What’s hiding in the shadows? It’s a well understood reality that unmanaged IT assets tend to be unmonitored IT assets, and that both introduce risk. Whether it’s a forgotten about application, or an unmanaged cloud storage volume, you can’t protect what you don’t know about. Attackers thrive on this fact, and specifically seek out such assets as points of entry. This is why it’s included in the OWASP APIsec Top-10 in the Improper Assets Management…
ImageMagick is a popular open-source image manipulation library used by many websites and software applications to process and display images. A couple of vulnerabilities have recently been discovered in ImageMagick by MetabaseQ. Two vulnerabilities CVE-2022-44267 and CVE-2022-44268 allow attackers to arbitrarily read files and cause DoS on the affected system. The payload to exploit this vulnerability is simple, which makes it easier for attackers to take advantage of the vulnerability. Example of first exploitation payload…
JSON Web Tokens (JWTs for short) are the new standard for transmitting identity information in the digital age. JWTs are JSON objects that act as an identifier for your user or application. They’re used to authenticate users and securely transmit secrets as part of an API, application, or service. They can contain claims that help prove to other parties that a particular person, user, or device belongs to the verified entity identified by the token.…
For tech innovators and security experts, what OWASP Top-10 says or predicts is much attention-worthy as this globally recognized document guide about the hidden and damage-causing security threats. As the year 2022 has begun, the people willing to learn about the latest security trends and worrisome threats must emphasize on the API security OWASP Top 10 2022. We have done the hard work for this. Read this article and figure out which cyber threats, as…
Quick update There are two vulnerabilities: one 0-day in Spring Core which is named Spring4Shell (very severe, exploited in the wild no CVE yet) and another one in Spring Cloud Function (less severe, CVE-2022-22963) Wallarm has rolled out the update to detect and mitigate both vulnerabilities No additional actions are required from the customers when using Wallarm in blocking mode When working in a monitoring mode, consider creating a virtual patch Spring4Shell Spring Framework is…
What are DDOS attack tools? DDOS attacks are cyber- attacks targeted at rendering certain computers, network systems and servers non-functional. The processes involved in its execution can be however complicated. Attackers have to carry out a long series of actions that involve social engineering, data breaches and sometimes even system testing. Due to the sophistication of these activities, tools have been developed to facilitate DDOS attacks for pen testers. Although, it is kind of two…
Subscribe for the latest news
Subscribe