By their very nature, web applications are constantly exposed to a wide range of attacks by cybercriminals, which is why web applications are a part of 26% of all breaches. Attackers continuously scan these exposed applications for known vulnerabilities, gathering intelligence to stage an attack. Once they have a significant collection of possible targets for […]
Imagine you have to check for danger on the other side of an impassable mountain you cannot walk around. What would you do? A low-tech solution would be to tunnel through and have a look. Swing by swing with a pickaxe to break the stone, and then shovel by shovel to haul the broken rock […]
Regardless of how diligent a development team is or how many security checks they run in their development environments, vulnerabilities will creep into production systems — and the very complex and ever-evolving nature of today’s production environments requires modern application security testing capabilities. The software security and quality challenge affects everyone. And without secure software, […]
Organizations spend a significant amount of time on security alerts that turn out to be false alarms. Research indicates that nearly 20% of alerts are not genuine, leading to wasted time on investigations instead of focusing on proactive security measures to enhance overall security. This is partly due to the fact that 59% of security […]
The NIST cybersecurity framework has been a go-to resource for defining cybersecurity strategies, policies, and activities ever since version 1.0 was published back in 2014. Originally intended specifically for US companies operating critical infrastructure, it soon gained popularity across all industries and is used by CISOs worldwide. February 2024 saw the launch of version 2.0 […]
What you need to know The xz-utils package in versions 5.6.0 and 5.6.1 includes a malicious backdoor that could, in specific circumstances and configurations, allow remote access to SSH sessions for remote code execution (RCE) on selected Linux systems. As a precaution, all Linux users are advised to ensure their xz-utils version is earlier […]
Focused on detection and response, security leaders might not think of DAST tools as an essential component of their AppSec toolbox. All too often, external vulnerability scanning is only performed during periodic third-party tests, giving you snapshots of your security posture that can be months out of date. What if you could run your own […]
In the first two installments of this blog series (Part 1 and Part 2), we explored some high-level concepts related to browser extensions and their security implications and then how we went about analyzing them. In this third blog we explore some of our findings and general recommendations on whether or not you should click […]
Recently, the cybersecurity world has been abuzz with discussions about Phemedrone, a newly emerged stealer exploiting the CVE-2023-36025 vulnerability in Microsoft Windows Defender SmartScreen. The project was most recently available on GitHub; however, the project was taken down, and the associated account was removed. Active development still occurs via Telegram. Phemedrone distinguishes itself as a […]
Searching for bad actors within your organization can be challenging, like trying to find a needle in a haystack. To uncover these bad actors, we can utilize anomaly detection using the Splunk Platform (specifically Splunk Cloud Platform or Splunk Enterprise). By leveraging lookups, averages, and standard deviations, we can create behavior profiles and accurately identify […]
We hate spam, we obviously will not spam you!
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC
