Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

It’s time to recognize official security vulnerability catalog systems aren’t enough. There are too many gaps in the named security vulnerability process. And plenty of vulnerabilities do not receive the attention they deserve. Some vendors silently patch issues while others leave vulnerabilities in a reserved state. There is not one source of information that contains every vulnerability being exploited. The result?

Get Android & iOS App Penetration Testing Checklists with OWASP Mobile Top 10 Securing mobile applications poses distinct challenges compared to websites. Mobile apps require specialized attention with risks ranging from secure data transfer to device-specific vulnerabilities. Businesses need the right resources and guidance to protect their mobile applications. The OWASP Mobile Top 10 is a good starting point as it outlines the risks and provides actionable tips for mitigating risks.

Web applications serve as the backbone of business operations, and the rise in cyber threats has put a spotlight on vulnerabilities that can compromise the integrity and confidentiality of web applications. But where to start? Security frameworks can help security and development teams understand the top risks and how to harden their applications against them, while guiding technical professionals on how to protect their applications against attacks.

In today's digital and interconnected era, the healthcare sector operates in a landscape of security risks. In 2023 alone, the number of vulnerabilities uncovered in medical devices jumped by 59% to 993 issues. Consequently, the U.S. Food and Drug Administration (FDA), the European Commission, and other governmental agencies have issued cybersecurity guidelines for medical devices. Many of these guidelines advocate for fuzz testing as a means of vulnerability detection.

This month we dive into CVE-2024-27198 for JetBrains TeamCity and the controversy surrounding the patching process that contributed to it being exploited in the wild.

Using our own proprietary External Attack Surface Management (EASM) solution, Outpost24’s Sweepatic, we have conducted an attack surface analysis on the Paris 2024 Olympic Games online infrastructure. The Paris 2024 cybersecurity team have done plenty right, but we’ve also highlighted some real-life attack surface risks that have slipped through the gaps (and do so for many organizations) including open ports, SSL misconfigurations, cookie consent violations, and domain squatting.