It is our pleasure to announce public release and availability of python package for ThreatWatch OpenAPI – pytw.   pytw is an open source initiative from ThreatWatch provides a comprehensive and solid python interface for integrating with ThreatWatch in an seamless manner. pytw provides capabilities to manage and work with “core objects/entities” in ThreatWatch (like […]

Starting this month, Java 8 users will have to make a choice. Pay a minimum of $40 for support and security updates or continue to use Java 8 with no security updates or fixes. Users will also not have access to a number of APIs like Java Web Start and Java Applets which will be […]

All businesses leverage digitalization to increase revenue, cut down costs and more. Increased digitization implies larger reliance on digital assets for business success. Most businesses need to be agile in today’s era and hence they are quick to adopt new software solutions (on-premise or cloud-based) in their digitalization journey.  As the digital footprint of a […]

The rationale behind network firewalls was simple: build a moat around the castle to keep out the bad guys and allow only the people you trust, in over the moat. Essentially, protect your internal network from the big bad internet by selectively allowing or disallowing traffic between the two. Perimeter security relies on a set […]

Overview A recent study reported that it took organizations an average of 197 days to spot a breach and 69 days to remediate it 1. That is a mind boggling 6 months to detect a potentially disastrous event that could have grave consequences to the future of the organization. Manual steps to track vulnerabilities added 12 […]

Enough time has passed and far too many data breaches have been uncovered to warrant a fresh look at how organizations look at pro-active security efforts. Account and access management has evolved and organizations are much more vigilant to ensure multi-factor authentication is setup for customer and employee access to services and data. Data suggests […]

Everyone in the technology industry processing credit card data is familiar with PCI DSS and the associated process to get attested on a quarterly basis from a QSA ( Qualified Security Assessor ). In addition to the quarterly attestation , organizations also have to go through audits both internal and external audits to maintain PCI […]

Upgrade to Apache Struts version 2.3.35 or 2.5.17 ASAP ! If you use Apache Struts ( remember Equifax ? ) please upgrade to the versions mentioned above. As always NVD is lagging behind on details so dont depend on your scanning solutions to detect this in your environment just yet, CVE-2018-11776

The National Vulnerability Database (NVD) is considered to be the single source of truth for all software / hardware vulnerabilities that are in the public domain. However a few things get overlooked which makes it far less desirable to be relied upon when it comes to designing your vulnerability management program. Lets look at them. […]

                    With organizations moving towards higher levels of digitalization, the role of software has increased multifold. This has led to increased numbers of data breaches and the average size [1] of data breach has increased 1.8 in 2017. A breach is defined as an event in […]