Skip to content

AppSec Observer: Hacked

The latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information security to DevOps and risk management.

Subscribe Now
Get that ‘We’ve been hacked!’ press release ready NOW

Get that ‘We’ve been hacked!’ press release ready NOW

The ransomware hits. The corporate sky is falling. All hell breaks loose. 

DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

The SolarWinds attack has been extensively covered over the past two months—and rightly so. It has been characterized..

Remote Code Execution Deserialization Vulnerability Blocked by Contrast

Remote Code Execution Deserialization Vulnerability Blocked by Contrast

On May 20, 2020, the National Vulnerability Database (NVD) published a new CVE—CVE-2020-9484. The..

Open-Source Python Salt CVEs and the Cisco Server Breach

Open-Source Python Salt CVEs and the Cisco Server Breach

Hackers recently exploited two critical vulnerabilities (CVEs) in SaltStack’s "Salt" management framework in order to..

Videoconferencing Is Being Weaponized, Tips on Making Your Meetings More Secure

Videoconferencing Is Being Weaponized, Tips on Making Your Meetings More Secure

Zoom, the videoconferencing application that has grown from 10 million users in December to over 200 million today (an..

How Hackers Are Exploiting COVID-19 and What Organizations Can Do About It

How Hackers Are Exploiting COVID-19 and What Organizations Can Do About It

Now that many people are working from home due to the coronavirus disease (COVID-19), businesses are facing..

Public WiFi is actually still pretty dangerous

I wanted to write a short response to an article EFF posted, Why Public Wi-Fi is a Lot Safer Than You Think. It's no..

ProtectSettings

Using Contrast to prevent the Weblogic Remote Code Execution (RCE) Deserialization Vulnerability - CVE-2019-2725

On April 17, 2019, Oracle released a Critical Patch Advisory with 254 patches. One of the vulnerabilities addressed was..

CVE-2018-15685 - Electron WebPreferences Remote Code Execution Finding

Contrast Labs has discovered a remote code execution (RCE) vulnerability affecting apps with the ability to open nested..