Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A Step-by-Step Guide to Preventing Javascript Injections

If over 40 major banks can be the target of JavaScript injection attacks, let’s be honest – so can you. In 2023, a malware campaign using this attack method affected 50,000 user sessions across more than 40 financial institutions worldwide, leaving many dev teams in pure damage-control mode. A large number of professional developers (especially front-end developers) use JavaScript more often than any other programming language.

The New Ransomware Trend - Targeting SMBs

The ransomware landscape is evolving with increased competition among threat groups and the emergence of new ransomware operations. However, victim organizations and potential targets are strengthening their security measures and procedures to prepare for potential ransomware attacks. Our latest quarterly report for Q1 2024 shows a significant decrease in ransomware incidents, down to 1,048 cases, representing a 22% decline compared to Q4 2023.

New Vulnerability in R's Deserialization Discovered

Security researchers have identified a vulnerability, CVE-2024-27322, in the R programming language that permits arbitrary code execution by deserializing untrusted data. This flaw can be exploited when loading RDS (R Data Serialization) files or packages, which are commonly shared among developers and data scientists. An attacker can craft malicious RDS files or packages containing embedded arbitrary R code, triggering execution on the victim’s device upon interaction.

Emerging Security Issue: Palo Alto Networks GlobalProtect PAN-OS Software CVE-2024-3400

While Palo Alto Networks has not released patches for all affected versions, CyCognito has conducted active tests across all customer realms and 97.5% of CyCognito customers’ affected devices are no longer exploitable.

How AppSentinels aligns with Gartner API Security Recommendations

The Gartner research paper “What You Need to Do to Protect Your APIs” outlines key requirements for bolstering API security measures. In this blog post, we’ll delve deeper into these requirements as introduced by Gartner, explain their significance, and demonstrate how AppSentinels offers comprehensive solutions for each requirement. As per Gartner, the second step is to assess the security of these APIs.

Cloud Disaster Recovery: A Complete Overview

The cloud provides multiple benefits for running services and storing data. Just like with data stored on-premises, data stored offsite and in the cloud should be backed up. Data stored in the cloud is not invulnerable by default, as the risk of data loss is still present due to accidental deletions and cloud-specific threats. At the same time, the cloud can be useful for disaster recovery.

Fax vs. Secure File Transfer: A Guide to Choosing the Right Method

Amid rising concerns over cybersecurity due to recent significant breaches, a number of institutions have surprisingly resorted to the fax machine for transmitting confidential data. This move may appear unconventional in an age where email encryption has seen substantial improvements. It naturally raises the inquiry: does fax boast superior security compared to email?

Third-Party Risk Management Policy Template (Free)

Organizations commonly rely on third parties such as vendors, suppliers, and other business partners to handle critical operations. While third-party relationships can provide many benefits, they also introduce a range of risks that can threaten data security, compliance, and business continuity. Therefore, it's crucial to recognize and manage these risks with a robust Third-Party Risk Management policy.

How to track and stop CVE-2024-3400: Palo Alto Networks API Exploit Causing Critical Infrastructure and Enterprise Epidemics

On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. A patch is expected to be available on April 14th. The advisory from Palo Alto is here. Palo Alto has marked this vulnerability as critical and NVD has scored it a 10.0 with CVSSv3. Wallarm currently detects attacks against this vulnerability with no additional configuration required.