Vulnerability

Solving the CVE puzzle with MITRE ATT&CK and threat intel

Feb 25, 2022 By Simon Roe In Outpost 24

To threat actors, infiltrating an organisation's infrastructure is like a cryptic puzzle they must solve as they seek out vulnerabilities to exploit. By evolving their tactics and techniques, completing the puzzle becomes easier and so does finding common vulnerabilities and exposures (CVEs) to target. As a result, there is a greater call for security teams to go the extra mile with vulnerability remediation efforts by combining threat intelligence with CVE findings and the guidance provided by the MITRE ATT&CK framework to zoom in on the riskiest vulnerabilities.

Read Post

Outpost 24

Read more about Solving the CVE puzzle with MITRE ATT&CK and threat intel

Magento security requires additional patch to fix sanitization vulnerability

Feb 24, 2022 By DeveloperSteve In Snyk

As technology folks, we are often under a lot of pressure to fix some deployed code, update an infrastructure component, or patch some code. Often it’s with little notice and needs to be done 5 minutes ago. The gamble with any “zero turnaround” is the rush to fix now vs. taking the time to test and check.

Read Post

Snyk

Read more about Magento security requires additional patch to fix sanitization vulnerability

CrowdStrike Automates Vulnerability Remediation Processes While Enhancing SecOps Visibility

Feb 23, 2022 By Alyssa Ideboen In CrowdStrike

Adversaries are becoming more adept and sophisticated in their attacks. Taking advantage of vulnerabilities present in major software is often an attractive entry point for establishing a campaign within an enterprise environment. The CrowdStrike 2022 Global Threat Report highlights how adversaries continue to shift tradecraft and weaponize vulnerabilities to evade detection and gain access to critical applications and infrastructure.

Read Post

CrowdStrike

Read more about CrowdStrike Automates Vulnerability Remediation Processes While Enhancing SecOps Visibility

What Is Managed Vulnerability Scanning And Why Do You Need It?

Feb 22, 2022 By Cyphere In Cyphere

Managed Vulnerability Scanning solves the security problem by providing continuous monitoring and protection for your systems, allowing you to keep up-to-date with new threats. In this video, we'll talk about what Managed Vulnerability Testing is, how it works and why you need it!

View Video

Cyphere

Read more about What Is Managed Vulnerability Scanning And Why Do You Need It?

Top 8 Uses Of Website Vulnerability Scanners

Feb 22, 2022 By Indusface In Indusface

The average cost of data breaches in 2021 was USD 4.24 million, the highest figure in at least 17 years. So, proactive, accurate, and effective identification of security vulnerabilities is non-negotiable and offers a solid basis for adequate security. By proactively identifying these vulnerabilities, weaknesses, and flaws in the application, website vulnerability scanner tools bring accuracy and efficiency in web application security.

View Video

Indusface

Read more about Top 8 Uses Of Website Vulnerability Scanners

OWASP Top 10: API Security Threats

Feb 22, 2022 By Indusface In Indusface

It’s no secret that APIs are under attack. Companies are struggling to keep their APIs safe and secure from accidental breaches to malicious hacks. The problem will only worsen as APIs become more complex and more companies rely on them for critical business functions. The security risks increase exponentially. About Indusface: Indusface is a SaaS company that secures critical Web applications of 2000+ global customers using its award-winning platform that integrates Web application scanner, Web application firewall, CDN, and threat information engine.

View Video

Indusface

Read more about OWASP Top 10: API Security Threats

4 Best Practices to Reduce Zero Day Exploits

Feb 22, 2022 By Indusface In Indusface

As cybercrime is rising by the hour, security is a huge concern for everyone today. One of the most effective ways to protect the systems from being hacked is detecting and fixing the vulnerabilities. However, now attackers began to take advantage of security flaws known only to them. Zero-day exploits are very difficult to prepare for as they’re quite unpredictable.

View Video

Indusface

Read more about 4 Best Practices to Reduce Zero Day Exploits

CVE-2022-23628, OPA and Styra DAS

Feb 21, 2022 By Torin Sandall In Styra

CVE-2022-23628 was published last week by the Open Policy Agent (OPA) project maintainers after a user reported unexpected behavior from a policy bundle that was built with optimizations enabled. The problem stemmed from a regression fix in the v0.33.1 release that addressed incorrect pretty-printing of Rego object literals by the `opa fmt` command and the underlying `format` package.

Read Post

Styra

Read more about CVE-2022-23628, OPA and Styra DAS

Conveniently insecure: the tradeoff between security and convenience

Feb 21, 2022 By Martin Jartelius, CSO In Outpost 24

When it comes to making business decisions about new technologies and software adoption into your organization – it’s vital to work with your security team to balance the need for speed without sacrificing security.

Read Post

Outpost 24

Read more about Conveniently insecure: the tradeoff between security and convenience

What you need to know about Log4Shell

Feb 17, 2022 By Emily Davignon In AT&T Cybersecurity

Photo by ThisIsEngineering from Pexels Considered one of the largest exploitable vulnerabilities in history, Log4Shell affects many as Log4J is one of the most extensively used logging libraries. An issue that has existed for almost a decade but just recently was discovered, Log4Shell leaves companies vulnerable to the full extent of these attacks. AT&T Alien Labs blogged about the vulnerability back in December 2021, with more technical detail.

Read Post