In cybersecurity, the things to consider are endless. Before we get ahead of ourselves, let’s make sure we fully understand three fundamental concepts of security: In this article, we’ll look at these security concepts in depth and hear from industry experts. (For the latest and greatest in all things security, check out the Splunk Security Blog & these Cybersecurity and InfoSec Events & Conferences.)
Meet Shathak – a threat group tied to malware used in the Russian-speaking underground targeting enterprises across different sectors in the Americas, Europe and Asia
In the middle of March 2022, Zenity research team discovered a sandbox-escape vulnerability in Code by Zapier, a service used by Zapier to execute custom code as part of a Zap. Exploiting this vulnerability, any user could take full control over the execution environment of their entire account allowing them to manipulate results and steal sensitive data. For example, a Zapier user could take control over the admin’s custom code execution environment.
On 28th of August fortbridge.co.uk reported a vulnerability in csurf middleware – expressjs supporting library that enables CSRF protection in expressjs. As of 13th of September csurf library has been deprecated with no plans to fix the vulnerabilities. There is no viable alternative for csurf middleware now.
Security and compliance has a major role in every organization. Businesses are nothing without the trust and loyalty of their customers, and for many companies — from early-stage startups to multinational corporations — winning that trust starts by demonstrating that you have the correct security controls in place. Internationally-recognized compliance standards, such as ISO 27001, PCI-DSS, and SOC 2, make up the industry-standard goals that most businesses and organizations pursue.
September 14, 2022: Check out our new and improved cheat sheet for containerizing Node.js web applications with Docker! Are you looking for best practices on how to build Node.js Docker images for your web applications? Then you’ve come to the right place! The following article provides production-grade guidelines for building optimized and secure Node.js Docker images. You’ll find it helpful regardless of the Node.js application you aim to build.
SMTP Injection vulnerabilities are often misunderstood by developers and security professionals, and missed by static analysis products. This blog will discuss how common SMTP Injection vulnerabilities can exist in libraries and applications, and provide tips for finding and remediating them quickly.
