Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

safebreach

The Price of Convenience: How Security Vulnerabilities in Global Transportation Payment Systems Can Cost You

Aug 14, 2023 By Omer Attias In SafeBreach

Public transportation payment systems have undergone significant changes over the years. Mobile payment solutions have become increasingly popular, allowing passengers to pay for their fare using smartphones or other mobile devices. This trend is likely to continue in the years to come. But how secure are mobile payment solutions for public transportation?

Read Post

How we found a Prototype Pollution in protobuf.js

Aug 14, 2023 By Code Intelligence In Code Intelligence
Our colleagues Peter Samarin, Norbert Schneider and Fabian Meumertzheim recently built a new bug detector enabling our JavaScript fuzzing engine Jazzer.js to identify Prototype Pollution. This work is now bearing its first fruits: As part of our ongoing collaboration with Google’s OSS-Fuzz, Jazzer.js recently uncovered a new Prototype Pollution vulnerability in protobuf.js (CVE-2023-36665). This finding puts affected applications at risk of remote code execution and denial of service attacks.
View Video
ekran

Data Loss Prevention (DLP) Systems: Types, Key Features, Pros and Cons

Aug 14, 2023 By Ekran In Ekran
As the number and severity of cybersecurity attacks rise each year, organizations are compelled to look for measures to protect sensitive data. The abundance of cybersecurity solutions on the market may create confusion and pressure, as choosing the wrong one may lead to security gaps. Many companies turn to data loss prevention (DLP) systems, since they have been on the market for years. But is a DLP system enough to protect your data?
Read Post
kovrr

How to Negotiate the Best Cyber Insurance Policy

Aug 14, 2023 By Kovrr In Kovrr
Most companies will quickly accept the insurance provider's first offer when negotiating cybersecurity insurance policies. Although a relatively new component of the insurance sector, providers have still been conducting cyber assessments and offers for years and are the so-called expert. ‍ However, this way of thinking costs enterprises thousands, if not millions, of dollars a year in deductibles.
Read Post
datatrails

Creating a better internet at IETF117

Aug 14, 2023 By Colin McCabe In DataTrails

The other week in San Francisco at IETF117, a group of developers and subject matter experts gathered to do just that. The IETF mission is: “To make the internet work better by producing high quality, relevant technical documents that influence the way people design, use, and manage the internet.” This standards body is quite unique – anyone with the right passion can join. Believe it or not, humming is a measure of consensus.

Read Post
tripwire

The Five Stages of Vulnerability Management

Aug 14, 2023 By People at Tripwire In Tripwire

A strong vulnerability management program underpins a successful security strategy overall. After all, you can’t defend weak points you don’t know are there. It is predicted that 2023 will see an average of 1,900 critical Common Vulnerabilities and Exposures (CVEs) a month, up 13% from last year. This is due to increased interconnectedness, the addition of more tools, IoT devices and SaaS services, and the increased risk of human error.

Read Post
Arctic Wolf

CVE-2023-39143: Critical Remote Code Execution Vulnerability in PaperCut Print Management Server

Aug 14, 2023 By Andres Ramos In Arctic Wolf
On August 4, 2023, security researchers published a blog detailing a critical remote code (RCE) vulnerability in PaperCut NG/MF print management servers (CVE-2023-39143: CVSS 8.4). CVE-2023-39143 could allow unauthenticated threat actors to read, delete, and upload arbitrary files on compromised systems, which results in RCE. Additionally, this vulnerability does not require user interaction.
Read Post
tripwire

Security Immutability: The Importance of Change

Aug 14, 2023 By Tyler Reguly In Tripwire

A few years ago, I wrote about the importance of security immutability. More specifically, I discussed how important it is that your environment be unchangeable in order to ensure that it remains secure. As I looked back on the article, I found it rather amusing that the article was published 4 years ago, but that feels like a lifetime ago. In the last few years, we really have seen just how volatile the world can be.

Read Post
netskope

Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile

Aug 14, 2023 By Jan Michael In Netskope

From February to July 2023, Netskope Threat Labs has been tracking a staggering 61-fold increase in traffic to phishing pages hosted in Cloudflare R2. The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps. The attacks have been targeting victims mainly in North America and Asia, across different segments, led by the technology, financial services, and banking sectors.

Read Post
indusface

API Security Testing: Importance, Risks and Checklist

Aug 14, 2023 By Indusface In Indusface
Many API-related breaches do not result from sophisticated attackers or diligent security researchers but stem from improper API design and implementation. Recent incidents at Clubhouse, John Deere, and Experian serve as examples, highlighting the consequences of neglecting basic API security practices. To safeguard against security risks, comprehensive API security testing becomes essential, ensuring APIs align with published specifications and are resilient to malicious inputs and attacks.
Read Post
Subscribe to Security

Copyright © 2024 OpsMatters™. All rights reserved.