On October 21, 2024, Broadcom released updated fixes for the critical Remote Code Execution (RCE) vulnerability CVE-2024-38812 in vCenter Server and Cloud Foundation, as the initial patch from September did not fully resolve the issue. This vulnerability is a heap-overflow flaw in the implementation of the DCERPC protocol that a remote attacker can use to send specially crafted network packets to vCenter Server, potentially leading to RCE.

This is a continuation of the series on web application security. If you haven't already read through part 1, this is a good time to go back. If not, let's move on and answer the question left hanging during our last installment: how do browsers know which site set the cookies in the first place? And what constitutes the same site?

Security testing aims to find vulnerabilities and security weaknesses in the software/ application. By subjecting the software or application to controlled security scenarios, cyber security testing ensures that the system is adequately prepared to withstand attacks and unforeseen failures. Security experts and testers use different types of security testing to identify potential threats, measure the probability of exploitation of vulnerabilities, and gauge the overall risks facing the software/ app.

Imagine you’re all prepared to roll out your latest feature, and suddenly, right before launch, you discover a security vulnerability concealed in your code. Depending on the severity, developers can spend anywhere from 7 hours to days or even months finding and fixing these vulnerabilities. A critical vulnerability could set your release back by weeks, while a simple fix might take a day.

Previously, Trustwave SpiderLabs covered a massive fake order spam scheme that impersonated a tech support company and propagated via Google Groups. Since then, we have observed more spam campaigns using this hybrid form of cyberattack with varying tactics, techniques, and procedures (TTP). Between July and September, we witnessed a 140% increase in these spam campaigns. In this blog, we will showcase the different spam techniques used in these phishing emails.

Deploying large language models (LLMs) securely and accurately is crucial in today’s AI deployment landscape. As generative AI technologies evolve, ensuring their safe use is more important than ever. LLM guardrails are essential mechanisms designed to maintain the safety, accuracy, and ethical integrity of these models. They prevent issues like misinformation, bias, and unintended outputs.