Attackers are always on the lookout to compromise digital identities. A successful account takeover allows a cybercriminal to impersonate a genuine user for monetization purposes. Enterprises large and small have utilized various means to secure someone’s digital identity, and credentials are the starting point. F5 Labs 2021 Credential Stuffing Report indicates that 1.8 billion credential…
Read MoreAPIs Power Applications—and Pose Security Challenges Application programming interfaces (APIs) form the chassis for modern applications. They are interfaces to software components that developers use to integrate valuable information into their applications (like Google Maps in a rideshare app or YouTube videos into a webpage) and they are everywhere—even in security products. APIs are key…
Read MoreFortinet warns of a critical SQL Injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code on vulnerable FortiClientEMS software. Update March 21: The Analysis section has been updated to include confirmation by Fortinet that in-the-wild exploitation of this flaw has been observed. View Change Log Background On March 12, Fortinet published an…
Read MoreAugust Port Scan Data F5 Labs also analyzes data for TCP ports other than 80 and 443 from the Efflux network. The top 10 ports for August 2022 follow patterns we’ve been seeing for years, with port 5900 (VNC) topping the list, followed by a collection of ports used mainly for remote access (ssh, telnet,…
Read MoreIf we think about vulnerabilities in this way, as a matter of action signaling, then malicious actors are, in their own malicious way, members of our audience. Applications are engineered to function, but they are designed to signal. The specific ways we design apps tell our audience how we expect them to act. When we…
Read MoreThe title of this report is not a typo. “The State of the State of Application Exploits in Security Incidents” is a meta-analysis of several prominent industry reports, each of which covers the state of application security, hence the name, “the state of the state of.” This report is both an attempt to stitch together…
Read MoreApply appropriate patches and workarounds provided by Atlassian to vulnerable systems, immediately after appropriate testing. (M1051: Update Software)o Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.o Safeguard…
Read More‘We’re not trying to do everything and be a jack of all trades. There’s so much growth and so much opportunity with ServiceNow now. And even in the past few years, when I wasn’t fully focused on ServiceNow, I lived in that world. Literally, I found that I kept turning my clients to ServiceNow,’ Astrica…
Read MoreThere are several interesting developments in this plot other than the emphasis on CVE-2018-13379, the vulnerability in the Fortinet SSL VPNs . After growing in prominence to second rank in June and occupying top spot in July and August, CVE-2020-8958 dropped in attack frequency in September to occupy the fourth spot. September was also the…
Read MoreHealthcare may be the first industry that springs to mind for many people when thinking about sectors that have had to suddenly, dramatically adjust due to the COVID-19 pandemic. But ask parents around the world, and they’ll likely say “education.” The traditional classroom was turned on its head in a matter of weeks, and some…
Read More