Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

During a recent client engagement, the DGC penetration testing team identified a previously unknown vulnerability affecting the Autodesk Licensing Service, a software component bundled with nearly all licensed Autodesk products. The vulnerability exists in a software component common to most Autodesk products and impacts nearly all organizations using licensed Autodesk software in any capacity.

On July 14, 2021, WooCommerce issued an emergency patch for a critical vulnerability allowing an unauthenticated attacker to access arbitrary data in an online store’s database. WooCommerce is one of the most popular e-commerce platforms in the world and is installed on over five million websites. Additionally, the WooCommerce Blocks feature plugin, which is installed on more than 200,000 sites, was affected by the vulnerability and was patched at the same time.

Technology has shaped the world magnificently and has become a driving force for businesses and organisations. From academia to big enterprises, everyone is enjoying the perks of technological advancement in the form of applications, IoT devices, online shopping and businesses, portals, etc. including amateur to non-technical people, everyone now utilises some form of a networked-enabled communication system such as email, social media, etc.

The internet of things (IoT) is a highly developed space that is home to a vast amount of sensitive data, making it a very attractive target for cybercriminals. Threats and risks continue to evolve as hackers come up with new ways to breach unsecured systems -- posing a threat to the ecosystem itself. Let’s take a look at the leading threats and risks to the IoT and the associated vulnerabilities that must be secured.

NicheStack is a TCP/IP network stack commonly used in millions of Operational Technology (OT) devices around the world, including in critical infrastructure such as manufacturing plants, power generation/transmission/distribution, water treatment, and more. JFrog’s security research team (formerly Vdoo), together with Forescout Research Labs, recently discovered 14 new security vulnerabilities affecting the NicheStack TCP/IP stack.

Vulnerability scan reports are requested from a wide variety of people or entities for many different reasons. Historically a report meant a static snapshot of the scan data. Some company stakeholders may want an executive overview of the current vulnerabilities present in their environment. In contrast, others may want additional data points such as trending to reflect how well they have made progress in remediating previous vulnerability scans detected.

As insurance organizations look to attract and engage customers, the growing use of web applications has increased their cyber exposure and the risks of cyberattacks. In this benchmark study, we analyzed the attack surface of the top 10 insurers in Europe to highlight the common attack vectors and security weaknesses that could be exploited – from page creation method to vulnerable components – and our top tips for reducing web application security risks.