Cybersecurity Insights with Contrast CISO David Lindner | 5/24/24

Cybersecurity Insights with Contrast CISO David Lindner | 5/24/24

Insight #1 Tool consolidation continues, with Palo Alto’s plans to absorb IBM's QRadar software. This movement will continue and makes sense for the consumers of security software, as well. The reasons are ...
Cybersecurity Insights with Contrast CISO David Lindner | 5/17/24

Cybersecurity Insights with Contrast CISO David Lindner | 5/17/24

Insight #1 Would you rather a. keep finding more vulnerabilities and building that security backlog until it leads your organization to a crisis like that at the National Vulnerability Database (NVD), or ...
Cybersecurity Insights with Contrast CISO David Lindner | 5/10/24

Cybersecurity Insights with Contrast CISO David Lindner | 5/10/24

Insight #1 The Cybersecurity and Infrastructure Security Agency’s (CISA’s) Known Exploited Vulnerabilities (KEV) list is shown to increase speed of fixing vulnerabilities, but Verizon’s  Data Breach Investigations Report (DBIR) also shows that ...
an open book.

Identity, Credential Misconfigurations Open Worrying Security Gaps

A report found more than 40 million exposures are impacting 11.5 million critical business entities, with more than half related to cloud platforms ...
Security Boulevard
Cybersecurity Insights with Contrast CISO David Lindner | 5/3/24

Cybersecurity Insights with Contrast CISO David Lindner | 5/3/24

Insight #1 Here we go again: Verizon’s new Data Breach Investigations Report (DBIR) is out, and once again,  unauthorized uses of web application credentials and exploits of vulnerabilities in web applications are ...
Picture1

Understanding and Mitigating the Fedora Rawhide Vulnerability (CVE-2024-3094)

CVE-2024-3094 is a reported supply chain compromise of the xz libraries. The resulting interference with sshd authentication could enable an attacker to gain unauthorized access to the system. Overview Malicious code was ...
Getting rid of a 20+ year old known vulnerability: It’s like a PSA for Runtime Security

Getting rid of a 20+ year old known vulnerability: It’s like a PSA for Runtime Security

On Wednesday, March 27, CISA and the FBI issued a cry for help: We need to stamp out SQL injection vulnerabilities, and we need to do it yesterday, they said in a ...

Imperva Customers are Protected Against New SQL Injection Vulnerability in WordPress Plugin

A critical security flaw, identified as CVE-2024-1071, was discovered in the Ultimate Member plugin for WordPress, affecting over 200,000 active installations. This vulnerability has a high severity CVSS score of 9.8 and ...

Several OpenJDK Vulnerabilities Fixed

Recently, several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking of sensitive data to log files, denial of service, or bypass of sandbox ...
Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery

Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery

On January 16, 2024, Atlassian disclosed a critical vulnerability affecting Confluence Data Center and Confluence Server, tracked as CVE-2023-22527. The vulnerability is an unauthenticated OGNL injection bug, allowing unauthenticated attackers to execute ...