ModSecurity is an open-source web application firewall (WAF) engine maintained by Trustwave. This blog post discusses multiple input interpretation weaknesses in the ModSecurity project. Each input interpretation weakness could allow a malicious actor to evade some ModSecurity rules. Both ModSecurity v2 and ModSecurity v3 were affected. The issues have been addressed in v2.9.6 and v3.0.8, respectively.
The growing number and diversity of connected devices in every industry presents new challenges for organizations to understand and manage the risks they are exposed to. Most organizations now host a combination of interconnected IT, OT and IoT devices in their networks that has increased their attack surface.
The number of cybersecurity events faced by companies and businesses across the globe has grown exponentially since the pandemic began. Without adequate network security monitoring practices and around-the-clock monitoring in place, the chances of a cyber incident happening are highly likely. However, not all companies can afford to have a team of highly trained network admins watching over their network 24×7.
When your web browser accesses a website, it needs to first translate the friendly URL (such as Netwrix.com) to the public server IP address of the server that hosts that website. This is known as a DNS lookup. Traditional DNS is unencrypted, unlike modern HTTPS web traffic that’s almost entirely secured via HTTPS these days.
“Knowing what’s on your network is the first step for any organization to reduce risk.” -CISA Director, Jen Easterly. On October 3, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks.
Hybrid cloud computing enables organizations to deploy sensitive workloads on-premise or in a private cloud, while hosting less business-critical resources on public clouds. But despite its many benefits, the hybrid environment also creates security concerns. AlgoSec’s co-founder and CTO, Prof. Avishai Wool shares his expert insights on these concerns and offers best practices to boost hybrid cloud security.
