Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

Introducing Runtime-based Vulnerability Management - turning vulnerability data into actionable intelligence

Struggling to manage vulnerabilities in your Kubernetes environment? You’re not alone. Traditional vulnerability management tools often leave security teams feeling overwhelmed and unsure of where to focus their efforts. Traditional scanners churn out an endless stream of alerts, many irrelevant, making it difficult to prioritize and address the most critical issues. Sound familiar?

Preventing server-side request forgery in Node.js applications

Server-side request forgery (SSRF) is a common vulnerability that can crop up unknowingly in any Node.js application. It poses a significant threat because attackers can manipulate a server into making unintended requests to both internal and external resources. This article will explore SSRF, its potential risks, and the strategies to mitigate SSRF in Node.js applications.

What a Vulnerability in Salesforce Apex Code Means for You

Varonis researchers have recently disclosed that several government agencies and private-sector companies had customized or added features to their Salesforce Apex code that leaked data, allowed data corruption, or allowed an attacker to disrupt business functions. Impacted data included the usual suspects like phone numbers, addresses, social security numbers, and username/password combinations.

Critical Vulnerabilities in ConnectWise ScreenConnect Patched

On February 19, 2024, ConnectWise published a security bulletin detailing two critical vulnerabilities within their on-premises ScreenConnect software. At the time of writing, these vulnerabilities do not have CVE numbers assigned to them. ConnectWise has stated that the vulnerabilities have the potential to result in remote code execution (RCE). Vulnerability #1 (CVSS: 10): Allows a threat actor to achieve authentication bypass by leveraging an alternate path/channel.

Preventing SQL injection attacks in Node.js

As reliance on software systems continues to grow, so does the emergence of numerous security threats. One notable threat for developers, especially those working with Node.js, is SQL injection. SQL injection is a malicious attack where nefarious SQL code is injected into a system, exposing sensitive information, corrupting or deleting data, and sometimes, granting unauthorized access to attackers.

Cross-site scripting attacks in action and how to protect against them

Cross-Site Scripting (XSS) attacks pose a significant security threat by infiltrating an application’s input fields with malicious code snippets. When users access the affected pages, this code is executed in their browsers, putting their sensitive information at risk. The malicious content injected into the web browser can take various forms, including JavaScript, HTML, Flash, or any other executable code.

Bleeding Credit Unions Dry: The Story of Sloppy and Broken Operations

How vulnerable are credit unions, the bedrock of community finance, to rapidly advancing cyber threats? Very. Join CISO Global's Chris Clements, Tigran Safari, James Montagne, and special guest Iwona Karpeta as they discuss recent attacks against credit unions, how they responded, and how their customers were impacted. Speakers: Chris Clements is the VP of Solutions Architecture for CISO Global. Chris has spent more than two decades working in the information security field and has a wide range of experience, including business management, sales, product, and service delivery.