4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect thi...

CVE-2024-12365 W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isw3tcadminpage function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain...

AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs...

Healthcare Needs Risk-Based Cybersecurity for Comprehensive, Effective Protection

In the first blog post of this three-blog series, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations. The second blog post reviews how data security risks persist despite HIPAA compliance. In this third blog, we will discuss how to get starte...

Severe Flaw in Google Cloud's Cloud SQL Service Exposed Confidential Data

A new security flaw has been disclosed in the Google Cloud Platform's GCP Cloud SQL service that could be potentially exploited to obtain access to confidential data. "The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a...

New 'ParseThru' Parameter Smuggling Vulnerability Affects Golang-based Applications

Security researchers have discovered a new vulnerability called ParseThru affecting Golang-based applications that could be abused to gain unauthorized access to cloud-based applications. "The newly discovered vulnerability allows a threat actor to bypass validations under certain conditions, as ...

Microsoft ASP.NET Core Input Validation Error Vulnerability

Microsoft Visual Studio and Microsoft ASP.NET Core are both products of Microsoft Corporation, USA. Microsoft Visual Studio is a family of development tool suites and a largely complete development toolset that includes most of the tools needed throughout the software lifecycle. Microsoft ASP.NET...

Wallarm team is growing!

Wallarm’s unique approach provides actionable insight that identifies and protects against real attacks and vulnerabilities. I’m excited to be part of the team that automates this for modern services and cloud-based applications. The post Wallarm team is growing! appeared first on Wallarm Blog...

OX App Suite Improper Privilege Management Vulnerability

OX App Suite is a collection of cloud-based applications that support the management of email, contacts, calendars, media, documents and more. A mismanagement of privileges vulnerability exists in OX App Suite that allows users in the same environment to delete tasks from other users...

Microsoft ASP.NET Core Spoofing Vulnerability

Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web One applications, IoT applications, and mobile backends. A spoofing vulnerability exists in Microsoft ASP.NET Core, which stems from the program...

Cloud application security: preventing security vulnerabilities-vulnerability warning-the black bar safety net

Currently, cloud-based applications are widely used, and with amazing speed growing. Since cloud-based applications can be accessed through the Internet, and anyone, anywhere can access – therefore, application security becomes particularly important. This is why the creation and management of...