OWASP TOP 10: Insufficient Logging and Monitoring
Insufficient Logging and Monitoring is one of the categories on OWASP‘s Top 10 list and covers the lack of best practices that should be in…
Latest Cybersecurity News — Page 5697
View all →
How does Pentesting fit into your overall security strategy?
Digital transformation has proven that every business is now a software business. In fact, using digital technology to create new business methods, ideas, and experiences…
OWASP TOP 10: Broken Access Control
Update: Broken Access Control is proposed to be number one on the new OWASP Top 10 list of 2021. The group found that 94% of…
Scaling & Prioritizing Product Security with Zendesk
Zendesk, Inc. (NYSE: ZEN) is one of the fastest-growing customer support platforms in the world. With over 150,000 customer accounts representing nearly every industry across…
Ex-Uber CSO Avoids Prison Time for Concealing Data Breach
On Wednesday, an ex-Uber CSO was found guilty of federal charges related to payments he secretly approved to hackers who broke into the ride-hailing company…
OWASP TOP 10: XXE – Detectify Blog
Update: The new OWASP Top 10 of 2021 has been proposed, and the new list has moved XXE into the Security Misconfigurations group and ranks…
Twitter says ‘security incident’ exposed private Circle tweets
Twitter disclosed that a ‘security incident’ caused private tweets sent to Twitter Circles to show publicly to users outside of the Circle. Twitter Circle is…
New PaperCut RCE exploit created that bypasses existing detections
A new proof-of-concept (PoC) exploit for an actively exploited PaperCut vulnerability was released that bypasses all known detection rules. The PaperCut vulnerability, tracked as CVE-2023-27350, is…
Juneteenth: HackerOne’s Day for Action
Starting this Friday, June 19th will become HackerOne’s annual Day for Action. For Black Americans and communities of color around the globe, Juneteenth is a…
Over 2 Million WordPress Websites Exposed to XSS Attacks
Patchstack security researchers recently warned that ‘Advanced Custom Fields’ and ‘Advanced Custom Fields Pro’ WordPress plugins are at risk of cross-site scripting attacks (XSS). These…
Drupalgeddon 2.0 (CVE-2018-7600) – Detectify Blog
On March 28th, Drupal released a security update that fixes a critical remote code execution vulnerability nicknamed Drupalgeddon 2.0. Detectify scans your site for this…
Russian ‘Ghost Ships’ Identified Near the Nord Stream Blasts
In December 2020, security giant Mandiant revealed it had been hacked. Its disclosure was the first public sign of the SolarWinds hack, a Russian-orchestrated supply chain…