ahead, you can no longer treat threat intelligence as an optional tool—it’s the backbone of a proactive, defense-ready strategy. Threat intelligence feeds bring crucial insights to security teams, from high-level trends to detailed indicators of compromise (IoCs). But no single feed can capture every potential threat. Threat landscapes evolve rapidly and adversaries employ diverse techniques and targets.

ICS Security Is a Team Sport

As we discussed in the first article in this series, there are many Internet-exposed control systems, but they are very different from traditional IT systems and require a different security approach. With these systems being so critical and controlling processes that can potentially lead to loss of life if they fail, what is being done to tackle this issue? In this article I’ll dive into this and more, looking at.

PCI DSS Compliance for SaaS Businesses

PCI DSS is a set of requirements that is applied to every small and large organization that accepts, stores, processes, or transmits cardholder data. In particular, PCI DSS for SaaS companies is essential, as these platforms frequently handle sensitive customer information and must adhere to the latest security standards. In 2024, the updated version of PCI DSS 3.2.1, PCI DSS v4.0, became mandatory after being officially released on March 31, 2022, allowing organizations a transition period.

Containing a security incident in 2 minutes with Tines Workbench

We’ve all heard about the exciting potential of AI, but in reality, it comes with many challenges, especially for security teams. AI’s impact is severely limited by security and privacy risks, a lack of access to relevant data, and the inability to have AI perform tasks on your behalf. Tines Workbench solves all three of these problems. It’s a Tines-powered AI chat interface that provides secure and private access to proprietary data, and enables real-time action in any tool.

Is Face ID Safe? A Quick Guide to Apple's Facial Recognition

You may be relieved to know that more and more companies are offering ways to log in to our accounts or save our credentials without having to remember hundreds of passwords. The benefit for us is that we can easily log in to our accounts without resetting forgotten passwords, and our accounts are more secure than ever with more advanced ways to access them. One way we can access our accounts securely is face ID, but many people are concerned about this new technology. Is face ID safe? Is it secure?