Recently the industry has seen a trend where organizations are moving rapidly to integrate vulnerability detection tools as part of their CI / CD environments. That’s a step in the right direction only if the risks that emanate out of those integrations are carefully considered and mitigated. Unfortunately we don’t see much evidence of due […]

[Credits: Photo by rawpixel.com from Pexels] With the internet, things are moving at an alarmingly fast pace. This equates to increased attack surface and phenomenal increase in the number of vulnerabilities out there. Industries are trying to keep up. Evidently one industry which is struggling to keep the pace is Healthcare. In the healthcare industry, the […]

United States Senate Permanent Subcommittee on Investigations recently published a report titled “How Equifax neglected cybersecurity and suffered a devastating data breach“. It details out what aspects contributed to the data breach at Equifax and how Equifax’s competitors (TransUnion and Experian) were able to successfully mitigate the threat. The report is around 71 pages long and […]

Late last week, all of us were made aware of Chrome zero day ( CVE-2019-5786 ), “use after free in FileReader resulting in remote code execution“. This had a published exploit in the wild making it absolutely critical to patch without any delay. Users of ThreatWatch were not only notified of this intelligence but also […]

Early last week, all of us got alerted with reports of a major vulnerability in the “runc” binary. The vulnerability was due to the way the runc binary handled system file descriptors when running containers , which could allow malicious containers to overwrite contents of the binary and ultimately cause remote code execution. Not many […]

If you are in the health care industry, you might be aware of the voluntary cybersecurity guidance issued by Department of Health and Human Services (HHS) for health care industry. This guidance is aptly titled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” (aka HICP), as the key to “protecting patients and their data” […]

It is our pleasure to announce public release and availability of python package for ThreatWatch OpenAPI – pytw.   pytw is an open source initiative from ThreatWatch provides a comprehensive and solid python interface for integrating with ThreatWatch in an seamless manner. pytw provides capabilities to manage and work with “core objects/entities” in ThreatWatch (like […]

Starting this month, Java 8 users will have to make a choice. Pay a minimum of $40 for support and security updates or continue to use Java 8 with no security updates or fixes. Users will also not have access to a number of APIs like Java Web Start and Java Applets which will be […]

All businesses leverage digitalization to increase revenue, cut down costs and more. Increased digitization implies larger reliance on digital assets for business success. Most businesses need to be agile in today’s era and hence they are quick to adopt new software solutions (on-premise or cloud-based) in their digitalization journey.  As the digital footprint of a […]

The rationale behind network firewalls was simple: build a moat around the castle to keep out the bad guys and allow only the people you trust, in over the moat. Essentially, protect your internal network from the big bad internet by selectively allowing or disallowing traffic between the two. Perimeter security relies on a set […]