Over the past several years, hackers have gone from targeting only companies to also targeting their supply chain. One area of particular vulnerability is company software supply chains, which are becoming an increasingly common method of gaining access to valuable business information. A study by Gartner predicted that by 2025, 45% of companies will have experienced a supply chain attack.

Before we dive into the details of this vulnerability, we want to make it clear that there’s no need for panic. Many systems permit the use of various types of code in configuration files, and there are legitimate use cases to include string and variable interpolation in the configuration of applications and systems. This is not Log4Shell all over again. This is simple configuration manipulation.

Read also: Google fixed a zero-day vulnerability in Chrome browser, Marriott fell a victim of cyber extortionists, and more.

Cryptographic Failures are a major security problem. They can lead to data breaches, identity theft, and other serious problems. The Open Web Application Security Project (OWASP) has identified ten major failures. These failures can be divided into three categories: Cryptographic design flaws, cryptographic implementation errors and cryptographic key management.

The curl vulnerability shows how we produced timely information by combing through source code commits in open source projects.

Webhooks are one of the best ways to transfer information about occasional events from one system to another. In contrast to methods like HTTP polling — which involves the client repeatedly asking for information from the server — webhooks are triggered by events. This makes them simple and effective. A client can subscribe to a webhook to send a message to an endpoint whenever a specific event happens.

In the OT space it is increasingly common to see devices that are used to bridge the gap between the world of PLCs and IP based networks. These types of devices are commonly referred to as ‘smart-devices’. While smart-devices offer the convenience of remote management, this functionality also may create potential weaknesses exploitable by threat actors as well, and practical exploitation of such flaws is being witnessed in the wild.

The world of healthcare has gone digital. Records can now be transferred anywhere they are needed, from hospital to hospital, or even directly to the patient’s email inbox. While the digitalization of healthcare records is extremely convenient but it is now equally dangerous. These sensitive PHI data are exposed to various forms of cyber threats and vulnerabilities.

The OWASP API Security Top 10 list highlights the most critical API security risks to web applications. Shifting security left means that API security can’t be left only to security teams. Developers need to be on top of potential vulnerabilities and remediate them as they develop. Building security into DevOps means we need to be thinking about how to deliver secure, high-quality code at velocity. Having some basic API security info under your belt will help.

Typically, when a web app needs something from an external server, the client sends a request to that server, the server responds, and the connection is subsequently closed. Consider a web app that shows stock prices. The client must repeatedly request updated prices from the server to provide the latest prices.