Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The holidays are coming up quickly and while many of us are looking forward to getting some human downtime (not technical), some may be feeling the pressure and some stress to make sure everything that needs to be done by the end of the year is in fact done by then, especially with the ongoing log4j aka log4shell security fires happening.

The vulnerability, dubbed CVE-2021-43798 impacted the Grafana dashboard, which is used by companies around the world to monitor and aggregate logs and other parameters from across their local or remote networks. The privately reported bug became a leaked zero-day but was first spotted by Detectify Crowdsource hacker Jordy Versmissen on December 2, after which Grafana was notified by Detectify about the bug.

Thanks to Detectify Crowdsource hackers, Detectify quickly developed a security test to detect Critical vulnerability CVE-2021-44228 Apache log4j RCE. This vulnerability has set the internet alight over the past few days. Right now, exploit developers and security researchers are still understanding the potential capabilities provided by the vulnerability. Detectify received a working POC for this critical 0-day vulnerability from the Crowdsource community on Friday.

Detectify co-founder and expert bug bounty hunter Fredrik Nordberg Almroth (@almroot) recently spoke at Hack Your Stockholm, our first in-person event after a 2-year hiatus, addressing the issue of the growing attack surface of companies and how it is the most pressing issue facing CISOs today. He recaps his thoughts in this post.

Global organizations are working towards making data privacy a fundamental right. However, as the privacy paradigm shifts to a digital world, businesses are more exposed than ever before. That’s because security has not been the focus of this revolution in IT infrastructure.

STOCKHOLM, SWEDEN – Detectify, the SaaS security company powered by ethical hackers, announces new product names for the core products developed for security teams defending medium to large enterprise companies. On November 11th, the product names will be switched from Asset Monitoring to Surface Monitoring, and where you previously saw Deep Scan you will now see Application Scanning.

It takes a crowd to secure the attack surface. Detectify collaborates with the Crowdsource ethical hacker community to power a fully automated external attack surface management solution. This is a guest blog post from Crowdsource hacker Luke “hakluke” Stephens on why he believes crowdsourced security is now a necessity.

SSL/TLS certificates make the internet a safer place, but many companies are unaware that their certificates can become a looking glass into the organisation – potentially leaking confidential information and creating new entry points for attackers.

When was the last time you checked DNS configurations for subdomains pointing at services not in use? According to Crowdsource ethical hacker Thomas Chauchefoin, while expired and forgotten subdomains can easily become an entrypoint for an attacker to steal sensitive data, a robust attack surface management programme in place can keep them at bay.