IBM Verify Gateway (IVG) Account Lockout Improperly Set Vulnerability

IBM Verify Gateway IVG is a cloud-based authentication solution from IBM in the United States. An improperly set account lockout vulnerability exists in IBM Verify Gateway IVG. A remote attacker could exploit the vulnerability to brute-force break account credentials...

IBM Verify Gateway (IVG) Denial of Service Vulnerability

IBM Verify Gateway IVG is a cloud-based authentication solution from IBM in the United States. A denial of service vulnerability exists in IBM Verify Gateway IVG. An attacker could exploit this vulnerability to cause a denial of service with a malformed request...

Building Security into Cloud Native Apps with NGINX

Industries from hospitality to taxis/transportation and food delivery are being disrupted by new age companies like Airbnb, Uber and DoorDash that have a cloud-based software infrastructure as one of their main enablers. Why do all these new companies use cloud and what advantage does it give the...

ConnectWise Automate SQL Injection Vulnerability

ConnectWise Automate is a cloud-based, local IT automation solution from ConnectWise USA. The product supports content management, file sharing, IT asset tracking and management, and more. A SQL injection vulnerability exists in Connectwise Automate versions prior to 2020.7 and prior to 2019.12...

Time for a Haircut

Like many people around the world, my hair has grown profusely in the past few months and bears little resemblance to the photo in my profile. Without the required care and attention, my hair is getting dangerously close to the bad hairstyles I adopted in the 1980s. I could of course attempt to f...

Feeling fatigued? Cloud-based SIEM relieves security team burnout

Most CISOs and CSOs are worried that a growing volume of alerts is causing burnout among their teams, according to new research from IDG. You can learn about additional challenges to security operations teams by reading the IDG report SIEM Shift: How the Cloud is Transforming Security Operations...

Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint

The increasing pervasiveness of cloud services in today’s work environments, accelerated by a crisis that forced companies around the globe to shift to remote work, is significantly changing how defenders must monitor and protect organizations. Corporate data is spread across multiple...

Moving to cloud-based SIEM: the cost advantage

Companies weigh multiple factors in any technology implementation, balancing risks with business needs and IT capabilities. And while the same is true with cloud-based security information and event management SIEM solutions, cost overwhelmingly shapes the discussion as well. For example, accordi...

Secure Your Global Remote Workforce

Update June 9, 2020: Qualys adds Malware Detection to Free 60-Day Remote Endpoint Protection offering. This post has been updated to reflect this new Malware Detection capability. IT organizations around the world are responding to the challenge posed by COVID-19 by ensuring that employees are ab...

Any Indian DigiLocker Account Could've Been Accessed Without Password

The Indian Government said it has addressed a critical vulnerability in its secure document wallet service Digilocker that could have potentially let a remote attacker bypass mobile one-time passwords OTP and sign in as other users. Discovered separately by two independent bug bounty researchers,...

Hybrid DDoS Protection is Like a Faulty Airbag

We know that some businesses are the target of constant DDoS attacks, while others face attacks less frequently. If your company falls on the side of less-frequent attacks or having never been attacked at all, you might be wondering, “does the threat still exist?” And “does it exist to the level ...

Microsoft ASP.NET Core Input Validation Error Vulnerability

Microsoft Visual Studio and Microsoft ASP.NET Core are both products of Microsoft Corporation, USA. Microsoft Visual Studio is a family of development tool suites and a largely complete development toolset that includes most of the tools needed throughout the software lifecycle. Microsoft ASP.NET...

Enterprise Application Access Increases Security for Your Enterprise Applications -- and the Data Behind Them

Companies all over the world are moving rapidly to enable their entire workforce to work remotely due to the current environment. Akamai's Enterprise Application Access solution is designed to provide fast and secure remote access to enterprise applications and can be deployed and scaled up quick...

Residential Internet Connections are now Business Connections: What about Security and Compliance?

Near-global mandates to stay at home have completely reshaped the internet security landscape. Remote work is the new normal, inverting the traditional office model. Attackers are not relenting as they see opportunity to take advantage of a world with a singular focus. Here are a couple of recent...

Atlassian OAuth Plugin 1.3.0 < 1.9.12 / 2.0.0 < 2.0.4 Server-Side Request Forgery

Atlassian OAuth Plugin from version 1.3.0 to 1.9.11 and from version 2.0.0 to 2.0.3 allows remote attackers to make the target application act as a proxy and perform requests to internal or external resources through the IconUriServlet. Attackers may leverage this vulnerability to conduct...

Unspecified Vulnerability in SAP Commerce

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. The product supports sales management, marketing management, order management and operations management. SAP Commerce has a security vulnerability that can be exploited by attackers to compromise confidentiality...

Matrix42 Workspace Management 9.1.2.2765 Cross Site Scripting Vulnerability

Matrix42 Workspace Management version 9.1.2.2765 suffers from a persistent cross site scripting vulnerability. Matrix42 Workspace Management 9.1.2.2765 – Stored Cross-Site Scripting =============================================================================== Identifiers...

The 2020 Cyberthreat Defense Report: Simplify Security with Unified Tools and Monitoring

The CyberEdge Group’s recently released 2020 Cyberthreat Defense Report CDR details findings based on a survey of 1200 security IT professionals from around the globe. Although multiple key takeaways emerged from analyzing their perceptions and insights, it’s worth digging a little further into o...

Clearing the clouds: Comparing CMMC to other frameworks

These days, I spend a lot of time talking to our cloud-based clients about Cybersecurity Maturity Model Certification CMMC: what it is, why its important, and how they can prepare. As one of the leading cybersecurity consulting firms and third-party assessment organizations 3PAO, Coalfires client...

Business Continuity and Security in an Uncertain Global Environment

The need for companies to quickly enable remote access to business-critical applications was highlighted in a recent Akamai blog -- Enabling Business Continuity in an Uncertain Global Environment. However, despite the current environment, what is already evident is that once businesses have...