July 5, 2024 at 08:41AM Infosec experts are discussing a vulnerability in Ghostscript, which may lead to significant breaches. The format string bug, designated as CVE-2024-29510, allows remote code execution (RCE) on systems running Ghostscript. It poses a serious threat to web applications and services utilizing Ghostscript for document conversion and preview functionality. The severity … Read more
May 15, 2024 at 08:12AM The new Common Vulnerability Scoring System (CVSS) v4.0 aims to enhance vulnerability assessment by introducing additional metrics and emphasizing the consideration of environmental and threat factors. It is used to evaluate the risk associated with vulnerabilities, especially in network products, and is considered an internationally recognized standard. Integration with security … Read more
April 16, 2024 at 09:47AM The LockBit ransomware group launched a sophisticated attack in West Africa using a leaked variant of LockBit 3.0. Kaspersky discovered this new variant and flagged its ability to generate custom, self-propagating ransomware. The attack involved using leaked privileged credentials and affected multiple systems. Organizations are advised to take preventive measures … Read more
April 9, 2024 at 11:37AM Containerization has revolutionized application deployment and management, emphasizing security compliance in containerized environments. Wazuh, a free open-source security platform, addresses this need by providing visibility, granular access controls, vulnerability scanning, and monitoring for Docker and Kubernetes containers. It aids in maintaining regulatory compliance and strengthening container security, making it an … Read more
March 4, 2024 at 06:48AM The text discusses the unique security needs and challenges faced by mid-market companies in managing SaaS applications. It highlights the risks associated with third-party SaaS applications and emphasizes the necessity of implementing tailored SaaS security solutions that are both effective and scalable. The article also introduces Wing Security’s tiered product … Read more
January 4, 2024 at 08:12AM The “Executive Order on Improving the Nation’s Cybersecurity” emphasizes securing the “Software Supply Chain.” The article provides three ways to enhance security: safeguarding secrets, using software composition analysis for transparency, and integrating ethical hacking. Strengthening Software Supply Chain Security is crucial for smooth software sales and overall resilience in the … Read more
December 19, 2023 at 02:35PM The ALPHV/BlackCat ransomware group has earned more than $300 million from 1,000+ victims worldwide by September 2023, per FBI. Affiliates have extensive networks and experience in ransomware and data extortion. Additionally, FBI and CISA have issued mitigation measures, including patching vulnerabilities and enforcing multifactor authentication. FBI has recently disrupted the … Read more
December 15, 2023 at 11:49AM In January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a Risk and Vulnerability Assessment (RVA) for a Healthcare and Public Health (HPH) organization. The RVA included web application, phishing, penetration, database, and wireless assessments. While no significant external vulnerabilities were identified, the internal testing revealed multiple misconfigurations and … Read more
December 14, 2023 at 12:54PM Network penetration testing is vital in cybersecurity, yet misconceptions impact its role. This blog serves as a guide, explaining the process, debunking myths, and highlighting its significance. It encompasses internal and external testing differences, process stages, common misconceptions, and the comparison between manual and automated testing. It emphasizes the importance … Read more
December 6, 2023 at 04:54AM Atlassian patched four critical vulnerabilities in its software, addressing remote code execution risks. CVEs 2022-1471, 2023-22522, 2023-22523, and 2023-22524, with CVSS scores up to 9.8, affect various products including Confluence and Jira. Prior critical flaw in Bamboo also mentioned. Urgent updates recommended. Meeting Takeaways from Dec 06, 2023 – Software … Read more