Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Autumn 2024 Product Releases: What's New at Astra Security

As organizations grow and adopt cloud-native technologies, securing digital infrastructure at scale has become increasingly complex. According to the Cloud Security Alliance, 73% of organizations struggle to secure business-critical cloud applications due to misconfigurations and limited risk visibility. Ransomware alone can cost companies millions, and with the rise in cyber threats, even cyber insurance may not fully protect them from repeated attacks.

Stored XSS Vulnerability in bodi0's Easy Cache Plugin

Product Name: bodi0’s Easy Cache Vulnerability: Stored XSS Vulnerable Version: Will be disclosed soon CVE: Will be disclosed soon On September 16, 2024, the team of pentesters at Astra Security found a stored Cross-Site Scripting or XSS in bodi0’s Easy Cache plugin. It is a plugin designed for WordPress that helps optimize the caching functionality, thus allowing enhanced page loading and reducing the server load.

Introducing The 403 Circle by Astra

This Cyber Security Awareness month, we’re thrilled to launch The 403 Circle, our new community-driven approach to building a safer world. It isn’t for everyone, but it might be for you. We are surrounded by an overwhelming trove of information, from AI chatbots and mile-long whitepapers to social networks or ‘communities’ that treat you like a product—to acquire, upsell, and renew contracts. At Astra, we strive to simplify proactive security.

An In-Depth Guide to How Vulnerability Scanning Works?

Vulnerability scanning is the process of evaluating web and mobile applications, APIs consumed by them, or systems, networks, and cloud infrastructures to identify vulnerabilities. It involves using automated tools trained to scan for known CVEs, misconfigurations, and potential attack vectors.

Broken Access Control in Committee Management System

On 24 September 2024, the security researchers at Astra discovered a critical broken access control vulnerability in the Class Committee Management System, an open-source project. The web-based system allows users to manage files, schedule meetings, generate reports, and access other management features. A broken access control vulnerability occurs when the application does not enforce proper permissions and restrictions.

CVE-2024-47610: Stored XSS Vulnerability in InvenTree

Astra Security identified a vulnerability in the InvenTree Inventory Management System on October 2nd, 2024, which has since been patched. This vulnerability, CVE-2024-47610, is stored cross-site scripting (stored XSS) that targets versions of InvenTree below 0.16.5, where ‘Markdown,’ in the Notes feature, can enable attackers to run code. Cross-site scripting vulnerabilities allow a hacker to inject HTML code into an application and affect the users who intercept the code.

How to Conduct Web App Penetration Testing?

Web application penetration testing is a comprehensive and methodological process that leverages various tools and techniques to identify, analyze, and prioritize vulnerabilities in the application’s code and configurations. It goes beyond basics to find interlinked business logic vulnerabilities before attackers can gain unauthorized access to sensitive data, disrupt operations, or steal user data.

Introducing Astra OrbitX: Continuous Security at Scale

Engineering Leaders are stretched thinner than ever, racing to deliver innovative products and scale operations while securing a complex digital ecosystem across the increasing perimeter of code, DevOps, compliance, and more. Remember the infamous MOVEit attacks that compromised nearly 2,000 organizations, from BBC and Harvard to local government agencies. Over 67 million individuals were affected, underscoring the devastating consequences of such breaches.

How to Build a Cyber Security Culture?

Cybersecurity is no longer an awareness issue but a strategic execution problem. In 2023, 96% of CEOs acknowledged cybersecurity’s importance for organizational growth, stability, and competitiveness, but only 15% had dedicated board meetings to discuss cybersecurity issues. This disconnect between awareness and action stems primarily from difficulty quantifying cybersecurity goals, investments, and return on investment (ROI), making it easier to overlook or, at best, an afterthought.