Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Vulnerability
An In-Depth Guide to How Vulnerability Scanning Works?
Vulnerability scanning is the process of evaluating web and mobile applications, APIs consumed by them, or systems, networks, and cloud infrastructures to identify vulnerabilities. It involves using automated tools trained to scan for known CVEs, misconfigurations, and potential attack vectors.
Broken Access Control in Committee Management System
On 24 September 2024, the security researchers at Astra discovered a critical broken access control vulnerability in the Class Committee Management System, an open-source project. The web-based system allows users to manage files, schedule meetings, generate reports, and access other management features. A broken access control vulnerability occurs when the application does not enforce proper permissions and restrictions.
Holiday Scam Season: Turning Vulnerabilities into Long-Term Resilience
More transactions, less vigilant consumers, and countless digital impersonators ready to exploit them – for scam-targeted industries and cyber teams, the holiday season is a full-spectrum stress test. Those who pass with flying colors have likely adopted key reinforcements that adapt posture for the era of off-the-shelf social engineering scams assisted by AI. Those that don’t are likely still reliant on outdated solutions and customer education.
Separating the Signal from the Noise During Vulnerability Prioritization
Amir Kessler provides his perspective on prioritizing vulnerabilities based on their runtime and business context.
If you don't know about HTTP Archive's Web Almanac yet, you should!
Most, if not all, of us in the software development space have benefitted from community-driven projects at some point. We’ve tapped into open source libraries, searched for advice on Reddit, and posted our seemingly unsolvable questions on Stack Overflow. But you might be missing out on a community project that especially excites me. It’s the Web Almanac, a collaborative report that provides tons of valuable insights into how people build and use the web.
Critical Infrastructure Security: Preparing for Emerging Threats
Critical infrastructure security can never be overstated in an era when cyberattacks increasingly target modern civilization's backbone. In the past few years, cyberattacks on power grids, transportation systems, and public utilities have highlighted how vulnerable our society is to disruption. A single breach can bring entire regions to a standstill, highlighting the fragility of our interconnected systems.
LOTL Attacks-The Silent Saboteurs in Your Systems
Living Off the Land (LOTL) cyber attacks have become a major headache for cybersecurity professionals. These insidious attacks are getting more sophisticated and widespread, posing serious risks to businesses and even national security. Unlike traditional malware-based attacks, LOTL techniques exploit the very tools and processes that organizations rely on for their daily operations.
Discovering Hidden Vulnerabilities in Portainer with CodeQL
Recently, we researched a project on Portainer, the go-to open-source tool for managing Kubernetes and Docker environments. With more than 30K stars on GitHub, Portainer gives you a user-friendly web interface to deploy and monitor containerized applications easily. Since Portainer is an open-source, we thought CodeQL, an advanced code analysis tool, be a good fit to check its codebase for any security issues.
Lottie Player npm package compromised for crypto wallet theft
On October 31st, 2024, another package compromise and cryptocurrency hijack story unfolded for a popular npm package.