APPSEC OBSERVER

The latest trends and tips in DevSecOps through instrumentation and Security Observability.

Subscribe To Blog

Matt Austin, Director of Security Research

Matt is an accomplished application security expert with over 11 years of experience focused on security research, development, and engineering.

Connect With Us :  

CONTRAST LABS REVEALS DEPENDENCY CONFUSION VULNERABILITY IN MICROSOFT TEAMS

When the COVID-19 pandemic forced a large percentage of the world’s office workers to begin working remotely a year ago, organizations were forced to scramble to greatly accelerate their digital transformation. Deployments that may have been..

Continue Reading >>

DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

The SolarWinds attack has been extensively covered over the past two months—and rightly so. It has been characterized as among the worst hacks of the past 10 years, targeting SolarWinds’ software factory and compromising the code in software..

Continue Reading >>

CVE-2018-15685 - Electron WebPreferences Remote Code Execution Finding

Contrast Labs has discovered a remote code execution (RCE) vulnerability affecting apps with the ability to open nested child windows on Electron versions (3.0.0-beta.6, 2.0.7, 1.8.7, and 1.7.15). This vulnerability has been assigned the CVE..

Continue Reading >>

Google Docs May Still be Vulnerable to Phishing Attacks

On Tuesday, users of Google Docs were targeted with an email phishing attack. The email content was a ruse to trick folks into granting access to their contact data. Google quickly put measures into place to stop the attack. Please visit this..

Continue Reading >>

DOM XSS in wix.com

 

Wix.com, a hosting provider which claims to host millions of websites, contains an XSS that leads to administrator account takeover and could be used to create a Wix website worm. Learn more about this vulnerability below.

Target

From the..

Continue Reading >>

SUBSCRIBE TO THE BLOG