​​Ambient and autonomous security for the agentic era​​

Over the past year, I've had countless conversations with customers who are striving to unlock human ambition with AI. They are on their journey to become Frontier Firms, where humans and agents push the boundaries of innovation and create new possibilities, empowering humans to become limitless...

The importance of hardening customer support tools against cyberattacks

The Deputy CISO blog series is whereMicrosoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion. A malicious party could exploit the vulnerabilities to bypass a security measure and gain access to sensitive data. Adobe has released updates to fix the vulnerabilities. See attached references for more information...

How to disable StoreFront's http communication

How to disable StoreFront's http communication...

PT-2023-1957 · Unknown +2 · Libmemcached-Awesome +2

Name of the Vulnerable Software and Affected Versions: libmemcached-awesome versions prior to 1.1.4 Description: The issue is related to insufficient protection of service data when handling the POLL TIMEOUT parameter, which could allow a remote attacker to gain unauthorized access to protected...

PT-2023-2220 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.1 through 15.7.8 GitLab versions 15.8 through 15.8.4 GitLab versions 15.9 through 15.9.2 Description: An issue has been discovered in GitLab that allows a project maintainer to extract a Datadog integration API key by...

Are you still using public Wi-Fi without a VPN?

Security Are you still using public Wi-Fi without a VPN? Share October 14th, 2022 Hi readers, October is Cybersecurity Awareness Month and the focus is on you, the user. All the privacy and security features in the world are worth nothing if we ourselves don’t apply some best practices to our...

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in jonschoning/espial

Description Implement both Secure flag and httponly flag in the application. Proof of Concept Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from bein...

JSON Web Token Weak Secret

JSON Web Tokens can be signed to protect against data tampering. By using an asymmetric or a symmetric signing algorithm, the application computes a signature of the token data which will be verified during token decoding to ensure its integrity. When using a symmetric algorithm, the signature is...