Categories
Uncategorized

Cracking the Code to a Successful Remediation Plan

Creating a remediation plan can be tricky. In fact, customers often tell us that it???s much easier to create a plan to help developers scan applications quickly and easily than it is to establish remediation goals. But if vulnerabilities aren???t remediated right away, there???s a higher chance that they will never be remediated. Our recent […]

Categories
Uncategorized

Frequency, Speed, and Accuracy Are a Match Made in AppSec Heaven

???Make it work, make it right, make it fast.??? These words from renowned software engineer Kent Beck will always ring true for developers, especially with the pace of development picking up, not slowing down. A GitLab survey from last year showed nearly half (43 percent) of respondents deploy software on-demand or multiple times per day […]

Categories
Uncategorized

Cyberthreats During the Pandemic Are on the Rise

With the sudden shift to digital that many businesses are facing in response to the pandemic, preventing cyberattacks is more important than ever. According to the FBI, attacks related to COVID-19 have increased 400 percent in recent months. And with data from Gartner showing that 74 percent of companies expect to maintain some level of […]

Categories
Uncategorized

Verizon Data Breach Investigations Report Finds an Increase in Web Application Breaches

Verizon recently published its 2020 Data Breach Investigations Report (DBIR), which analyzed 32,002 security incidents in 16 different industries and four different world regions. Similar to last year???s findings, the majority of breaches ??? 86 percent ??? are financially motivated, and most ??? 70 percent ??? are caused by outsiders. Credential theft, social attacks (i.e., […]

Categories
Uncategorized

Realigning Priorities and Building a Bridge Between Security and Development

It???s a common conundrum for application security (AppSec) teams??ヲhow can developers and security professionals work together to release software faster? It takes a working relationship, good communication, and the right tools, which most teams don???t have. Even more discouraging, stigmas follow both teams around the office; developers often worry that security is there to slow […]

Categories
Uncategorized

Announcing Our State of Software Security: Open Source Edition Report

Today, we published a special supplement to our annual State of Software Security report that focuses exclusively on the security posture of the open source libraries found in applications. Prominent in almost every application today, open source libraries allow developers to move faster by quickly adding basic functionality. In fact, it would be nearly impossible […]

Categories
Uncategorized

Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902

Update as of 10:00 A.M. PST, July 30, 2020: Our continued analysis of the malware sample showed adjustments to the details involving the URI and Shodan scan parameters. We made the necessary changes in this post. We would like to thank F5 Networks for reaching out to us to clarify these details. With additional insights […]

Categories
Uncategorized

Ensiko: A Webshell With Ransomware Capabilities

By Aliakbar Zahravi  Ensiko is a PHP web shell with ransomware capabilities that targets various platforms such as Linux, Windows, macOS, or any other platform that has PHP installed. The malware has the capability to remotely control the system and accept commands to perform malicious activities on the infected machine. It can also execute shell […]

Categories
Uncategorized

Updates on ThiefQuest, the Quickly-Evolving macOS Malware

By Steven Du, Gabrielle Mabutas, and Luis Magisa Right as July of this year began, we noticed an emerging malware dubbed by most as ThiefQuest (also known as EvilQuest), a threat that targets macOS devices, encrypts files, and installs keyloggers in affected systems.  It has been found in pirated versions of macOS shared on popular […]

Categories
Uncategorized

Patch Tuesday: Fixes for ‘Wormable’ Windows DNS Server RCE, SharePoint Flaws

There has been a common vulnerabilities and exposures (CVE) fixing trend in 2020 Patch Tuesdays. For instance, Microsoft has patched roughly more than 100 vulnerabilities per month in recent bulletins. Similarly, the July update issues 123 patches, including fixes in RemoteFX vGPU, Microsoft Office, Microsoft Windows, OneDrive, and Jet Database Engine. The patches address 18 […]