Most Magento shops get compromised via vulnerable extensions
Vulnerable third party extensions (modules) are now the main source of Magento hacks, says security researcher and Magento forensics investigator Willem de Groot. “The …
web application security
IIS attacks surge from 2,000 to 1.7 million over last quarter
IIS, Drupal, and Oracle WebLogic web technologies experienced increased attacks in Q2 2018. According to a new threat report from eSentire, IIS attacks showed a massive …
DevOps and digital transformation initiatives are creating insecure apps
WhiteHat Security released its 2018 Application Security Statistics Report, “The Evolution of the Secure Software Lifecycle,” which identifies the security vulnerabilities and …
The ultimate fallout from the Facebook data breach could be massive
Less than a week ago, Facebook announced that unknown attackers have managed to string together three bugs affecting the social media platform, which allowed them to steal …
Python-based attack tools are the most common vector for launching exploit attempts
Hackers have an obvious predilection for Python-based attack tools, says Imperva. “When examining the use of Python in attacks against sites we protect, the result was …
Qualys Community Edition: Discover IT assets, manage vulnerabilities, scan web apps
In this podcast recorded at Black Hat USA 2018, Anthony Mogannam, Product Manager, SME/SMB Solutions at Qualys, talks about issues related to open source software and Qualys …
Access misconfiguration opens 3D printers to remote attacks
Spurred by a report coming from a regular reader, SANS ISC handlers Richard Porter and Xavier Mertens searched for OctoPrint interfaces for 3D printers exposed online and …
Data from 316 million real-world attacks in AWS and Azure environments
In evaluating 316 million incidents, tCell found it clear that attacks against the application are growing in volume and sophistication, and as such, continue to be a major …
Same web-based vulnerabilities still prevalent after nine years
Analysis of vulnerabilities discovered by NCC Group researchers over the last nine years found that instances of common web-based vulnerabilities have largely refused to fall …
Automating web app testing to secure your environment
In this podcast recorded at RSA Conference 2018, Dave Ferguson, Director, Product Management for Web Application Security at Qualys, talks about the challenges and benefits of …
