Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular open-source Java-based logging utility that’s seemingly used by most enterpri… Continue reading Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)

A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, fortunately, primarily to deliver coin miners. Reported to the Apache Software Foundati… Continue reading Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)

Data Security: Defending Against the Cache Poisoning Vulnerability

Do you trust your cache? To meet the demands of the end-users and speed up content delivery, content caching by web servers and content delivery networks (CDN) has become a vital part of the modern web. To explain how this can create vulnerabilities when it comes to data security requires first asking another question. Namely, […]

The post Data Security: Defending Against the Cache Poisoning Vulnerability appeared first on Security Intelligence.

Continue reading Data Security: Defending Against the Cache Poisoning Vulnerability

Blocked DDoS events up 75% in the first nine months of 2021

Radware has published results from its report which provides an overview of the DDoS attack landscape, application attack developments, and unsolicited network scanning trends. “More DDoS attacks were blocked during the first nine months of 2021 than a… Continue reading Blocked DDoS events up 75% in the first nine months of 2021

Organizations making security trade-offs in the push to innovate

The vast majority of organizations are increasing their investment in application security this year, but they continue to struggle to fully embrace secure innovation. A market study released by Invicti Security examines how companies are contending wi… Continue reading Organizations making security trade-offs in the push to innovate

OWASP Top 10 2021: The most serious web application security risks

The definitive OWASP Top 10 2021 list is out, and it shows that broken access control is currently the most serious web application security risk. How is the list compiled? “We get data from organizations that are testing vendors by trade, bug bo… Continue reading OWASP Top 10 2021: The most serious web application security risks

How to configure BurpelFish

I recently was doing a pentest and was continuously looking up translations for words, and thought “there has to be a better way…”. That is when I landed on BurpelFish, which adds a google translate context option to your BurpSuite’s right click. When … Continue reading How to configure BurpelFish

Application security tools ineffective against new and growing threats

A study by Fastly and ESG, based on insights from information security and IT professionals representing hundreds of organizations globally, revealed growing concerns around adequately securing the rapidly rising number of mission-critical cloud servic… Continue reading Application security tools ineffective against new and growing threats

Why Should You Audit Your Website for Security?

Just a cursory look at the cybersecurity statistics will show that data breaches are sky-rocketing year on year. Even organizations that have made investments in website security and follow all.
The post Why Should You Audit Your Website for Security? … Continue reading Why Should You Audit Your Website for Security?

Gaining Insights Is Fundamental for API Security

As enterprises continue their digital transformation journey in this Post-COVID era, applications are the engine that drives their business growth. Whether it’s a digital-first enterprise or one that is accelerating its digital transformation initiativ… Continue reading Gaining Insights Is Fundamental for API Security