Threat
Emerging Public Cloud Security Challenges in 2020 and Beyond
According to last year’s Gartner forecast, public cloud services are anticipated to grow to $USD 266.4 billion by the end of this year, up from $USD 227.8 billion just a year ago ...
Top 10 risks to include in an information security risk assessment
An ISO 27001 risk assessment should have five key steps. In this blog, we look at the second step in the process: identifying the risks that organisations face. How to identify threats You ...
85% of Developers in the Technology Industry Deploy Daily, Yet 8 in 10 Aren’t Going Fast Enough
Organizations aspire to reach perfection and often look to emulate best practices of peer organizations to do so. When it comes to software development, global technology leaders like Google, Amazon, Uber, Apple, ...
Authenticated Remote Code Execution in OpenMRS
Early in May of 2020, Contrast Labs was exploring different ways in which we could help the community or world combat the increase in attacks against medical and testing facilities. We decided ...
XML External Entity (XXE) Pitfalls With JAXB
The Java XML Binding (JAXB) runtime that ships with OpenJDK 1.8 uses a default configuration that protects against XML external entity (XXE) attacks. Contrast researched this secure default configuration and found that ...
Joint Cybersecurity Advisory on Threat Hunting and Incident Response Released
A joint cybersecurity advisory released on September 1st detailed technical methods for uncovering and responding to malicious activity including best practice mitigations and common missteps. A collaborative effort, this advisory (coded AA20-245A) ...
Beating the Emotet Malware with SSL Interception
Guest post by Adrian Taylor, Regional VP of Sales for A10 Networks The Emotet trojan recently turned from a major cybersecurity threat to a laughingstock when its payloads were replaced by harmless animated ...
Countering Cybercrime in the Next Normal
Guest post By Tom Kellermann, Head of Cybersecurity Strategy, VMware Carbon BlackCOVID-19 has reshaped the global cyberthreat landscape. While cyberattacks have been on the rise, the surge in frequency and increased threat ...
Contrast Labs: Apache Struts CVE-2019-0230 and How to Block Attacks
Note: Special thanks to Alvaro Muñoz (https://twitter.com/pwntester) for correcting us on some very important technical facts in our original copy of this blog ...
Book Review: Crime Dot Com, From Viruses to Vote Rigging, How Hacking Went Global
I had the great delight of reading Geoff White’s new book, “Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global”, I thoroughly recommend it. The book is superbly researched ...
