Collaborate Disseminate
An Oxymoron : Static Analysis of a Dynamic Language (Part 2)
From client side JavaScript to server side NodeJs
Now that you have reached here after reading the prior post , lets switch contexts and examine the server side javascript… Continue reading An Oxymoron : Static Analysis of a Dynamic Language (Part 2)
An Oxymoron : Static Analysis of a Dynamic Language (Part 1)
What are the characteristics of a Dynamic Language (JavaScript)?
Benjamin Pierce classifies programming languages along two axes:
whether they are safe or unsafe and whether th… Continue reading An Oxymoron : Static Analysis of a Dynamic Language (Part 1)
Security researchers at Citadelo revealed an EL (Expression Language) based Injection vulnerability that enabled an authenticated actor to send a malicious payload (via API calls or intercepted Web request) that led to
privilege escalation … Continue reading VMWare vCenter takeover via vCloud Director (CVE-2020–3956 filed by Citadelo on June 1st, 2020)
The rise of GitOps comes from the industry’s increased adoption of Kubernetes. As organizations and teams shift towards Kubernetes, scaling their cluster management practices becomes imperative as teams and workloads grow in size. This is where G… Continue reading How GitOps Raises the Stakes for Application Security
Patch your Tomcat and JBoss instances to protect from GhostCat vulnerability (CVE-2020–1938 and CNVD-2020–10487)
Credits : https://www.chaitin.cn/
Identified as “GhostCat” and tracked as CVE-2020–1938 / CNVD-2020̵… Continue reading Patch your Tomcat and JBoss instances to protect from GhostCat vulnerability (CVE-2020–1938 and…
Evolving Threat series — Mining patterns to assess Insider Attacks (Part 3)
In the previous post we examined few of the published insider attacks over the current decade. In this post we attempt to mine, extract and classify patt… Continue reading Evolving Threat series — Mining patterns to assess Insider Attacks (Part 3)
Evolving Threat series — Insider Attacks case studies (Part 2)
In the last post we touched on formal definition and risks associated with Insider Threats.
In this post we will examine the top X insider threats that were repo… Continue reading Evolving Threat series — Insider Attacks case studies (Part 2)
Majority of security solutions focus on externally triggered unauthorized and illegitimate access to systems and information. Unfortunately, the most damaging malicious activity is the result of internal misuse within an organization, perhaps since far… Continue reading Evolving Threat series— Understanding Insider Attacks (Part 1)
Evolving Threat series — Bug bounties and the Cobra Effect
Have you ever tried to fix your cybersecurity posture, only to make things worse?
That’s called the Cobra Effect — when an well intentioned s… Continue reading Evolving Threat series — Bug bounties and the Cobra Effect
Evolving Threat series — Infiltrating Python’s Software Supply Chain
ZDNet published this interesting post 2 days ago titled “Two malicious Python libraries caught stealing SSH and GPG keys” which sets stage to … Continue reading Evolving Threat series — Infiltrating Python’s Software Supply Chain