As cybersecurity becomes increasingly important in software development, the “shift left” security approach is widely recognized as a best practice for ensuring superior application security. Numerous traditional security firms are introducing shift-left products and capabilities, and the concept is gaining traction. However, some open source application security tools are more developer-friendly than others.

Credential theft is one of the most common methods used by cybercriminals to gain unauthorized access to an organization, according to Verizon’s 2023 Data Breach Investigations Report. Credential theft places organizations at a greater risk of data breaches, so steps must be taken to prevent it.

PCI DSS version 4.0 recently took effect on March 31, 2024, and includes no less than 63 new requirements. This is the first update of the information security standard designed to defend against payment and credit card fraud since the release of PCI DSS v3.2 eight years ago.

Keeping Windows Server systems updated with the latest patches is one of the key things that administrators can do to ensure their Windows Server environments are stable and secure. Patching is one of the necessary evils that administrators need to manage to keep Windows, Linux, and other environments healthy. Hyper-V hosts are part of the infrastructure that also needs to be kept updated.

The stereotype of the government as a slow-moving behemoth is not ill-fitting, but when it makes adjustments and changes, it does so with deliberation and intent. An excellent example is the ongoing development and evolution of things like security standards. Technology moves much, much faster than the government can respond to or that even most businesses could adjust to without a significant investment or a time delay.

OAuth is an important part of modern authorization frameworks, granting access to resources across different applications easily. However, vulnerabilities in OAuth implementations can create significant security risks. Following research released by Salt labs that uncovered critical vulnerabilities in the world's most popular authorization mechanism, Salt has released a multi-layered protection package to detect attempts to exploit OAuth and proactively fix the vulnerabilities.

Welcome to our post-release article where we share the latest GitProtect enhancements and new features launched with version 1.7.5. We start with big changes first!

On April 12, 2024, Palo Alto disclosed a critical vulnerability identified as CVE-2024-3400 in its PAN OS operating system, which carries the highest severity rating of 10.0 on the CVSS scale. This vulnerability, present in certain versions of Palo Alto Networks’ PAN-OS within the GlobalProtect feature, allows unauthenticated attackers to execute any code with root privileges on the firewall through command injection.

On April 12th, Palo Alto disclosed a vulnerability with a maximum severity rating for the PAN-OS Global Protect Gateway. There was clear evidence that the vulnerability was being actively exploited as early as March 26th. When exploited, this vulnerability enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Palo Alto expected patches to be released for tested mitigations to block known attacks on April 14th.