Vulnerability in Next.js, Anti-theft Protection from Google & More Security News
Welcome to our monthly digest of Cybersecurity Updates, where we navigate the ever-evolving landscape of digital security. This edition reveals insights spanning the Cloud, Mobile, and Web domains, highlighting crucial vulnerabilities and best practices. Stay informed and fortified against emerging threats as we delve deeper into cybersecurity.
#tools #education
Semgrep has launched a free academy
Semgrep has announced a new educational resource for the community – Semgrep Academy. It is an online learning platform that offers free, on-demand courses on various information security topics, including application security, secure coding, API security, static analysis, functional programming, and Semgrep products.
As a reminder, TechMagic has set up a training room for those who want to learn how to work with Semgrep OSS – a powerful SAST tool. You can join by the link: https://tryhackme.com/jr/gettingstartedwithsemgrep
#cloud
Secure your AWS WAF ACLs with AWS Firewall Manager
In this post , the authors describe operating models for web application security governance in Amazon Web Services (AWS). This post will show, in a central or hybrid operating model, how to create a policy to enforce a security baseline in your AWS WAF ACLs using AWS Firewall Manager while still allowing application administrators or developers to apply specific ACL rules for their particular use cases.
Read also about our experience in AWS penetration testing
#web
Server-side request forgery in Next.js Server Actions
Security researchers at Assetnote identified an SSRF vulnerability in Next.js Server Actions. If the Host header is modified and the conditions below are also met, an attacker may be able to make requests that appear to originate from the Next.js application server itself.
领英推荐
#web
A new vulnerability in the WordPress plugin
Censys has noted that on March 21, 2024, a vulnerability was identified in the WordPress plugin Automatic by ValvePress, designated as CVE-2024-27956 . This security flaw, which allows for straightforward SQL injection attacks on the plugin's user authentication process, could potentially lead to the takeover of WordPress websites. It has recently been reported that attackers are currently exploiting this vulnerability.
#mobile
New anti-theft and data protection features from Google
Google will launch several new anti-theft and data protection features later this year. Some features will be exclusive to devices running Android 15 and newer, while others will be available to billions of devices with Android 10 or later.
Among these features is the Theft Detection Lock, a new AI-powered screen lock designed to protect personal and sensitive data. This feature automatically locks your device's screen when it detects sudden movements typical of theft attempts, such as a thief snatching the device from your hand.
#other
Learn how to protect your email against phishing and spoofing attacks
In this video , Heath Adams, also known as The Cyber Mentor, delves into the critical topic of email security. He emphasizes the importance of three key protocols: SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance). Heath demonstrates how to assess and fortify email defenses against phishing and spoofing attacks. The video guides viewers through setting up and verifying SPF and DMARC records and explains the significance of each protocol. It also touches on the challenges of managing email security and how to simplify the process by aggregating reports and providing tools for easy setup and policy management.
Wrapping Up
That concludes this edition of our Cyber Security Updates. Stay proactive and vigilant in safeguarding your digital assets. Remember, staying informed is the first line of defense against cyber threats. Until next month, continue to prioritize security in all your digital endeavors.