High Severity OpenSSL 3.0.x Vulnerabilities Discovered (CVE-2022-3786 and CVE-2022-3602)
The OpenSSL project team has just announced a security fix targeting two distinct buffer overflow (CVE-2022-3786 and CVE-2022-3602) vulnerabilities impacting versions 3.0.0 to 3.0.6 of the popular open-source cryptographic platform.
Managing WordPress and WooCommerce Threats With Attack Surface Intelligence
With its theme ability, websites powered by WordPress can be made to look unique—and often can’t be identified as WordPress-powered at first glance. Combined with the ability to use various plugins to extend its usability, it’s become common for WordPress site owners to use it not only for blogging but for other use cases as well, such as eCommerce.
How Attack Surface Intelligence Drives Vulnerability Management
Today, organizations the world over are facing sophisticated threats and cyber attacks on their valuable digital assets as well as embedded, unknown vulnerabilities in their infrastructures. And digital transformation, along with the pandemic and the shift to the cloud, have only accelerated changes in the way organizations operate, mainly with hybrid and remote work.
The Current State of CI/CD Security, and How to Prevent Common Mistakes
An ever-growing need for faster and structured development has meant that CI/CD tools have become integrated into the core of an organization's development processes.
Atlassian Confluence on-premise vulnerability: Remote access with a hard-coded password
This vulnerability affects on-premise installations of Confluence, where the “Questions for Confluence” add-on is installed or has been installed at any point. Admins should update their instances immediately and ensure they have not been compromised.
Popular Misconfigurations that Make Containerized Apps Vulnerable to Attacks
With today’s staggering number of internet users, and the fact that web applications themselves are doing more than they ever have in the past, scaling, maintaining, and developing large web applications has become a significant challenge for DevOps teams.
Guide and Enrich Red Team Operations with Attack Surface Intelligence
One of the many cognitive spaces where cybersecurity practitioners often like to boast of ingenuity lies in the realm of adversarial emulation.
Journey to the Underbelly of the Beast: Out-of-Band Management Security and the Attack Surface
As of this writing, enterprise networks around the world are still known to be supporting some form of hardware-based remote access and control capability, collectively referred to as out-of-band management (OOBM), as a fallback mechanism to provide system administrators with an alternate data path to computing elements that may otherwise be unreachable through more traditional network media.
The CVE Approach: A Reductionist Way to Handle the Attack Surface
As recently as the 1990s, the information security industry lacked a fundamental mechanism to deal with the notion of sharing both hardware and software vulnerabilities using any sort of meaningful taxonomy.
How to detect developer mistakes before the bad guys do
Web development is one of the largest, if not the largest, sectors in the current tech space. Everything you see on the internet falls more or less into the web development category, which ranges from basic website UI and UX development to complete application frontends and backends. And the surface area of web development is probably the largest it's ever been.