New Research: Apache Solr Parameter Injection

New Research: Apache Solr Parameter Injection

|
Apache Solr is an open source enterprise search platform, written in Java, from the Apache Lucene project. Its major features include full-text search, hit highlighting, faceted search, dynamic clustering, and document parsing. You treat it like a database: you run the server, create a collection, and send different types of ... Read More
Black Hat 2019

Live From Black Hat USA: Making Big Things Better the Dead Cow Way

When Reuters’ investigative reporter Joseph Menn confirmed that presidential candidate Beto O’Rourke was an early member of The Cult of the Dead Cow (cDc), it seemed as though folks had two viewpoints on it. They either had more respect for him because they understood what cDc was trying to accomplish, ... Read More
Live From Black Hat USA: The Inevitable Marriage of DevOps & Security

Live From Black Hat USA: The Inevitable Marriage of DevOps & Security

During her briefing with Kelly Shortridge, vice president of product strategy at Capsule8, Dr. Nicole Forsgren, research and strategy at Google, did a beautiful job of adding imagery to the story she told of the attendee reactions during the now-famous talk Paul Hammond and John Allspaw gave at Velocity in ... Read More
Live From Black Hat USA: Four Key Takeaways from Dino Dai Zovi's Keynote

Live From Black Hat USA: Four Key Takeaways from Dino Dai Zovi’s Keynote

"Did you know that your 20th Black Hat is when you get to give the keynote at Black Hat?" Dino Dai Zovi, head of security for Cash App at Square, joked to the packed ballroom. While it may have been Dai Zovi's 20th conference, the topic of his keynote has ... Read More
Live From Black Hat USA: Communication's Key Role in Security

Live From Black Hat USA: Communication’s Key Role in Security

The kick-off keynote for the 23rd Black Hat USA Conference in Las Vegas set the stage for the conversations that will undoubtedly be discussed in great detail over the next two days - and likely the next two years - if Black Hat founder Jeff Moss’ opening remarks are indicative ... Read More
Magis Spun Rotating Chair

Grasshoppers, Dead Cow, and Controlled Chaos: What We’re Looking Forward to at Black Hat USA

Usually, Black Hat USA is all the rage this time of year when it comes to Las Vegas; however, it seems the excitement about the show has been eclipsed by a grasshopper invasion. I admit, I was puzzled when my colleagues informed me of the news and proceeded to show ... Read More
Veracode Capital One Data Breach Coordinated Vulnerability Disclosure

Capital One Benefits From Responsible Disclosure Program Following Massive Data Breach

Capital One’s data breach may be one for the record books, impacting as many as 106 million U.S. and Canadian credit applicants dating back to as early as 2005. While it’s natural to want to draw parallels to the 2017 Equifax breach, there are a couple of details in this ... Read More
Veracode State of Louisiana 2019 Malware Attacks

State of Louisiana Declares State of Emergency Following Malware Attacks

On Wednesday, Louisiana Governor John Bel Edwards declared a state of emergency following a series of cyberattacks impacting the computer and phone systems of several of the state’s school districts. The declaration, which will remain in place for the entire state until Aug. 21, is out of concern that the ... Read More
Veracode British Airways GDPR Data Breach Fine

British Airways Faces £183m Fine Following Data Breach

The Information Commissioner’s Office (ICO) has handed British Airways what it claims is the biggest penalty – and the first to be made public under new rules – since the General Data Protection Regulation (GDPR) came into play last year. According to the ICO, 500,000 customers had their personal information ... Read More
Veracode Information Security Forum Security Assurance Research

Business-Focused Approach to Security Assurance Is More Evolution Than Revolution

According to a new research report from Information Security Forum (ISF), only 32 percent of its membership is satisfied with their security assurance program – though 80 percent say that they want to take a more business-focused approach to security. Given the ever-evolving threat landscape, security leaders understand that they ... Read More