We just passed the one-year anniversary of Equifax’s announcement of their massive data breach due to an exploit of an Apache Struts vulnerability (CVE-2017-5638) – and incidentally, at nearly the same time that Apache announced another critical Apache Struts security flaw (). The latest Apache Struts vulnerability, CVE-2018-11776, was published in NVD on August 22,
The newly named Peekaboo vulnerability is a zero-day flaw in China-based Nuuo’s video recorder technology.The flaw in NVRMini2, a network-attached storage device, has remained unfixed in the three months since the vendor was alerted. This vulnerability put internet-connected CCTV cameras at risk, a grave concern for organizations using the service to view and manage
On Tuesday, security researcher Brian Krebs announced an issue with a service offered by Government Payment Service Inc. called GovPayNow. This service is used by U.S. state and local governments across 35 states, and it looks like it exposed 14 million customer records online. Whose records did they have, and what records were exposed? Government
Today, in an effort to better understand the evolving nature of software delivery and the role security plays, we released a new report, “Managing Software Exposure: Time to Fully Embed Security into Your Application Lifecycle,”which we commissioned with FreeForm Dynamics in coordination with The Register. The report aggregates input from 183 respondents worldwide, the majority
Software is at the backbone of the digital transformation We live in a world of massive digital transformation. The technical backbone of this transformation is software. Software can be found everywhere. It is in our homes, in our phones, and in our businesses. Over 80% of the code in today’s software applications is open source.