Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

You hear a lot about shifting your application security (AppSec) left – in other words, shifting AppSec to the beginning of the software development lifecycle (SDLC). While we firmly believe that you should continue scanning in development environments, that doesn’t mean that you should neglect applications that have been deployed to or staged in runtime environments.

Financially motivated adversary groups executing ransomware attacks have rightfully gotten our attention in recent years. Similar to Lulzec, there’s a new group catching attention with different motivations, targeting larger organizations.

Economic Denial of Sustainability (EDoS) is a cybersecurity threat targeting cloud environments. EDoS attacks exploit the elasticity of clouds, particularly auto-scaling capabilities, to inflate the billing of a cloud user until the account reaches bankruptcy or large-scale service withdrawal. EDoS attacks exploit the cloud’s economies of scale to disrupt or discontinue the availability of cloud services and infrastructure that support applications, systems, and corporate networks.

In March 2021, Netflix users logging into shared accounts reported seeing a message on the service telling them, “If you don’t live with the owner of this account, you need your own account to keep watching.” At the time, the affected users had to input a multifactor authentication (MFA) code sent via SMS or email to regain access.

Security teams want to accomplish their best work — but they're being prevented from doing so. We recently surveyed 468 full-time security analysts for our 'Voice of the SOC Analyst' report to learn more about their day-to-day workloads, successes, and concerns. What we found was that seven out of ten analysts are either somewhat or very burned out, and that six out of ten analysts want to find a new job in the next year.

In an ever-expanding web landscape, JavaScript is the glue that holds website and web application development together. But eventually, weaknesses, cracks, and gaps are going to appear in the JavaScript code. When this happens, businesses may find themselves at risk of something more dangerous. Understanding JavaScript security in today’s digital landscape, and the issues and problems related to vulnerable JavaScript code, are critical to protecting businesses and client-side interactions.