Please turn on your JavaScript for this page to function normally.

web application security

industry
Web-based PLC malware: A new potential threat to critical infrastructure

A group of researchers from Georgia Tech’s College of Engineering have developed web-based programmable logic controller (PLC) malware able to target most PLCs produced …

Apache Struts
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)

The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code …

3CX
3CX compromise: More details about the breach, new PWA app released

3CX has released an interim report about Mandiant’s findings related to the compromise the company suffered last month, which resulted in a supply chain attack targeting …

free cybersecurity resources
7 free cybersecurity resources you need to bookmark

CodeSec CodeSec is a CLI based tool which brings Contrast’s enterprise-level security testing right to your laptop. It allows you to run real-time SAST or Serverless …

code
Teams that shift security left and focus on attackability ship more secure code

ShiftLeft released its second annual AppSec Progress Report documenting critical trends in application security and how organizations are shifting security left to deal with …

fire
WAFs can’t give organizations the security they need

Cymulate reveals that web application firewalls are the least effective security solutions, making them prime target for adversaries and high risk points for organizations. …

mobile apps
Web app attacks are skyrocketing, it’s time to protect APIs

Web app attacks against UK businesses have increased by 251% since October 2019, putting both organizations and consumers at risk, an Imperva reserach reveals. In a study of …

Log4j
The Log4j JNDI attack and how to prevent it

The disclosure of the critical Log4Shell (CVE-2021-44228) vulnerability and the release of first one and than additional PoC exploits has been an unwelcome surprise for the …

Log4j
Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular …

Log4j
Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)

A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, …

DDoS
Blocked DDoS events up 75% in the first nine months of 2021

Radware has published results from its report which provides an overview of the DDoS attack landscape, application attack developments, and unsolicited network scanning …

reload
Organizations making security trade-offs in the push to innovate

The vast majority of organizations are increasing their investment in application security this year, but they continue to struggle to fully embrace secure innovation. A …

Don't miss

Cybersecurity news