Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

indusface

RCE Zero Day Vulnerabilities in CUPS Put Linux Systems at Risk

Oct 1, 2024 By Vivek Chanchal In Indusface
A new series of vulnerabilities in the Common Unix Printing System (CUPS) threatens numerous Linux systems, potentially allowing remote code execution (RCE). This affects a wide range of platforms, including Debian, Red Hat, SUSE and macOS. The vulnerabilities—tracked as CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177—are believed to endanger over 76,000 devices, with estimates suggesting up to 300,000 could be affected.
Read Post
indusface

How do Compliance Regulations Drive Application Security?

Sep 27, 2024 By Vinugayathri Chinnasamy In Indusface
A zero-day flaw in MOVEit software exposed the data of 66.4 million individuals, revealing businesses are increasingly vulnerable to cyberattacks. Applications, which manage sensitive data, are prime targets for these threats. Compliance regulations recognize the risks and establish guidelines aimed at ensuring applications meet data protection, privacy, and overall security. PCI DSS v4.0 for example introduces 64 new requirements including strict security measures to protect public-facing applications.
Read Post

17 Best Cloud WAAP & WAF Software in 2024

Sep 26, 2024 By Indusface In Indusface
WAAP encompasses a comprehensive suite of tools, technologies, and practices that detect, prevent, and mitigate attacks, such as cross-site scripting (XSS), SQL injection, and API abuse. By implementing a robust WAAP, organizations can fortify their applications and APIs, safeguard sensitive data, and uphold the trust of their users in an ever-evolving threat landscape. Examine the functionality and effectiveness of the leading WAAP & WAF software, along with their key features, reviews, ratings, and insights into who they are best suited for.
View Video
indusface

CVE-2024-8190 - OS Command Injection in Ivanti CSA

Sep 24, 2024 By Pavithra Hanchagaiah In Indusface
A high severity OS command injection vulnerability, CVE-2024-8190, has been found in Ivanti Cloud Services Appliance (CSA) versions 4.6 Patch 518 and earlier. This flaw allows attackers with admin access to remotely execute malicious commands, potentially taking full control of the system. Ivanti has already released updates, but this command injection vulnerability is actively exploited in the wild, making immediate action critical.
Read Post
indusface

Top 8 Vulnerability Management Challenges and How to Overcome Them

Sep 13, 2024 By Vinugayathri Chinnasamy In Indusface
The State of Application Security report shows that over 2.37 billion attacks were blocked on AppTrana WAAP from April 1, 2024, to June 30, 2024. Attacks targeting vulnerabilities surged by 1,200% in Q2 2024 compared to last year, an alarming fact. This sharp rise highlights that vulnerabilities are the prime target. Moreover, they are now easily exploitable thanks to readily available scripts on known vulnerabilities. This could be because of rapid adoption of AI and LLM models even among hackers.
Read Post
indusface

CVE-2024-8517 - Unauthenticated Remote Code Execution in SPIP

Sep 13, 2024 By Pavithra Hanchagaiah In Indusface
A critical security flaw has been discovered in SPIP, a popular open-source content management system (CMS). This flaw, identified as CVE-2024-8517, stems from a command injection issue in the BigUp plugin. The vulnerability allows attackers to execute arbitrary OS commands remotely and without authentication, simply by sending a malicious multipart file upload HTTP request. This blog will explore the details of this vulnerability, its potential impacts, and the essential steps for mitigation.
Read Post
indusface

Understanding OWASP Top 10 Client-Side Risks

Aug 30, 2024 By Vinugayathri Chinnasamy In Indusface
Websites rely heavily on client-side code to deliver interactive user experiences. Unlike server-side code, which is protected within an organization’s infrastructure, client-side code runs in the user’s browser and is exposed to various risks such as data theft and JS injection. Recognizing the unique challenges of securing client-side code, OWASP has created a dedicated Top 10 list for client-side security risks.
Read Post
indusface

How Frequently Should We Run a Vulnerability Scan?

Aug 30, 2024 By Vinugayathri Chinnasamy In Indusface
All it takes is a single unpatched vulnerability to breach security and gain access to a company’s mission-critical assets. Effective vulnerability management is essential for strong cybersecurity. Vulnerability scans play a key role in this process, offering a clear view of the entire IT infrastructure and identifying existing vulnerabilities. How many times should we run scans? Are we scanning often enough? These are the questions we often get.
Read Post

Supply Chain Attack Fundamentals

Aug 29, 2024 By Indusface In Indusface
Overview: Picture this: Your website included a 3rdparty component (such as a WordPress plug-in), and hackers used that as a backdoor to infiltrate your systems, which were secure on their own. This is a supply chain attack. Pollyfillio attack is a recent example of this where 100,000 websites were impacted last month. In this webinar, Vivekanand Gopalan (VP of Products - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) discuss strategy and tactics to protect your applications from supply chain attacks.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.