A Complete Guide to Cloud-Native Application Security

Explore this comprehensive guide to application security, which provides an overview of the importance of embedding runtime application security controls in the application build workflow to protect cloud-native web applications and APIs...

ThreadBoat - Program Uses Thread Execution Hijacking To Inject Native Shell-code Into A Standard Win32 Application

Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application. About I developed this small project to continue my experiences of different code injection methods and to allow RedTeam security professionals to utilize this method as a unique way to perform software...

NestedFactory: Ensure zero msg.value if transferring from user and inputToken is not ETH

Handle GreyArt Vulnerability details Impact A user that mistakenly calls either create or addToken with WETH or another ERC20 as the input token, but includes native ETH with the function call will have his native ETH permanently locked in the contract. Recommended Mitigation Steps It is best to...

Best practices in WAF gateways to meet the demands of digital transformation

Every day, digital transformation is changing every organization’s threat landscape. As a result, they are facing a dilemma about where and how to deploy their application security solution. One of the most common approaches that organizations take is to deploy a reverse proxy security solution i...

Authentication flaw

An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed...

DOS attack possible for Token->ETH trades

Handle pmerkleplant Vulnerability details Impact Any user's trade from some token to a native token e.g. ETH can be DOSed if an attacker sends native tokens to the Executioner contract. If the attacker watches for trades, he/she could either make the whole trade fail or, depending on the...

Slingshot: Incorrect initial balance fetched for native token in executeTrades()

Handle hickuphh3 Vulnerability details Impact The executioner contract only supports ERC20ERC20 token trades. Native token swaps are supported by either wrapping / unwrapping the ERC20 wrapped native token before / after the trades respectively. When exchanging from the native token, the wrapping...

NewStart CGSL CORE 5.05 / MAIN 5.05 : bind Multiple Vulnerabilities (NS-SA-2021-0153)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has bind packages installed that are affected by multiple vulnerabilities: - In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on...

Evernote: 2 click Remote Code execution in Evernote Android

This vulnerability is similar to my previous reported vulnerability 1362313 , in here also weakness is path transversal vulnerability which helps me to acheive code execution but the root cause is different. some part of this app is written in java and some parts are written in react native. In...

CVE-2021-30358

Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent...

CVE-2021-30358

CVE-2021-30358 affects Check Point Mobile Access Portal Native Applications when the administrator configures a path with environment variables; the Mobile Access Portal Agent may run an arbitrary application from a crafted location. The issue arises due to how the agent handles environment-varia...

Networkit - A Growing Open-Source Toolkit For Large-Scale Network Analysis

NetworKit is an open-source tool suite for high-performance network analysis. Its aim is to provide tools for the analysis of large networks in the size range from thousands to billions of edges. For this purpose, it implements efficient graph algorithms, many of them parallel to utilize multicor...

Azure network security helps reduce cost and risk according to Forrester TEI study

As organizations move their computing from on-premises to the cloud, they realize that leveraging cloud-native security tools can provide additional cost savings and business benefits to their security infrastructure. Microsoft Azure network security offers a suite of cloud-native security tools ...

Azure network security helps reduce cost and risk according to Forrester TEI study

As organizations move their computing from on-premises to the cloud, they realize that leveraging cloud-native security tools can provide additional cost savings and business benefits to their security infrastructure. Microsoft Azure network security offers a suite of cloud-native security tools ...

IBM App Connect Enterprise Certified Container Information Disclosure Vulnerability

IBM App Connect Enterprise is an operating system from IBM Corporation. IBM App Connect Enterprise combines the existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native technology to provide a platform that meets the full integration needs of...

Fedora: Security Advisory for rust-cranelift-native (FEDORA-2021-1805eacb48)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

IBM App Connect Enterprise Certified Container 安全漏洞

IBM App Connect Enterprise is an operating system from IBM Corporation. IBM App Connect Enterprise combines the existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native technology to provide a platform that meets the full integration needs of...

[SECURITY] Fedora 34 Update: rust-cranelift-native-0.77.0-1.fc34

Support for targeting the host with Cranelift...

Fedora: Security Advisory for rust-cranelift-native (FEDORA-2021-68713440cb)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

A security architect’s POV on a mature data-centric security program, Part 2

In part one of this series, we explored the challenges associated with accessing and searching long-term retained database activity logs, and identifying sensitive customer data to comply with stricter compliance regulations. In this post, you’ll see through a security architect’s eyes the...