Skip to content

AppSec Observer: Hacked

Contrast's application security blog provides the latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information security to DevOps and risk management.

Subscribe Now
    Topics
    Get that ‘We’ve been hacked!’ press release ready NOW

    Get that ‘We’ve been hacked!’ press release ready NOW

    The ransomware hits. The corporate sky is falling. All hell breaks loose.

    DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

    DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

    The SolarWinds attack has been extensively covered over the past two months—and rightly so. It has been characterized..

    Remote Code Execution Deserialization Vulnerability Blocked by Contrast

    Remote Code Execution Deserialization Vulnerability Blocked by Contrast

    On May 20, 2020, the National Vulnerability Database (NVD) published a new CVE—CVE-2020-9484. The vulnerability..

    Open-Source Python Salt CVEs and the Cisco Server Breach

    Open-Source Python Salt CVEs and the Cisco Server Breach

    Hackers recently exploited two critical vulnerabilities (CVEs) in SaltStack’s "Salt" management framework in order to..

    Videoconferencing Is Being Weaponized, Tips on Making Your Meetings More Secure

    Videoconferencing Is Being Weaponized, Tips on Making Your Meetings More Secure

    Zoom, the videoconferencing application that has grown from 10 million users in December to over 200 million today (an..

    How Hackers Are Exploiting COVID-19 and What Organizations Can Do About It

    How Hackers Are Exploiting COVID-19 and What Organizations Can Do About It

    Now that many people are working from home due to the coronavirus disease (COVID-19), businesses are facing..

    Public WiFi is actually still pretty dangerous

    I wanted to write a short response to an article EFF posted, Why Public Wi-Fi is a Lot Safer Than You Think. It's no..

    ProtectSettings

    Using Contrast to prevent the Weblogic Remote Code Execution (RCE) Deserialization Vulnerability - CVE-2019-2725

    On April 17, 2019, Oracle released a Critical Patch Advisory with 254 patches. One of the vulnerabilities addressed was..

    CVE-2018-15685 - Electron WebPreferences Remote Code Execution Finding

    Contrast Labs has discovered a remote code execution (RCE) vulnerability affecting apps with the ability to open nested..

    1 2 3 4 Next