With technological advancements come new security risks that threaten the confidentiality, integrity, and availability of sensitive information. In this blog post, we will explore why managing your external attack surface is essential to securing your organization.
By default, every image pushed to the Docker Hub through your free account appears in the public registry by default. This business strategy of Docker Inc. to engage more people into purchasing their paid subscriptions puts the free users at risk. Once an attacker finds exposed docker images related to your organisation, there is plenty of information which can be used by the attacker to cause damage to the organisation’s security posture.
Introduction In the last few years, Data breaches have been on the rise. Apart from the web servers, mobile applications and other assets that are generally targeted, a popular mobile…
Open ports help applications serve their purpose correctly. However, certain services running on ports exposed to the internet may pose security risks.
In this blog, we will cover the risks of an Exposed Service / Port and how it can overall impact the overall Attack Surface of your organization.
A technical analysis of the two newly released high severity vulnerabilities in OpenSSL, dubbed CVE-2022-3786 and CVE-3602.
Wave 9 of Project Resonance was conducted to determine the security posture of the exposed Kubernetes clusters around the internet. Over 500,000 unsecured Kubernetes instances were discovered during the course of the research.
Our research shows that secret leakage is still an issue developers must be addressed with secure development practices. We recommend that developers ensure that any cloud computing solutions they integrate into their apps are correctly configured to avoid the leakage of sensitive information and prevent threats for both the organization and end-users. We recommend that end-users pay attention to what permissions their favourite apps require for everyday usage and check if they are even needed to combat predatory practices.
Web applications are the cornerstone of anything on the publicly accessible internet. Due to the complexities of the software development life cycle, developers tend to embed secrets within the source code of the applications. As the code-base enlarges, developers often fail to redact the sensitive data before deploying it to production.