Breaking News

•••  All important news related to new attacks and see the solutions we can offer you  •••


SecOps Teams Wrestle with Manual Processes, HR Gaps

Read the original article here
Cyber Defense

Only about half of enterprises are satisfied with their ability to detect cybersecurity threats, according to a survey from Forrester Consulting – with respondents painting a picture of major resource and technology gaps hamstringing their efforts to block cyberattacks.

Find out how C2C Professional Services can help you

Mozi: An IOT attack botnet

Cyber Defense

X-Force researchers Dave McMillen, Wi Gao, and Charles DeBeck have published their work on the Mozi botnet and how it has spiked lately in attacks on IoT devices.
First discovered in late 2019, Mozi shares code with Mirai and its variants and accounted for nearly 90% of the observed IoT network traffic from October 2019 through June 2020.

Contact us for a test with Cymulate Breach and Attack Simulation

Drupal addressed XSS and information disclosure flaws

Read the original article here
Software Security

Drupal maintainers addressed several information disclosure and cross-site scripting (XSS) vulnerabilities in the popular content management system (CMS).

The most severe issue, tracked as CVE-2020-13668, is a critical reflected XSS issue affecting Drupal 8 and 9. Let’s remind that Drupal uses the NIST Common Misuse Scoring System to determine the severity of the vulnerabilities, in this system critical comess after highest level that is “highly critical”.

“An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.”

Test your CMS with our Nextgen DAST to discover if your website is vulnerable

Penetration risk report finds cloud service providers far more secure than enterprises

Read the original article here
Cyber Defense

The 2020 Penetration Risk Report also says cloud environments are most vulnerable to two types of attacks: security misconfigurations and cross-site scripting. This year's report also found that large enterprises are 46% more likely to experience a data breach than large cloud providers.

Please see the solutions we offer that will enable you to find and test your assets

Testing & Automation Pay Off for NSA's DevSecOps Project

Read the original article here
Software Security

Communication with stakeholders, extensive testing, and robust automation pays dividends for military intelligence agency, one of several presenters at GitLab's virtual Commit conference.

Read more about our state of the art DAST and SAST solutions

'Next-Gen' Open Source Component Attacks Surge 430%

Read the original article here
Software Security

As commercial and enterprise software developers become more disciplined about keeping their open source software components updated to reduce the risk of software supply chain attacks, the bad guys are getting craftier: Researchers warn that they're over-running open source projects to turn them into malware distribution channels.

It used to be that attackers simply preyed on existing vulnerabilities within well-used open source components, with the understanding they could victimize the many organizations relying on outdated dependencies. Attackers are now more frequently getting proactive by infiltrating open source projects to seed them with compromised components that they can pounce on once they're downloaded and used by unsuspecting organizations.

Contact us for more information about Checkmarx SCA

Fuzzing Services Help Push Technology into DevOps Pipeline

Read the original article here
Software Security

As part of a continuous testing approach, fuzzing has evolved to provide in-depth code checks for unknown vulnerabilities before deployment.

As companies have shifted security left, putting more security checks into the development pipeline, fuzz testing, or "fuzzing," has largely continued to remain outside the main software development lifecycle.
This year, that seems to have changed. DevOps lifecycle firm GitLab announced in June that the company had acquired two organizations, Peach Teach and Fuzzit, to bolster its own capabilities by providing continuous and periodic protocol fuzzing.

Read more about the Neuralegion NexGen Fuzzer