Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Blogs

NPM Manifest Confusion: Six Months Later

Several months ago, Darcy Clarke, a former Staff Engineering Manager at GitHub, discovered the “Manifest Confusion” bug in the npm ecosystem. The bug was caused by the npm registry not validating whether the manifest file contained in the tarball (package.json) matches the manifest data published to the npm server. Clarke claims this to be a large threat, allowing malicious actors to deceive developers and hide harmful code from detection.

Resolving Simple Cross-Site Scripting Flaws with Veracode Fix

In the last blog on fixing vulnerabilities with Veracode Fix, we looked at SQL Injection remediation in a Java application. Since then, we have released Fix support for Python (and PHP) and launched a new VS Code plugin that includes support for Fix. It seems appropriate, therefore, to look at resolving a problem in a Python app using Veracode Fix in the VS Code IDE. This time let’s examine a simple cross-site scripting (XSS) weakness.

Enterprise Browsers Need to Secure Identities Without Compromise

Now is the time. It’s been over 30 years since the introduction of the first web browser. Since then, the browser has evolved into an application that allows us to stream entertainment, work and interact through social media. It’s the most widely used application among consumers … and now the enterprise. Unfortunately, there’s little separation between work and personal life when you use a browser designed for consumer use.

It's Official: Cyber Insurance is No Longer Seen as a 'Safety Net'

A new report on the state of email security sheds some light on how organizations are viewing and approaching cyber insurance as they shift strategy toward being cyber resilient. The topic of cyber insurance has been covered quite a bit here on this blog. From when cyber insurance first began as a concept, to the challenges it poses for organizations looking as their last resort after an attack, to changes in insurance policy and law.

Agent Tesla's New Ride: The Rise of a Novel Loader

Malware loaders, critical for deploying malware, enable threat actors to deliver and execute malicious payloads, facilitating criminal activities like data theft and ransomware. Utilizing advanced evasion techniques, loaders bypass security measures and exploit various distribution channels for extensive impact, threat groups enhance their ability to download and execute various malware types as demonstrated by Smoke Loader and GuLoader, highlighting their role in extensive malware distribution.

Hunt for cloud session anomalies with Cloud SIEM

In today’s cloud-native world, systems are usually accessed by users from multiple devices and in various geographic locations. Anyone who has tried to operationalize an impossible travel type alert for cloud resources will understand the myriad nuances and gotchas involved in such an endeavor. A user may be accessing a cloud resource from a mobile device that is tied to a carrier network well away from their normal geographic location.

The Imperative Need for Consolidation in Web App Security and Delivery

In today’s rapidly evolving digital and cyber landscape, securing and delivering applications efficiently is crucial for businesses of all sizes. The pursuit of uninterrupted service is no longer the only focus. Security concerns have taken center stage, transforming the landscape into a battleground where the slightest disruption triggers a search for root causes and solutions. When websites falter, application owners navigate a maze of possibilities.

What We Learned at This Year's Fierce Trial Master File Summit

This year’s Fierce TMF Summit took place in sunny Savannah Georgia, a city known for its ghosts. But the estimated 200 plus attendees of this year’s Summit aren’t afraid of your average ghosts and ghouls: instead, we shudder at tales of inspection findings, unruly document contributors, and other challenges in TMF management.

CVE-2023-48788: Active Exploitation and PoC for Critical RCE in Fortinet FortiClientEMS Observed

On March 21, 2024, security researchers published a technical analysis along with a proof of concept (PoC) regarding the critical Remote Code Execution (RCE) vulnerability, CVE-2023-48788, in Fortinet’s FortiClientEMS. This vulnerability enables an unauthenticated threat actor to achieve RCE through the manipulation of SQL commands. Fortinet has stated that this vulnerability is under active exploitation. PoC exploit code is also now publicly available.