Building trust with customers often starts by demonstrating the right security controls. In the digital age, data security is paramount, and adherence to standards like ISO/IEC 27001, PCI DSS, and SOC 2 has become a key differentiator in the competitive market landscape.  What is ISMS, and why does my organization need...

During a recent penetration test on a customer application, I noticed weird interactions between the web front-end and back-end. This would eventually turn out to be a vulnerability called HTTP request smuggling, enabled by the fact that the front-end was configured to downgrade HTTP/2 requests to HTTP/1.1. With the help...

The Malware-as-a-Service (MaaS) model, and its readily available scheme, remains to be the preferred method for emerging threat actors to carry out complex and lucrative cyberattacks. Information theft is a significant focus within the realm of MaaS, with a specialization in the acquisition and exfiltration of sensitive information from compromised...

You have kicked-off your annual application security assessment, but by the time the final report comes in, so have a bunch of new features from your developers. Since your pen test report can’t keep-up with your modern development cycles, it is now (and always) obsolete. You can check-off your compliance...

Philadelphia, PA, November 9, 2023 - Leading cyber risk management and threat intelligence provider Outpost24 today announced the release of Threat Explorer, an advanced vulnerability intelligence and custom alerting tool for continuous threat monitoring. The new module, available as a part of the Threat Compass threat intelligence solution, provides a timely...

Broken access control, the vulnerability category consistently ranking on the OWASP Top 10 Web Application Security Risks list, poses the most significant challenge for application security right now. Over-reliance on automated solutions to tackle these challenges creates a false sense of security and could have severe implications for application owners....

About the customer Landsbankinn is one of Iceland’s leading financial institutions, operating in a highly regulated environment where operational resilience, information security, and customer trust are fundamental business priorities. As a financial institution subject to international security standards and evolving European regulatory frameworks, the bank requires continuous visibility into its...

About the customer The RS Group provides industrial and electronic products and services for designers, builders and maintainers of industrial equipment and operations. With 80+ years of experience supplying products from over 2,500 partners, and 1.1 million customers globally. The Group are proud to partner with suppliers and customers, offering...

Earlier this month, the District of Columbia Board of Elections (DCBOE) warned that a threat actor may have gained access to the personal information of their registered voters. This would include personally identifiable information (PII) such as contact details, partial social security numbers, dates of birth, and driver’s license numbers....

Update from October 23:  Cisco has released an updated version for the Cisco IOS XE 17.9 release train. The other supported releases are yet to be updated. We recommend that you update to version 17.9.4a (if possible), or follow the steps from the workaround provided below. Cisco has issued a...