Cybersecurity Articles Archives - Page 4 of 5

OWASP API Security Top 10 2019

Application Security, Cybersecurity Articles, Vulnerabilities & Exploits / Frank Crast / January 3, 2020 / API, API Security, Application, AppSec, authentication, Authorization, DOS, jTop 10, OWASP, SDLC, SQLi

The Open Web Application Security Project (OWASP) has released its OWASP API Security Top 10 2019. This is the first version of the API Top 10. OWASP will likely update the guidelines every three to fours years, similar to the other OWASP Top 10 series.

OWASP API Security Top 10 2019 Read More »

The top 20 vulnerabilities to patch now (that are most under attack)

Cybersecurity Articles, Cybersecurity Attacks, Vulnerabilities & Exploits, Zero-days / Frank Crast / December 26, 2019 / Apache, BlueKeep, CVE-2012-0158, CVE-2014-8361, CVE-2017-0143, CVE-2017-0199, CVE-2017-10271, CVE-2017-11882, CVE-2017-17215, CVE-2017-5638, CVE-2017-5715, CVE-2017-8570, CVE-2017-8759, CVE-2018-0802, CVE-2018-10561, CVE-2018-12130, CVE-2018-20250, CVE-2018-4878, CVE-2018-7600, CVE-2018-8174, CVE-2019-0708, CVE-2019-2725, IOT, Loki, MDS, Meltdown, Nanocore, Spectre, Struts, Verint, Vulnerabilities, WebLogic, WinRAR, Zyklon

Security firm Verint analyzed the top 20 vulnerabilities to patch now that are under active attack and exploited by cyber attack groups worldwide. The report is aimed at assisting security teams in prioritizing and enhancing their organization’s patch management efforts.

The top 20 vulnerabilities to patch now (that are most under attack) Read More »

GitHub launches ‘Security Lab’ to help secure open source software

Application Security, Cybersecurity Articles, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / November 18, 2019 / AppSec, GitHub, Open Source, SDLC, Security Lab

GitHub, one of the world’s leading software development platforms, has launched GitHub Security Lab with aim to secure open source software.

GitHub launches ‘Security Lab’ to help secure open source software Read More »

Top 3 AWS security configuration mistakes

Cloud Security, Cybersecurity Articles, Server Security, System Hardening / Frank Crast / September 21, 2019 / Amazon, AWS, botnet, Cloud, DevOps, GoldBrute, GoScanSSH, Palo Alto Networks, Port 22, Port 3389

Cloud security experts from Palo Alto Networks have warned about three critical misconfigurations that are most common in most organizations and have contributed to the majority of cloud attacks.

Top 3 AWS security configuration mistakes Read More »

Organizations face major IoT risks and challenges

Cybersecurity Articles, Data Privacy, Internet of Things (IoT) / Frank Crast / August 12, 2019 / IOT, NIST, Privacy

The National Institute of Standards and Technology (NIST) has recently published security guidelines for IoT devices. NIST hopes the new publication can help organizations better understand and manage the cybersecurity and privacy risks associated with IoT devices throughout the devices’ lifecycles.

Organizations face major IoT risks and challenges Read More »

Office 365 third-party risks and configuration guidance

Cloud Security, Configuration Management, Cybersecurity Articles, Third-Party Security, Vulnerabilities & Exploits / Frank Crast / May 21, 2019 / CISA, Cloud, O365, Office 365, third party

A new security report highlights some of the risks organizations face when moving to the cloud and potential configuration vulnerabilities.

Office 365 third-party risks and configuration guidance Read More »

CIS Controls Version 7.1 released

Cybersecurity Articles, Security Monitoring, Small Business Security, Standards & Guidelines / Frank Crast / April 4, 2019 / 800-53, CIS, CIS v7.1, NIST, Security, Standards, Top 20 CIS Controls

The Center for Internet Security (CIS) has released its new version 7.1 of the top 20 Critical Security Controls. The updated version includes new Implementation Groups designed to identify relevant CIS controls that are reasonable for an organization with a similar risk profile and available cybersecurity resources.

CIS Controls Version 7.1 released Read More »

NIST SP 800-177 Revision 1: “Trustworthy Email”

Cryptography, Cybersecurity Articles, Messaging Security, Standards & Guidelines / Frank Crast / February 26, 2019 / 800-177, authentication, DKIM, DMARC, email, encryption, Messaging, NIST, SPF, TLS

The National Institute of Standards and Technology (NIST) has releases its Security Publication (SP) 800-177 Revision 1, that include security guidelines and recommendations for achieving “trustworthy email”.

NIST SP 800-177 Revision 1: “Trustworthy Email” Read More »

Many organizations lacking adoption of key CIS controls

Asset Management, Configuration Management, Cybersecurity Articles, Endpoint Security, Identity & Access Management, Vulnerabilities & Exploits / Frank Crast / August 11, 2018 / CIS, SANS

A recent survey conducted by Tripwire revealed organizations are not fully adopting security controls from key benchmarks, such as the Center for Internet Security (CIS).

Many organizations lacking adoption of key CIS controls Read More »

OWASP Top 10 2017 Web Application Security Risks: What’s Changed?

Application Security, Cybersecurity Articles, Standards & Guidelines / Frank Crast / December 9, 2017 / Application, OWASP, OWASP Top 10, Web app

The Open Web Application Security Project (OWASP) released the OWASP Top 10 – 2017. The new standard includes the ten most critical web application security risks. This is the first update since the 2013 version.

OWASP Top 10 2017 Web Application Security Risks: What’s Changed? Read More »