The high risk associated with newly discovered vulnerabilities in the highly popular Apache Log4j library – CVE-2021-44228 (also known as Log4Shell) and CVE-2021-45046 – has led to a security frenzy of unusual scale and urgency. Developers and security teams are pressed to investigate the impact of Log4j vulnerabilities on their software, revealing multiple technical challenges in the process.
The processing of data is a long-standing debate among governments, businesses, and tech giants alike. Major corporations are identifying data privacy violations and sharing how personal data should be handled and shared ethically. Government entities have framed their own laws on data protection and privacy to protect the personal data of their residents.
Following the Dec. 9, 2021, announcement of the Log4j vulnerability, CVE 2021-44228, CrowdStrike Falcon OverWatch™ has provided customers with unrivaled protection and 24/7/365 vigilance in the face of heightened uncertainty. To OverWatch, Log4Shell is simply the latest vulnerability to exploit — a new access vector among a sea of many others.
This article explores how you can locate Insecure direct object references (IDORs) using Burp Suite. Primarily, there are two ways to test the IDOR flaw, manual and semi-automated. For automation, this article focuses on the Autorize Plugin in Burp Suite.
Cybersecurity incidents aren’t rare for businesses now. In fact, in the first 6 months of 2021, around 1767 data breach incidents rocked the business world and exposed more than 18 billion records. And one of the hardest-hit industry verticals from threatening cyber-attacks is the financial industry.
Another — though unlikely — vulnerability was discovered in Log4j’s latest versions: CVE-2021-44832. This is an Arbitrary Code Execution exploit using, yet again, the now infamous JNDI functionality. The vulnerability lets an attacker with control over the Log4j configuration set a malicious datasource for the JDBC (Java DataBase Connectivity API) appender. The datasource refers to an attacker-controlled JNDI URI that will execute arbitrary code on the application using Log4j.
Digital risks are a big issue for today’s society. Digital risks can be anything from stealing sensitive information to exposing your own personal information to the public. This is why an understanding of the digital risk management process helps businesses to identify and protect themselves.
Bot traffic is a type of traffic that is generated by automated programs, or bots. These bots can be used to generate fake traffic for testing purposes or to engage in malicious activities. Malicious bot traffic is a huge problem for many website owners, and bot detection can be difficult. There are various types of bot traffic that you need to watch out for. In this guide, we will discuss their different types and how to combat them!
Domain hijacking is the act of domain name theft. It can happen to individuals or organisations and it’s increasing in frequency. The name may be hijacked by someone else who passes themselves off as you, tricks your domain registrar into transferring your domain to them, or hacks into your account (sometimes through phishing) and transfers it themselves.
Low-code security vulnerabilities can be deadly - but not for you. Learn how to mitigate all the risks involved by downloading our free whitepaper “7 Deadly Sins of Low-Code Security and How to Avoid Them”. If you’ve followed our last two blog posts, you should already be familiar with the reasons why organizations that are undergoing digital transformation are turning to low-code development.
