Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

Exploiting HTTP/2 CONTINUATION frames for DoS attacks

The vulnerability lies in the way HTTP/2 implementations handle CONTINUATION frames, which are used to transmit header blocks larger than the maximum frame size. Attackers exploit this weakness by sending an excessive number of CONTINUATION frames within a single HTTP/2 stream. This flood of frames overwhelms the server's capacity to process them efficiently.

Two Effective Strategies to Reduce Critical Vulnerabilities in Applications

Securing custom applications in a sea of vulnerabilities is daunting. To make the task even more challenging, the threat to applications continues to grow: 8 out of the top 10 data breaches last year were related to application attack surfaces.1 This blog details two effective strategies for identifying vulnerabilities in custom software applications so they can be quickly addressed.

What is the Xz Utils Backdoor : Everything you need to know about the supply chain attack

A week ago, on March 29th, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that two versions of xz Utils, were found to have been compromised. The xz Utils code had been tampered with to include a malicious “backdoor” that would ultimately give attackers the same level of control over affected systems as authorized administrators.

CVE 2023-2033: What is it, and how to fix it?

Zero-day vulnerabilities are the surprise no developer wants to get. Because these security flaws are unknown to developers, they have zero days to prepare or mitigate the vulnerability before an exploit can occur. 62% of vulnerabilities were first exploited as zero-day vulnerabilities, so they are far more prevalent than we think. Even Google Chrome can attest to that after discovering a series of zero-day vulnerabilities that left its billions of users at risk in 2023.

A06 Vulnerable and Outdated Components - OWASP TOP 10

Outdated software components are a hacker's best friend. Learn about the dangers of A06:2021 (formerly known as "Using Components with Known Vulnerabilities") in the OWASP Top 10. This threat just climbed the ranks – let's get you up to speed! In this video, we'll tackle.

CVSS 4.0 Is Here: What Security Leaders Need To Know

The Common Vulnerability Scoring System (CVSS) is used to evaluate and communicate the technical severity of software, hardware and firmware vulnerabilities. While CVSS has been around for nearly 2 decades and now stands as an industry standard tool for scoring the severity of a vulnerability, the framework still has its limitations. To mitigate some of these challenges and improve the efficacy of the system, an updated version of CVSS was released in November 2023.

Google Patches Pixel Phone Zero-days After Exploitation by "Forensic Companies"

Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security. What makes the reported attacks particularly interesting is that traditional cybercriminals may not be behind them, but rather "forensic companies" exploiting two vulnerabilities to extract information and prevent remote wiping.