Application Security Archives

Threat actors launch zero-day attack against Python Package Index (PyPI) packages

Application Security, Source Code Security, Vulnerabilities & Exploits, Zero-days / By Frank Crast / February 24, 2023 / FortiGuard, Open Source, PyPI, Python

Researchers have discovered threat actors launching zero-day attack against packages in the Python Package Index (PyPI) repository.

NoName057(16) hacker group launched DDoS attacks against 2023 Czech presidential election linked websites

Application Security, Cybersecurity Attacks / By Frank Crast / January 21, 2023 / Cyberattack, Czech, DDoS, DDosia, Elections, NoName057(16)

A Russian affiliated hacker group dubbed NoName057(16) has launched DDoS attacks against 2023 Czech presidential election.

Okta’s GitHub source code repositories hacked

Application Security, Cybersecurity Attacks, Source Code Security / By Frank Crast / December 21, 2022 / Auth0, authentication, Authorization, Breach, Okta

Okta, a leading solution provider of identity and access management solutions, has confirmed their private GitHub repositories were hacked this month.

Intel reports leak of Alder Lake BIOS source code

Application Security, Data Breach, Source Code Security / By Frank Crast / October 10, 2022 / Alder Lake, BIOS, Intel, Intel Core, Source Code, Vulnerabilities

Chipmaker Intel has confirmed a leak of its Alder Lake BIOS source code, as revealed on 4chan and GitHub. However, the hacker’s origin (or root cause) remains unknown.

Cybercriminals use proxies and configurations to launch credential stuffing attacks

Application Security, Cybersecurity Attacks, Password Management / By Frank Crast / August 22, 2022 / CDN, Cyberattack, Cybersecurity Threat Center, FBI, MFA, OWASP, passwords, SSL

The Federal Bureau of Investigation (FBI) have spotted cybercriminals using proxies and configurations to launch credential stuffing attacks against US companies.

Django fixes High severity SQL injection vulnerability (CVE-2022-34265)

Application Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / July 4, 2022 / CVE-2022-34265, Django, SQL injection

Django has released a security fix for a High severity SQL injection vulnerability (CVE-2022-34265) in Django 4.0.6 and 3.2.14.

GitLab issues security update for Critical hard-coded password vulnerability (CVE-2022-1162)

Application Security, Password Management, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / April 2, 2022 / CVE-2022-1162, GitLab, LDAP, Oauth, OmniAuth, passwords

GitLab has issued a security update to address a Critical vulnerability CVE-2022-1162 where static passwords were inadvertently set during OmniAuth-based registration.

cyber security, internet, hacking-3400555.jpg

DevSecOps best practices to secure cloud-native and microservices-based applications

Application Security, Cloud Security, Configuration Management, Cybersecurity Articles, Vulnerabilities & Exploits / By Frank Crast / March 12, 2022 / CI/CD, Cloud, Cybersecurity Threat Center, DevOps, DevSecOps, NIST, Service Mesh, SP 800-204C

The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-204C “Implementation of DevSecOps for a Microservices-based Application with Service Mesh.” The guidelines include many best practices on how organizations and secure their CI/CD pipeline and enhance the software delivery processes.

NIST SP 800-204C: Implementation of DevSecOps for a Microservices-based Application with Service Mesh

Application Security, Cloud Security, Configuration Management, Standards & Guidelines / By Frank Crast / March 8, 2022 / DevSecOps, NIST, SP 800-204C

he National Institute of Standards and Technology (NIST) has issued the NIST SP 800-204C “Implementation of DevSecOps for a Microservices-based Application with Service Mesh.”

NotLegit: 4-year old Microsoft Azure App Service 0-day vulnerability affects source code repositories

Application Security, Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / December 29, 2021 / 0-day, App Service, Azure, GitHub, IIS, Local Git, Microsoft, Node, PHP, Python, Ruby, Windows

A four-year old Microsoft Azure App Service 0-day vulnerability dubbed “NotLegit” affects hundreds of source code repositories.