%term

Apache ActiveMQ Vulnerability Leads to Stealthy Godzilla Webshell

Jan 18, 2024 By Trustwave In Trustwave

Trustwave has observed a surge in attacks exploiting vulnerabilities in Apache ActiveMQ hosts. In certain cases, these host malicious Java Server Pages (JSP) web shells. The web shells are concealed within an unknown binary format and are designed to evade security and signature-based scanners. Notably, despite the binary's unknown file format, ActiveMQ's JSP engine continues to compile and execute the web shell.

Read Post

Trustwave

Read more about Apache ActiveMQ Vulnerability Leads to Stealthy Godzilla Webshell

Emerging Trends in Wage and Hour Litigation: What You Need to Know

Jan 17, 2024 By SecuritySenses In SecuritySenses

Wage and hour litigation has seen rapid evolution in recent years. With new legal developments and shifts in the workplace, businesses must stay vigilant to avoid noncompliance. This article explores the key trends and provides practical guidance for employers.

Read Post

SecuritySenses

Read more about Emerging Trends in Wage and Hour Litigation: What You Need to Know

The tension between the CDO and the CISO: The balancing act of data exploitation versus protection

Jan 17, 2024 By Alasdair Anderson, Vice President In Protegrity

Data is the most valuable resource for the global enterprise. For any company wanting to remain relevant in today's competitive business landscape, data needs to be at the centre of every business decision, allowing the C-suite to review initiatives, make real-time decisions and if necessary reverse actions. A quick response fuelled by real data insights will power and improve the customer experience and product offerings while driving lower prices through better efficiency. Ultimately, this will improve the bottom line and deliver successful outcomes for many organisations.

Read Post

Protegrity

Read more about The tension between the CDO and the CISO: The balancing act of data exploitation versus protection

USB review, Part 1: How are USB flash drives a security risk?

Jan 17, 2024 By DataSecurity Plus In ManageEngine

We’ve all used pocket-sized USB drives to store and transfer data. We’ve also lost them countless times. USB sticks are a necessary convenience accompanied by complex and varied risks. Besides the loss of the actual ”pendrives” as they’re also known, organizations fall prey to targeted USB attacks, which are quite common. Threats designed for USB exploits have risen from 37% to 52%, according to Honeywell’s Industrial Cybersecurity USB Threat Report 2022.

Read Post

ManageEngine

Read more about USB review, Part 1: How are USB flash drives a security risk?

Cybersecurity operations in 2024: The SOC of the future

Jan 17, 2024 By Theresa Lanowitz In AT&T Cybersecurity

With the democratization of computing comes attack surface expansion. According to Gartner, 91% of businesses are engaged in some form of digital initiative, and 87% of senior business leaders say digitalization is a priority. 89% of all companies have already adopted a digital-first business strategy or are planning to do so.

Read Post

AT&T Cybersecurity

Read more about Cybersecurity operations in 2024: The SOC of the future

What is XML-RPC? Benefits, Security Risks, and Detection Techniques

Jan 17, 2024 By Venkatesh Sundar In Indusface

XML-RPC is a powerful and versatile protocol in the ever-evolving web development and data communication landscape. XML-RPC, which stands for Extensible Markup Language – Remote Procedure Call, provides a standardized way for software applications to communicate over the Internet. XML-RPC for PHP is affected by a remote code-injection vulnerability. An attacker may exploit this issue to execute arbitrary commands or code in the webserver context.

Read Post

Indusface

Read more about What is XML-RPC? Benefits, Security Risks, and Detection Techniques

Datadog's approach to DevSecOps: An executive perspective

Jan 17, 2024 By Jeremy Garcia In Datadog

Editor’s note: Jeremy Garcia, VP of Technical Community and Open Source at Datadog, explains why fostering an organization-wide culture and practice of DevSecOps is essential for deploying resilient, secure applications and services. Over the past decade, DevSecOps has become a popular buzzword in the tech industry.

Read Post

Datadog

Read more about Datadog's approach to DevSecOps: An executive perspective

Academy Mortgage Faces Disruptions; Employee and Borrower Data Compromised

Jan 17, 2024 By Steven In IDStrong

Academy Mortgage Corporation (AMC) is a nationwide mortgage lender and home loan estate professional group. The organization has over 200 branches throughout the US and numerous loan, mortgage, and financing options. In March 2023, AMC officials discovered a breach within their system network; the threat actor accessed and deactivated some of their securities, putting employees and borrowers at risk for compromised data.

Read Post

IDStrong

Read more about Academy Mortgage Faces Disruptions; Employee and Borrower Data Compromised

*nix libX11: Uncovering and exploiting a 35-year-old vulnerability - Part 1 of 2

Jan 17, 2024 By Yair Mizrahi In JFrog

The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library – CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11’s latest versions contain fixes for these vulnerabilities.

Read Post

JFrog

Read more about *nix libX11: Uncovering and exploiting a 35-year-old vulnerability - Part 1 of 2

Keeping a Pulse on All Third-Party Connections

Jan 17, 2024 By Security Guest Expert In Riscosity

The core tenets of information security is to protect assets from unauthorized disclosure, prevent unauthorized changes, and to make them available as needed. These align with the CIA security triad of Confidentiality, Integrity, and Availability.

Read Post