Vulnerability scanning doesn't just alert you to your network's weaknesses. Here's how it can help identify various threats, prevent attacks and mitigate risk.

The recent OpenSSH double-free vulnerability – CVE-2023-25136, created a lot of interest and confusion regarding OpenSSH’s custom security mechanisms – Sandbox and Privilege Separation. Until now, both of these security mechanisms were somewhat unnoticed and only partially documented. The double-free vulnerability raised interest for those who were affected and those controlling servers that use OpenSSH.

Cross-Site Scripting (XSS) is a type of vulnerability that involves manipulating user interaction with a web application to compromise a user's browser environment. These vulnerabilities can affect many web apps, including those built with modern frameworks such as Django. Since XSS attacks are so prevalent, it's essential to safeguard your applications against them. This guide discusses how XSS vulnerabilities originate in Django apps and what you can do to mitigate them.

The United States Department of Defense (DoD) discovered in February that one of its servers had been sharing U.S. military emails openly on the internet for over two weeks without anyone noticing. This vulnerability affected U.S. Special Operations Command and other DoD customers. Shockingly, plain-text email conversations were exposed and accessible to anyone who knew the IP address of the unsecured server.

The OWASP API project has recently decided to refresh the popular API Security Top 10 threat map. The team at Salt Security has always been actively involved in this project, having been a key contributor to the initial creation of the list. And we continue to be deeply involved in the thinking process, data gathering, and brainstorming in updating it. As of the writing of this post, the final version of API Security Top 10 2023 has not been officially released.

The process of detecting, analyzing, and prioritizing vulnerabilities found through vulnerability assessments is an essential part of maintaining cyber security. Cyber security assessment services that provide vulnerability assessments are highly sought after with the increasing number of threats in the cyber world.

Reliable electricity is essential to the convenience of modern life, and also functions as a crucial contribution to America’s economy and level of comfort. Yet citizens take it for granted, rarely thinking about it much.

On Tuesday, March 7, 2023, Fortinet published a security advisory detailing an unauthenticated remote code execution vulnerability affecting FortiOS and FortiProxy (CVE-2023-25610). The vulnerability was internally discovered by Fortinet, and exploitation has not been observed in the wild at this time. A proof of concept (PoC) exploit has not been published publicly for this vulnerability at this time.

True to its theme ‘Cyber Resilience’, our recent cyber security gathering was able to dissect the fast-moving threat landscape with insights and information nuggets from a panel of security experts and practitioners on the shortcomings and the need for better use of threat intelligence. Here are five takeaways from the Cyber Resilience Day in Breda co-hosted with our customer CM.com and a panel of cybersecurity experts.