EUVD-2014-9267

Malware in sbrugna...

ROS-2-1581

2.1581 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

Stopping Active Attacks with Penalty Box

Unfortunately, today's sophisticated web application threats have gained some advantages over typical WAFs: Favorable odds -- WAFs must correctly identify attacks 100% of the time, whereas attackers have the luxury of only needing to find a single bypass or evasion Temporary fixes -- Many WAFs us...

The Catch 22 of Base64: Attacker Dilemma from a Defender Point of View

Web application threats come in different shapes and sizes. These threats mostly stem from web application vulnerabilities, published daily by the vendors themselves or by third-party researchers, followed by vigilant attackers exploiting them. To cover their tracks and increase their attack...

Securing Modern Web Applications: Threats and Types of Attacks

Web Application Firewalls are the most advanced firewall capabilities available to IT teams. Deploying the appropriate WAF is important, especially these days when the security threat landscape is changing so rapidly. In a previous post, we introduced Web Application Firewalls: Securing Modern We...

Experts Agree: No Easy Fix For Mobile Security

SAN FRANCISCO — Mobile phones, tablet PCs and other new technologies are poised to take over the workplace, but organizations that hope to secure them before they do so face an uphill battle, according to a symposium on mobile security. Experts at the half day mobile security event on Monday warn...