Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


SEC Allegations: SolarWinds CISO Aware of Cyber Risks Who Should Fix Vulnerabilities? #podcast

Welcome to our latest video where we unpack the recent SEC allegations surrounding SolarWinds CISO's awareness of cybersecurity risks and vulnerabilities. The SEC claims that despite this awareness, the issues were not adequately addressed. Join us as we delve into the critical question: Is the CISO now responsible for fixing vulnerabilities?

How Malicious Insiders Use Known Vulnerabilities Against Their Organizations

We are well aware of the devastating effect insiders can have when using their legitimate access and knowledge to target their own organization. These incidents can result in significant monetary and reputational damages. Entities small and large, across all sectors, can fall victim to insider threats.


Atlassian Releases Four Critical Patches to Prevent RCE

Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. In late October 2023, Atlassian issued a warning about a critical security flaw, CVE-2023-22518 (CVSS score 9.1), impacting all versions of Confluence Data Center and Server. This improper authorization issue poses a significant risk of data loss if exploited by an unauthenticated attacker.

Arctic Wolf

CVE-2023-22523, CVE-2022-1471, CVE-2023-22524, and CVE-2023-22522: Four Critical RCE Vulnerabilities Impacting Multiple Atlassian Products

On Tuesday, December 5, 2023, Atlassian published fixes for four critical-severity remote code execution (RCE) vulnerabilities impacting a variety of Atlassian products, including Atlassian Confluence Server and Data Center. The vulnerabilities were discovered by Atlassian as part of a security review and have not been actively exploited by threat actors. Additionally, we have not observed a public proof of concept (PoC) exploit published for any of the vulnerabilities.

Arctic Wolf

CVE-2023-49103, CVE-2023-49104, and CVE-2023-49105: Multiple Critical Vulnerabilities in ownCloud

On November 21, 2023, ownCloud published advisories on three security vulnerabilities. The most severe of these vulnerabilities is an information disclosure vulnerability tracked as CVE-2023-49103 (CVSS: 10). The vulnerability is within the “graphapi” extension and is due to a library it relies on. The library provides a URL that when accessed discloses configuration details regarding the PHP environment including environment variables.


State of Log4j Vulnerabilities: How Much Did Log4Shell Change?

December 9 marks two years since the world went on high alert because of what was deemed one of the most critical zero-day vulnerabilities ever: Log4Shell. The vulnerability that carried the highest possible severity rating (10.0) was in Apache Log4j, an ubiquitous Java logging framework that Veracode estimated at the time was used in 88 percent of organizations.


Critical OWASP Mobile Top 10 2023 Vulnerabilities [+Mobile App Pen-testing Checklists]

Get Android & iOS App Penetration Testing Checklists with OWASP Top 10 Securing mobile applications poses distinct challenges compared to websites. Mobile apps require specialized attention with risks ranging from secure data transfer to device-specific vulnerabilities. Businesses need the right resources and guidance to protect their mobile applications. The OWASP Mobile Top 10 is a good starting point as it outlines the risks and provides actionable tips for mitigating risks.


Adobe ColdFusion Vulnerability: SafeBreach Coverage for US-CERT Alert (AA23-339A)

On December 5th, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory that confirmed the exploitation of CVE-2023-26360 at a Federal Civilian Executive Branch (FCEB) agency by unknown threat actors. Exploiting this vulnerability allowed threat actors to gain access to the FCEB agency network on two separate occasions in June 2023.

outpost 24

Request smuggling and HTTP/2 downgrading: exploit walkthrough

During a recent penetration test on a customer application, I noticed weird interactions between the web front-end and back-end. This would eventually turn out to be a vulnerability called HTTP request smuggling, enabled by the fact that the front-end was configured to downgrade HTTP/2 requests to HTTP/1.1. With the help from my colleague Thomas Stacey, we were able to construct an exploit chain with response queue desynchronization along with traditional HTTP/1.1 request smuggling techniques.


Code injection in Python: examples and prevention

As software becomes increasingly integral to our professional and personal lives, the need to protect information and systems from malicious attacks grows proportionately. One of the critical threats that Python developers must grapple with is the risk of code injection, a sophisticated and often devastating form of cyberattack.