Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Slowloris is a type of DDoS (Distributed Denial of Service) attack that exploits web servers to handle incoming connections. In a Slowloris attack, the attacker sends many HTTP requests to the target web server, but unlike a regular DDoS attack, the requests are sent slowly over a long period of time. The attack sends incomplete HTTP requests to keep the connections open for as long as possible. The attacker then mimics this pattern by sending many incomplete requests to the server.

While modern web applications are growing in complexity, the threat landscape is also constantly evolving. It can be difficult for developers to identify and remediate vulnerabilities in their code, especially if they need more expertise in security. As a result, manual application security testing has become ever more challenging and intricate.

You shouldn’t turn off your Two-Factor Authentication (2FA) because it removes the extra layer of security it adds to your account, making it easier for cybercriminals to compromise it. Keep on reading to learn why 2FA should be left enabled for your online accounts and why it should be added to your accounts if it isn’t already.

On the final day of the World Economic Forum, we shared SecurityScorecard’s five key cybersecurity insights based on the discussions that dominated our time in Davos, Switzerland. Several weeks later, after gathering our thoughts from everything we saw, heard, and contributed to in Davos, we’d like to expand on our cybersecurity perspectives from the Forum and provide five additional insights.

Container adoption in enterprises continues to grow, and Kubernetes has become the de facto standard for deploying and operating containerized applications. At the same time, security is shifting left and should be addressed earlier in the software development lifecycle (SDLC). Security has morphed from being a static gateway at the end of the development process to something that (ideally) is embedded every step of the way. This can potentially increase the effort for engineering and DevOps teams.

On Thursday, February 16, 2023, Fortinet patched two critical unauthenticated remote code execution vulnerabilities, one impacting FortiNAC (CVE-2022-39952) and one impacting FortiWeb (CVE-2021-42756). Both vulnerabilities were discovered by Fortinet’s Product Security team.

Last year cyber threats were at the forefront of many business leaders. Not only did the Australian Cyber Security Centre (ACSC), receive over 76,000 cybercrime reports, an increase of 13 percent from the previous financial year, major cybersecurity incidents at Optus, Medibank, and others made cybersecurity a top of mind issue for many in Australia and New Zealand.

A ransomware outfit is advising its victims to secretly tell them how much insurance they have, so their extortion demands will be met. As security researchers at Varonis describe, a new strain of the HardBit ransomware has taken the unusual step of asking targeted companies to spill the beans of whether they have cyber insurance (and the terms of that insurance) anonymously.

Vulnerability management (VM) is a challenging task. Of the three pillars of people, process, and technology, it is the latter that we have the most control over and that can make the greatest impact. We recognize that technology alone is not sufficient and must be accompanied by strong processes and skilled personnel. However, the right technology can greatly facilitate and improve the effectiveness of our vulnerability management efforts.

The ability to sign and verify the integrity and origin of software artifacts, such as Docker images, is critical to supply chain security. Let's try Sigstore, a new standard that promises to make this process much easier.