WAF-as-a-Service
Web applications form a massive part of the common network ground that is shared by a business and its customers
Container Runtime Protection
Runtime Security in Kubernetes deployment might be policed based on a pod-by-pod. A pod is a group of containers that
Introduction to Virtual Patching
“Virtual Patching” is a term that was initially used by Intrusion Prevention System vendors many years ago. It is also
How to create a Kubernetes Service
With the running application, we want to access one service. Let’s create a ClusterIP type of service. We can: Create
Kube-Proxy and Headless Services
Kube-Proxy Kube-proxy implements a form of virtual IP for services for all types except ExternalName. Three modes are: (a) Proxy-mode:
Kubernetes Service Types
Key Terms Nodes: Virtual host(s) on which containers/pods are running. Kubernetes Service: A logical set of pods that perform identical
Introduction to Kubernetes Services
Key Terms: Pods: One or more containers that shares the storage and network with a Kubernetes configuration, mentioning the behavior
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71
Overview : Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions
LogicalDoc before 8.3.3 allows SQL Injection
Overview : LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database.
Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability
Overview : Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow
cPanel before 84.0.20 allows a demo account to achieve remote code execution
Overview : cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks
Overview : OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users’ image
Umbraco CMS 8.5.3 allows an authenticated file upload
Overview : Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package
Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation
Overview : Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.An information disclosure vulnerability
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 SQL Injection Vulnerability
Overview : SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID
LiveZilla blind Javascript Injection – Cross Site Scripting (XSS)
Overview : An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in
WAF for Healthcare
Modern Medical environment has evolved to a new dimension with advancement in technology. New technology services are coming in, new
What is the Real Cost of a Data Breach – Reflecting LabCorp Data Theft
Another Data breach incident between LabCorp, a medical testing company and American Medical Collection Agency (AMCA), shows the importance of