Ricardo Lopes’ Post

We detected 8 new open-source vulnerabilities today that were patched without associated CVEs yet - two are critical. AIKIDO-2024-10552 | critical - @rspack/core is vulnerable to Malicious Code in version 1.1.7. AIKIDO-2024-10551 | critical - vant is vulnerable to Malicious Code in multiple versions. Make sure to upgrade the vant library to a patch version. We also detected a vulnerability patch in Palo Alto Networks's docusaurus: AIKIDO-2024-10546 | medium risk - docusaurus-theme-openapi-docs is vulnerable to Information Disclosure in versions; make sure to upgrade to a patch version. Threats identified by Aikido Intel are published daily. Link to "Aikido Intel" our OS vulnerability threat feed in the comments below. #opensource #cybersecurity #appsec #sca

Recently, I checked out Aikido Security’s “2024 SaaS CTO Security Checklist”, and it's a goldmine of practical advice for securing your SaaS business, whether you're in the Bootstrap, Startup, or Scaleup phase. The checklist breaks down over 40 tips to guide you, but here are some highlights that really stood out to me: Enable 2FA for Critical Services Simple but effective. Adding multi-factor authentication to vital platforms like Gmail, AWS, and Slack can prevent unauthorized access and social engineering attacks. Aikido Security emphasizes hardware tokens like Yubikey for maximum protection. Run Phishing Drills Phishing is one of the most common attack vectors. Running phishing simulations for your team is a smart way to train employees to identify these threats. It's surprising how realistic and convincing some phishing emails can be these days! Set Up a Bug Bounty Program If you're in the Scaleup stage, a bug bounty program can be a great way to encourage ethical hackers to find vulnerabilities before malicious actors do. Backup, Then Backup Again Critical data backups are essential, but Aikido Security’s checklist encourages frequent recovery tests to ensure backups actually work when you need them. It even suggests using cross-region backups for more robust disaster recovery. Monitor Subdomain Takeovers Hackers can exploit unused subdomains, so regularly checking for subdomain takeover risks can prevent attackers from accessing sensitive user data. Automate Security Tasks As your business grows, you’ll want to reduce manual security checks. The checklist encourages automating checks for cloud misconfigurations, vulnerabilities, and more to lighten the load while staying secure. If you're a CTO or just transitioning into Cloud/DevOps and looking to strengthen your security posture and understanding, this checklist is a must-read. Go check out the many more tips! The Link's in the comments!! ♻️ Share/Repost to spread this resource to others! ♻️ #devsecops #appsec #developertools #cloud #ad #cloudengineer #aikidosecurity

Found 2 XSS but unfortunately Out Of Scope for their program, still they will fix...🥲🥲🥲💔💔💔 #vulnerability #oos #bugbounty #hacking #webapphacking #xss #crosssitescripting #bugbounty #hunting #automatedhacking #automation

Lot's of HackerOne (h1) Invites 😍 Last activities 2 Triaged 1 Duplicate #hunting #bugbounty #hacking #pentesting #openbugbounty #hacking #bounty #securityresearch #penetrationtesting

The latest update for #AikidoSecurity includes "We just raised our $17 million Series A" and "Webhook security checklist: How to build secure webhooks". #Cybersecurity #AppSec #DevSecOps https://lnkd.in/e3pzXnKE

Everyone writing code needs a vulnerability management program. However, with hundreds of tool choices on the market it can be overwhelming to figure out what you need. Thankfully, consolidation in the cybersecurity market has made shopping around a little bit easier. Instead of separately buying a SAST, SCA, DAST, and CSPM tools, now teams can consider purchasing an ASPM (Application Security Posture Management) tool. Take, Aikido Security for example. Aikido offers an ASPM that helps you manage your application security in one place with secrets scanning, code scanning, IaC scanning, and more. They combine 10 scanners in 1 to help you manage vulnerabilities and let you connect your own existing scanners if you wish. To read more about Aikido and other solutions to help you build out your vulnerability management program checkout my newsletter that went out today: https://lnkd.in/gKZrpkTB

The latest update for #AikidoSecurity includes "Top 10 #appsecurity problems and how to protect yourself" and "We just raised our $17 million Series A". #Cybersecurity #AppSec #DevSecOps https://lnkd.in/e3pzXnKE

Cybersecurity discussions at the executive level often hit a brick wall due to a lack of understanding or resistance to change. Jaye Tillson and Paul Griffin share their insights and provide actionable steps to facilitate productive cybersecurity conversations in your organization on the Offsec podcast: https://lnkd.in/gPHfYAwF #Cybersecurity #SSE #SASE

What an excellent discussion! It sounds so fundamental, but cybersecurity leaders are not necessarily super geeks. How risks or threats affect or compromise the business building products, selling products, delivering services, etc. is what matters. Jaye Tillson and Paul Griffin discuss strategies for navigating and countering executive-level objections in cybersecurity conversations. #cybersecurity #leadership

More than one out of four (31.8%) small to medium-sized companies in #belgium have faced issues with their computer #security. This has led to problems such as their computer services not working (29.7%), important information being lost or messed up (3.6%), or private details getting #leaks (2.4%). (Figures from economie.fgov.be) Thankfully, innovative new #belgian companies are stepping up to tackle these challenges, offering solutions that can make a significant difference for other early to mid-stage companies in the area. Discover our non-exhaustive list highlighting some leading new Belgian companies in the field of #cybersecurity And if we missed some top belgian cybersecurity companies, don’t hesitate to let us know in the comments! Intigriti | Guardsquare | Aikido Security | Phished | Jimber | Digita | Sign2Pay.com NV | Ceeyu | Palmki | Geens NPO | Hozint - Horizon Intelligence | 𝗜𝗺𝗮𝗴𝗲 𝗙𝗼𝗿𝗴𝗲𝗿𝘆 𝗗𝗲𝘁𝗲𝗰𝘁𝗼𝗿 | AGEify | Veezo Security