Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

PCI version 4.0 was released in March 2022, and all organizations that must be compliant with the regulation have a deadline of March 31, 2024 to do so. So, what does the new version say about pen testing? According to Requirement 11 of the Payment Card Industry Data Security Standard (PCI DSS), pen testing is required for organizations and entities that store, process, and/or transmit cardholder data.

An application’s attack surface is the sum of points where it might be vulnerable to bad actors. It consists of all the paths in and out of the application. Identifying vulnerabilities is vital to mitigating threats because any access point is a potential entry point for an attack. An attack surface analysis, which is critical to this mitigation strategy, is the process of identifying and assessing the potential vulnerabilities and risks in a software system or network.

Deserialization is the process of converting data from a serialized format, such as JSON or binary, back into its original form. Swift provides multiple protocols allowing users to convert objects and values to and from property lists, JSON, and other flat binary representations. Deserialization can also introduce unsuspecting security vulnerabilities in a user’s codebase that attackers could exploit.

The discipline of vulnerability management has been around for decades and the way we assess risk, based on severity and likelihood of exploitation, has remained fairly constant. However, there are challenges in how this formula is usually applied that narrow our perspective on risk and our mitigation strategies.

A critical vulnerability in FortiGate SSL VPN could allow hackers to access vulnerable systems and inject malicious code, even if Multi-Factor Authentication (MFA) is enabled. To learn how to identify whether your Fortinet product is impacted and how to quickly secure it, read on. Learn how UpGuard simplifies Vendor Risk Management >

AI-related security risk manifests itself in more than one way. It can, for example, result from the usage of an AI-powered security solution that is based on an AI model that is either lacking in some way, or was deliberately compromised by a malicious actor. It can also result from usage of AI technology by a malicious actor to facilitate creation and exploitation of vulnerabilities.

Cross-site leaks (XS leaks) are a class of web security vulnerabilities that allow hackers to obtain sensitive information from a user’s browsing session on other websites or web apps. Modern web applications share data through various features and APIs — a function attackers can exploit to access this user data.

On July 12th, 2023, SonicWall published a security advisory detailing fifteen security vulnerabilities in Global Management Suite (GMS) and Analytics. Among these vulnerabilities, Arctic Wolf has highlighted four in this bulletin which received a Common Vulnerability Scoring System (CVSS) rating of critical. The following vulnerabilities can allow an unauthenticated threat actor to view, modify, or delete data that the application is able to access.