Skip to content

AppSec Observer: Threat

The latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information security to DevOps and risk management.

Subscribe Now
    Topics
    DHS Warns of Imminent Nation State Cyberthreats

    DHS Warns of Imminent Nation State Cyberthreats

    Situation Due to the ongoing degradation in Ukrainian and Russian relations, today, intelligence agencies from major..

    [Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs

    [Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs

    The Apache Software Foundation provided another update to log4j (version 2.17.0) to address a new CVE-2021-45105 on..

    Contrast Security Protects Serverless applications from Log4j Attacks

    Contrast Security Protects Serverless applications from Log4j Attacks

    The Log4j flaw (also now known as "Log4Shell"), is a zero-day vulnerability (CVE-2021-44228) that came to light on..

    Log4Shell By The Numbers

    Log4Shell By The Numbers

    We monitor many thousands of applications with Contrast Assess (IAST), Contrast SCA, and Contrast Protect (RASP) so we..

    Updated Guidance on Addressing Log4J CVEs

    Updated Guidance on Addressing Log4J CVEs

    The information below is no longer current against the evolving security landscape. See [updated guidance] again on..

    Instantly Inoculate Your Servers Against Log4J With New Open Source Tool

    Instantly Inoculate Your Servers Against Log4J With New Open Source Tool

    Contrast is releasing SafeLog4j, a free and open-source, general purpose tool that can detect/verify vulnerable log4j..

    President Biden’s Executive Order: Secure the Software Supply Chain

    President Biden’s Executive Order: Secure the Software Supply Chain

    In the fallout of a successful ransomware attack on a pipeline that supplies nearly half the East Coast’s gasoline,..

    A BIGGER SHARE OF VULNERABILITIES WERE SERIOUS IN THE FIRST TWO MONTHS OF THE YEAR

    A BIGGER SHARE OF VULNERABILITIES WERE SERIOUS IN THE FIRST TWO MONTHS OF THE YEAR

    Until recently, the word “Hafnium” most commonly referred to an obscure atomic element—atomic number 72 in the Periodic..

    DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

    DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

    The SolarWinds attack has been extensively covered over the past two months—and rightly so. It has been characterized..

    1 2 3 Next