%term

NetSPI Finds a Power Platform Vulnerability. 4 Things to Do About It

Apr 2, 2023 By Andrew Silberman In Zenity

Recent research from penetration testing company NetSPI found that Azure on-premises data gateways allow Power Platform and Power BI to access customer resources and databases. Threat researchers found that these gateways can communicate with Power Platform through an Azure service called Azure Relay (previously known as Azure Service Bus).

Read Post

Zenity

Read more about NetSPI Finds a Power Platform Vulnerability. 4 Things to Do About It

A First Look at the Updated OWASP API Security Top 10

Apr 1, 2023 By Yaniv Balmas, VP of Security Research In Salt Security

As the pioneer in API security, Salt Security worked closely with the Open Web Application Security Project (OWASP) to help identify, define, and educate the security community about API security threats. In fact, Salt was a key contributor to the original OWASP API Security Top 10 list, released in 2019. The OWASP API Security Top 10 list has had a tremendous impact on the industry, increasing awareness and educating organizations on the fastest-growing API security threats. Given the significance of this list, Salt has been actively involved in the foundation's updated 2023 mapping. We are thrilled to see the publication of the initial release candidate.

Read Post

Salt Security

Read more about A First Look at the Updated OWASP API Security Top 10

The Snyk Perpetual Key Rotation Machine

Apr 1, 2023 By Megan Moore In Snyk

At Snyk, we think of developers as citizens of a special community. In that community, your collection of apps is your neighborhood — and your code is your home base; your house. How do you secure a house? With a lock! And how do you make sure no one else can unlock that lock? You keep the key! That’s security ideation at its finest: keys. Just ask Vinz Clortho, Keymaster of Gozer.

Read Post

Snyk

Read more about The Snyk Perpetual Key Rotation Machine

Creating Trust in an Insecure World: Strategies for Cybersecurity Leaders in the Age of Increasing Vulnerabilities

Mar 30, 2023 By Noah Stone In BitSight

Vulnerabilities are on the rise, and it's not just the number that's growing; the severity of these vulnerabilities is also increasing. Cybercriminals are taking advantage of these vulnerabilities to launch sophisticated attacks, leading to data breaches, ransomware, and other devastating cyber incidents.

Read Post

BitSight

Read more about Creating Trust in an Insecure World: Strategies for Cybersecurity Leaders in the Age of Increasing Vulnerabilities

AWS in 30 recap

Mar 29, 2023 By Erin Cullen In Snyk

Last month, Lead Partner Solutions Architect, David Schott, presented a demo on how Snyk works alongside Amazon Web Services (AWS) to identify vulnerabilities at every level of development and infrastructure. David covered why agile development in the cloud requires a different security approach than simply using the IT security methods of the past. Then, he showed a real-time example of how Snyk’s AWS cloud security tools can find and mitigate common vulnerabilities.

Read Post

Snyk

Read more about AWS in 30 recap

Tanium #sbom finds vulnerable components like #log4j buried in apps #cybersecurity #short

Mar 29, 2023 By Tanium In Tanium

View Video

Tanium

Read more about Tanium #sbom finds vulnerable components like #log4j buried in apps #cybersecurity #short

Code Intelligence Uncovers Expression Denial of Service Vulnerability in Spring - CVE-2023-20861

Mar 28, 2023 By Code Intelligence In Code Intelligence

Affected applications are at a higher risk of severe availability issues.

Read Post

Code Intelligence

Read more about Code Intelligence Uncovers Expression Denial of Service Vulnerability in Spring - CVE-2023-20861

Traffers and the growing threat against credentials

Mar 28, 2023 By Beatriz Pimenta and Jacobo Blancas In Outpost 24

The Rising Threat of Traffers report, compiled by Outpost24’s Threat Intelligence team, KrakenLabs, provides a deep dive into the credential theft ecosystem, and encourages organizations to evaluate their security measures against these evolving threats. In recent years, the theft of credentials has evolved into a highly professionalized cybercriminal activity.

Read Post

Outpost 24

Read more about Traffers and the growing threat against credentials

Avoiding mass assignment vulnerabilities in Node.js

Mar 28, 2023 By Benson Kuria Macharia In Snyk

Mass assignment is a vulnerability that allows attackers to exploit predictable record patterns and invoke illegal actions. Mass assignment usually occurs when properties are not filtered when binding client-provided data-to-data models. Vulnerabilities of this type allow an attacker to create additional objects in POST request payloads, allowing them to modify properties that should be immutable.

Read Post

Snyk

Read more about Avoiding mass assignment vulnerabilities in Node.js

27 Most Notorious Hacks in History that Fall Under OWASP Top 10

Mar 28, 2023 By Venkatesh Sundar In Indusface

Hacks and data leaks have affected many major players in recent years, including AT&T Vendor(9 Million accounts), T-Mobile (37 Million accounts), JD Sports(10 Million), MyDeal (2.2Million), Dropbox (nearly 69 million accounts), Flagstar bank (1.5 Million) and eBay (145 million). Those were bad. But not the worst. What are the most notorious hacks in history? They’re subject to debate, but these 27 attacks categorized under OWASP Top 10 would be strong candidates for the title.

Read Post