How to detect Apache HTTP Server Exploitation

How to detect Apache HTTP Server Exploitation

In the above two requests and responses, we see the attacker fingerprinting vulnerable servers by running the ‘echo’ command. We observed successful exploitation attempts which led to cryptominers raking up compute on the vulnerable hosts. CVE-2021-40438:This CVE tracks the vulnerability posed by the ‘mod_proxy’ module in Apache HTTP Server (versions before 2.4.49). In CWE-918 Server-Side Request Forgery (SSRF) attack, a malicious actor can forward the request to an origin server of their choice In this…

Read More

2022 Cybersecurity Trends for DevSecOps

2022 Cybersecurity Trends for DevSecOps

How many articles have you read that started with some variation of “the COVID-19 pandemic accelerated digital transformation?” This concept isn’t new, but you may be wondering how these sudden changes will impact security. We’ll explore Trend Micro Research’s predictions for 2022 and the impact on DevSecOps—the cultural approach that helps you build secure apps as quick as you can say “the COVID-19 pandemic accelerated digital transformation.” Cybercrime in the cloud Due to the sudden…

Read More

Oracle WebLogic Detection and Mitigation

Oracle WebLogic Detection and Mitigation

Detection and Remediation Now that we’ve covered the vulnerabilities, let’s get into how we can detect and mitigate these critical flaws using a SaaS platform. Trend Micro Cloud One™ includes seven security services that help developers build securely and quickly from the moment code is committed into their repository. It’s integrated with Trend Micro Vision One™, which uses its industry-leading XDR capabilities to collect and correlate data across multiple security layers. Both products leverage automation,…

Read More

Virtual Patching 101

Virtual Patching 101

Virtual Patching 101 Network Security Get the lowdown on virtual patching: a simplified, automated solution to shielding vulnerabilities from exploits. By: Trend Micro December 07, 2021 Read time:  ( words) Ever heard the phrase “one and done?” This applies to vulnerabilities as well. Just one vulnerability can be targeted by threats and wreak havoc on your apps and organization. And while some vendors may release a patch, oftentimes you can’t just wait around for the…

Read More

A Complete Guide to Cloud-Native Application Security

A Complete Guide to Cloud-Native Application Security

However, these tools have downsides that may cause more challenges for DevOps teams: SAST has difficulties scanning and reporting on cloud-native applications because static tools only see the application source code it can follow. As more cloud-native apps are now developed with libraries and third-party components, this generates failures in the tool processing these links. DAST interactively testing the applications from the outside requires the application to be fully built upon every code change. As…

Read More

Application Security 101

Application Security 101

Application Security 101 Serverless Security Everything DevOps teams need to know about web application security risks and best practices. By: Trend Micro November 17, 2021 Read time:  ( words) Web applications are becoming increasingly complex and the speed of delivery more demanding. This strain of speed and scale is making application vulnerable to attackers. According to Verizon, the majority of breaches were caused by web application attacks. This means application security is more crucial than…

Read More
1 4 5 6