Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

Continue Clean-up of Compromised SolarWinds Software

Last week, the United States Cybersecurity & Infrastructure Security Agency (CISA) advised on initial steps to take in response to the SolarWinds software that was compromised by advanced persistent threat actors. While federal agencies were under a deadline to complete certain actions, this issue will require continued clean-up and longer-term efforts to mitigate the threat.

Contact Form 7 (5.3.1 & below) Vulnerable To Unrestricted File Upload

Before you start reading the description, please log in to your WordPress Admin panel & update all the plugins. Contact Form 7 version 5.3.1 and below were found to be vulnerable to unrestricted file upload vulnerability. This issue has been reported by security researchers at Astra Security. By exploiting this vulnerability, attackers could simply upload files of any type, bypassing all restrictions placed regarding the allowed uploadable file types on a website.

State of Software Security v11: The Most Common Security Flaws in Apps

For our annual State of Software Security report, we always look at the most common types of security flaws found in applications. It’s important to look at the various types of flaws present in applications so that application security (AppSec) teams can make decisions about how to address and fix flaws. For example, high-severity flaws, like those listed in OWASP Top 10 or SANS 25, or highly prevalent flaws can be detrimental to an application.

Fix now: Vulnerabilities targeting the FireEye Breach

On Tuesday 8th December in an unprecedented move leading cybersecurity provider FireEye admitted they had been breached and several of their red team tools and scripts had been stolen. In this blog we look at the list of vulnerabilities in these tools and how to protect your organization.

Outpost24 Webinar: Mastering container security in modern day DevOps

Join our webinar as our cloud security expert examines the security challenges that come with container adoption and unpack the key steps required to integrate and automate container assessment into the DevOps cycle to help developers build and deploy cloud native apps at speed whilst keeping one eye on security.

Outpost24 webinar - Protecting Cezanne HR's cloud web application with continuous assessment

Cyberattacks like payroll scams and recruitment fraud are finding their way into organizations via HR which makes protecting your employee data just as important as customer data. Find out how Cezanne HR secure their SaaS application with continuous assessment to help their customers protect employee data. The Cezanne HR SaaS application is used by over 650 organizations across the globe to simplify human resource management. But when it comes to sensitive employee data, customers demand proof of security and need to know that their data is in safe hands. In this webinar John Hixon, R&D Director at Cezanne HR, will share in-depth insights into how he leverages manual pen testing and dynamic application security testing throughout the Software Development Lifecycle (SDLC) to uncover hidden risks in the application and protect their customer data. Join our host Simon Roe, Application Security Product Manager, and John as they discuss the importance of data protection in HR, and how this hybrid continuous assessment approach has helped them secure their business critical apps and maintain ISO certification standards at scale.

Vulnerability Management with ManageEngine Vulnerability Manager Plus

Vulnerability management is the cyclical process of identifying, evaluating, treating, and reporting on threats and vulnerabilities across your network endpoints. In this video, we take an in-depth look at the exhaustive threat and vulnerability management features of ManageEngine Vulnerability Manager Plus.