Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

GoTestWAF - Quick start with Docker and PDF report

GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, and others. It was designed to evaluate web application security solutions, such as API security proxies, Web Application Firewalls, IPS, API gateways, and others.

Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data

Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks.

Nine IT shortcuts that could cost you millions

Finding savings and efficiencies is part of an IT leader’s role. But sacrificing security for the sake of convenience is almost always asking for trouble later down the line. There are IT security shortcuts that might be well-intentioned and seem sensible at the time, that could have serious and unintended negative consequences. We’ll run through nine common IT security shortcuts that can end up costing organizations millions.

How to use Vanta and AWS to manage vulnerabilities

This blog is part of a series about how to use Vanta and AWS to simplify your organization’s cloud security. To learn more about how to use Vanta and AWS, watch our Coffee and Compliance on-demand webinar. ‍ Amazon Web Services, or AWS, is one of the most popular cloud providers for organizations today — providing one of the most flexible and secure cloud environments available.

OWASP Top 10 with OPA/Styra

Among other things, the OWASP organization delivers reports on the Top 10 most prevalent and important security risks for web-based software development. In 2019 they started reporting on the Top 10 API Security risks and refreshed that list in 2023. In this blog we describe how OPA/Styra can help with 9 of the 10 risks, and for each one we rate how impactful OPA/Styra is: Below we detail each of these 10 risks and briefly how to address them with OPA and Styra.

GitHub "besieged" by malware repositories and repo confusion: Why you'll be ok

As open source software development continues to evolve, so does its susceptibility to cybersecurity threats. One such instance is the recent discovery of malware repositories on GitHub. In this cybersecurity attack, threat actors managed to upload malicious code onto GitHub, a platform that hosts millions of code repositories and is used by developers worldwide.

Sysdig integration with Backstage

Developers are frequently tasked with working with multiple tools in the cloud-native era. Each of these tools plays a crucial role in the application life cycle, from development to deployment and operations. However, the sheer variety and diversity of these tools can increase the likelihood of errors or the accidental inclusion of critical vulnerabilities and misconfigurations.

OWASP Top 10 for LLM Applications - Critical Vulnerabilities and Risk Mitigation

GPT’s debut created a buzz, democratizing AI beyond tech circles. While its language expertise offers practical applications, security threats like malware and data leaks pose challenges. Organizations must carefully assess and balance the benefits against these security risks. Ensuring your safety while maximizing the benefits of Large Language Models(LLMs) like ChatGPT involves implementing practical actions and preparing for current and future security challenges.

JetBrains TeamCity Vulnerabilities (CVE-2024-27198 and CVE-2024-27199) Exploited

Two critical vulnerabilities have been discovered and patched in TeamCity, a build management and continuous integration server from JetBrains. These vulnerabilities are being tracked as CVE-2024-27198 and CVE-2024-27199 and impact all TeamCity On-Premises versions through 2023.11.3. They are reportedly being actively exploited as of March 6, 2024, with a fix is available in version 2023.11.4, which was released Monday, March 4.