Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What happened with a fake call purporting to be from Amazon tricked a financial advice columnist into handing over $50,000 to a stranger.

Server-side request forgery (SSRF) is a common vulnerability that can crop up unknowingly in any Node.js application. It poses a significant threat because attackers can manipulate a server into making unintended requests to both internal and external resources. This article will explore SSRF, its potential risks, and the strategies to mitigate SSRF in Node.js applications.

Welcome, fellow travelers of the Cosmos! While we may not be traversing the stars on a spaceship, we are all interconnected through the powerful network of blockchains. Unfortunately, just like any technology, vulnerabilities can be discovered and exploited. In this post, we’ll present a critical vulnerability in a Cosmos-SDK blockchain that is explicitly related to the Inter-Blockchain Communication Protocol (IBC).

Trust is a vital part of any growing business. A part of earning and keeping the trust of your customers is implementing the right security measures to protect their data and your systems from any breaches that could impact them. ‍ By aligning with industry-vetted security frameworks, you’ll be able to build a strong security posture that protects your systems and earns customer trust. There are many security frameworks that could be applied to your infrastructure.

Varonis researchers have recently disclosed that several government agencies and private-sector companies had customized or added features to their Salesforce Apex code that leaked data, allowed data corruption, or allowed an attacker to disrupt business functions. Impacted data included the usual suspects like phone numbers, addresses, social security numbers, and username/password combinations.

The main difference between passwordless authentication and Multi-Factor Authentication (MFA) is that passwordless authentication completely removes the use of passwords, whereas MFA is used in conjunction with passwords. There are also differences in a user’s login experience when using passwordless authentication versus MFA, deploying each of them and their cost. Continue reading to learn more about the differences between passwordless authentication and MFA.

On February 13, 2024, Microsoft published their February 2024 security update with patches for 73 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 5 vulnerabilities in this bulletin that were categorized as critical or zero-day vulnerabilities. Two of these vulnerabilities have been reported to be exploited in the wild.

On February 19, 2024, ConnectWise published a security bulletin detailing two critical vulnerabilities within their on-premises ScreenConnect software. At the time of writing, these vulnerabilities do not have CVE numbers assigned to them. ConnectWise has stated that the vulnerabilities have the potential to result in remote code execution (RCE). Vulnerability #1 (CVSS: 10): Allows a threat actor to achieve authentication bypass by leveraging an alternate path/channel.