Vulnerabilities
CSRF Vulnerability in NSA’s SkillTree Training Platform Discovered by Contrast IAST | Contrast Security
Contrast Security Assess — Contrast’s Interactive Application Security Testing (IAST) Application Security (AppSec) technology — has uncovered a vulnerability in a training platform called SkillTree that’s maintained on GitHub by the National ...
Avoiding Social Engineering Attacks to Prevent Financial Fraud
Social engineering attacks are a cybersecurity threat. These attacks, which involve manipulating individuals into divulging confidential information, have been on the rise and pose a substantial risk to businesses, particularly for financial ...
IoT Vulnerabilities and BotNet Infections: What Executives Need to Know
The Internet of Things (IoT) has revolutionized the way we interact with technology. From smart homes to connected cars, IoT devices have permeated every aspect of our lives. However, the proliferation of ...
Smashing Silos With a Vulnerability Operations Center (VOC)
VOC enables teams to address the vulnerabilities that present the greatest risk to their specific attack surface before they can be exploited ...
New Open SSH Vulnerability
It’s a serious one: The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a ...
Latest OpenSSH Vulnerability Might Impact 14M Linux Systems
Qualys this week reported the discovery of a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH servers (sshd) that could potentially impact more than 14 million Linux systems ...
Strategies to accelerate dependency management for modern enterprise software development
Contrary to common belief, security and productivity are not necessarily at odds in modern software development ...
Polyfill.io supply chain attack hits 100,000+ websites — all you need to know
In a significant supply chain attack, over 100,000 websites using Polyfill[.]io, a popular JavaScript CDN service, were compromised ...
Exploit creator selling 250+ reserved npm packages on Telegram
Recently, the Sonatype Security Research team identified more than 250 npm packages which are lucrative and convincing exploits, because these are named exactly like the open source projects coming from Amazon Web ...
Cybersecurity Insights with Contrast CISO David Lindner | 6/21/24
Insight #1 It’s easy to get distracted by listicles about the hottest IT security certifications that will boost your pay. But while IT security certifications can be a valuable asset, they shouldn't ...
