Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Indusface

indusface

CVE-2024-8517 - Unauthenticated Remote Code Execution in SPIP

Sep 13, 2024 By Pavithra Hanchagaiah In Indusface
A critical security flaw has been discovered in SPIP, a popular open-source content management system (CMS). This flaw, identified as CVE-2024-8517, stems from a command injection issue in the BigUp plugin. The vulnerability allows attackers to execute arbitrary OS commands remotely and without authentication, simply by sending a malicious multipart file upload HTTP request. This blog will explore the details of this vulnerability, its potential impacts, and the essential steps for mitigation.
Read Post
indusface

Understanding OWASP Top 10 Client-Side Risks

Aug 30, 2024 By Vinugayathri Chinnasamy In Indusface
Websites rely heavily on client-side code to deliver interactive user experiences. Unlike server-side code, which is protected within an organization’s infrastructure, client-side code runs in the user’s browser and is exposed to various risks such as data theft and JS injection. Recognizing the unique challenges of securing client-side code, OWASP has created a dedicated Top 10 list for client-side security risks.
Read Post
indusface

How Frequently Should We Run a Vulnerability Scan?

Aug 30, 2024 By Vinugayathri Chinnasamy In Indusface
All it takes is a single unpatched vulnerability to breach security and gain access to a company’s mission-critical assets. Effective vulnerability management is essential for strong cybersecurity. Vulnerability scans play a key role in this process, offering a clear view of the entire IT infrastructure and identifying existing vulnerabilities. How many times should we run scans? Are we scanning often enough? These are the questions we often get.
Read Post

Supply Chain Attack Fundamentals

Aug 29, 2024 By Indusface In Indusface
Overview: Picture this: Your website included a 3rdparty component (such as a WordPress plug-in), and hackers used that as a backdoor to infiltrate your systems, which were secure on their own. This is a supply chain attack. Pollyfillio attack is a recent example of this where 100,000 websites were impacted last month. In this webinar, Vivekanand Gopalan (VP of Products - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) discuss strategy and tactics to protect your applications from supply chain attacks.
View Video
indusface

Formjacking Attacks - How They Work and How to Prevent Them

Aug 26, 2024 By Vinugayathri Chinnasamy In Indusface
Formjacking is a cyberattack where attackers inject malicious JavaScript code into webpages containing form fields, usually on login pages or payment forms. The objective is to steal sensitive information, such as credit card details, passwords, and other personal data, directly from users as they enter it into the compromised forms. Formjacking attack occurs entirely on the client side—within the user’s browser—making it particularly challenging to detect.
Read Post
indusface

Magecart Attack - Techniques, Examples & Preventions

Aug 23, 2024 By Vinugayathri Chinnasamy In Indusface
Magecart attacks are a form of digital skimming that targets insecure websites to steal payment information. These attacks involve injecting malicious JavaScript code into e-commerce websites to steal sensitive information such as credit card details during the checkout process. The term “Magecart” originates from the attackers’ initial focus on Magento, a popular e-commerce platform, though their methods have since expanded to target various other platforms.
Read Post
indusface

8 Types of Cyberattacks a WAF is Designed to Stop

Aug 22, 2024 By Venkatesh Sundar In Indusface
A Web Application Firewall (WAF) is your first line of defense against internet traffic that can be both legitimate and malicious. It helps protect your web applications, websites, and servers from various cyber-attacks by filtering out harmful traffic. WAF (WAAP) is essential for web security as it quickly identifies and addresses vulnerabilities in applications and servers.
Read Post
indusface

CVE-2024-38856 -Apache OFBiz Pre-Auth RCE Vulnerability

Aug 14, 2024 By Pavan Bushan Reddy In Indusface
A new zero-day vulnerability, CVE-2024-38856, has been discovered in the Apache OFBiz open-source enterprise resource planning (ERP) platform, presenting a critical threat to businesses worldwide. This pre-authentication remote code execution (RCE) flaw allows unauthenticated attackers to exploit weaknesses in OFBiz’s request handling, leading to unauthorized access and potentially damaging control over affected systems.
Read Post
indusface

CVE-2024-4879 & CVE-2024-5217 Exposed - The Risks of RCE in ServiceNow

Aug 1, 2024 By Mohammed Ansari In Indusface
Recent critical vulnerabilities in ServiceNow, a widely used cloud platform, have put numerous organizations at risk of data breaches. Threat actors are exploiting these input validation flaws, enabling remote code execution and unauthorized access. Despite recent fixes, government agencies, data centers, and private firms remain targeted. This blog highlights how these flaws are exploited for data theft and outlines security measures to mitigate these risks.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.