Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Get Android & iOS App Penetration Testing Checklists with OWASP Mobile Top 10 Securing mobile applications poses distinct challenges compared to websites. Mobile apps require specialized attention with risks ranging from secure data transfer to device-specific vulnerabilities. Businesses need the right resources and guidance to protect their mobile applications. The OWASP Mobile Top 10 is a good starting point as it outlines the risks and provides actionable tips for mitigating risks.

Web applications serve as the backbone of business operations, and the rise in cyber threats has put a spotlight on vulnerabilities that can compromise the integrity and confidentiality of web applications. But where to start? Security frameworks can help security and development teams understand the top risks and how to harden their applications against them, while guiding technical professionals on how to protect their applications against attacks.

It’s time to recognize official security vulnerability catalog systems aren’t enough. There are too many gaps in the named security vulnerability process. And plenty of vulnerabilities do not receive the attention they deserve. Some vendors silently patch issues while others leave vulnerabilities in a reserved state. There is not one source of information that contains every vulnerability being exploited. The result?

In today's digital and interconnected era, the healthcare sector operates in a landscape of security risks. In 2023 alone, the number of vulnerabilities uncovered in medical devices jumped by 59% to 993 issues. Consequently, the U.S. Food and Drug Administration (FDA), the European Commission, and other governmental agencies have issued cybersecurity guidelines for medical devices. Many of these guidelines advocate for fuzz testing as a means of vulnerability detection.

This month we dive into CVE-2024-27198 for JetBrains TeamCity and the controversy surrounding the patching process that contributed to it being exploited in the wild.

CVE-2024-3094 is a critical backdoor vulnerability found in the XZ Utils open-source library. The vulnerability was caused by a malicious code injected into the library by one of the maintainers. The vulnerability allows remote attackers to execute any desired code on systems with exposed SSH packages.