Application Security in 2022: Where Are We Now?

It’s always a good thing to take a step back every once in a while to take the lay of the land. Like you, we are always working at a breakneck pace to help secure the web applications being built today and ready ourselves to secure the innovations of the future. When Forrester put out The State o...

API Security: Best Practices for a Changing Attack Surface

API usage is skyrocketing. According to the latest State of the API Report, API requests increased by 56% last year to a total of 855 million, and Google says the growth isn’t expected to slow any time soon. APIs – short for application programming interfaces – are a critical component of how...

What Are Shadow IDs, and How Are They Crucial in 2022?

Just before last Christmas, in a first-of-a-kind case, JPMorgan was fined $200M for employees using non-sanctioned applications for communicating about financial strategy. No mention of insider trading, naked shorting, or any malevolence. Just employees circumventing regulation using, well, Shado...

How Threat Exposure Management Can Minimize Attack Surface

...

Malicious Basket Could Be Used To Rug Fractionalized Token Holders

Lines of code Vulnerability details Proof-of-Concept The NibblVaultFactory.createVault accepts any NFT address or any Basket address. Therefore, an attacker could pass a malicious basket address during vault creation. function createVault address assetAddress, address curator, string memory name,...

Trend Micro CEO Discusses Need for a Unified Cybersecurity Platform

In the face of evolving cyberattacks, an ever-expanding digital attack surface, and a global skills shortage, organizations need a more unified approach to managing cyber risk. Trend Micro co-founder & CEO Eva Chen discusses our vision and strategy for delivering a unified cybersecurity platform...

CVE-2020-36549 GE Voluson S8 Windows Operating System Patches privileges management

A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the local network is required for this attack to succeed...

Addressing Cyber Risk with a Unified Platform

Hear from guest speaker, Forrester analyst, Allie Mellen, as she shares insights and advice on the factors firms should consider when looking at leveraging a security platform for managing the attack surface lifecycle...

CVE-2022-2037

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0...

CVE-2022-2037

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0...

CVE-2022-2037 Excessive Attack Surface in tooljet/tooljet

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0...

CVE-2022-2037

CVE-2022-2037 affects ToolJet (tooljet/tooljet) before v1.16.0. The vulnerability is described as an Excessive Attack Surface. Severity varies by source (NVD CVSS2/3.1 reports base scores up to 8.0/9.8 in CNA data). A fix exists in v1.16.0 and later; upgrade to 1.16.0+ to mitigate. Technical deta...

CVE-2022-2037 Excessive Attack Surface in tooljet/tooljet

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0...

Taming the Digital Asset Tsunami

Internet Protocol IP addresses and the devices, web services and cloud assets behind them are the lifeblood of modern businesses. But too often companies amass thousands of digital assets, creating an unmanageable mess for IT and security teams. Left unchecked, a single forgotten, abandoned or...

CVE-2022-31025

Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the stable branch and 2.9.0beta5 on the beta and tests-passed branches, inviting users on sites that use single sign-on could bypass the mustapproveusers check and invites by staff are always approved...

Why It’s Time to Map the Digital Attack Surface

Trend Micro research reveals struggle to control cyber risks against mounting digital attack surfaces...

Why It’s Time to Map the Digital Attack Surface

Trend Micro research reveals struggle to control cyber risks against mounting digital attack surfaces...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a memory leak via the function ucclose at /my/unicorn/uc.c. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike...

Managing Cyber Risk: The People Element

Explore the latest findings from Trend Micro’s Cyber Risk Index 2H’2021 and how to better manage people to minimize cyber risk across the digital attack surface...

Zero-Day ‘Follina’ Bug Lays Microsoft Office Open to Attack

UPDATE A zero-day vulnerability in Microsoft Office allows adversaries to run malicious code on targeted systems via a flaw a remote Word template feature. The warning comes from Japanese security vendor Nao Sec, which tweeted a warning about the zero day over the weekend. It’s unclear if the...