We are excited to announce that Snyk Learn, our developer-first cybersecurity education platform, is now aligned with the National Institute of Standards and Technology's (NIST) National Initiative for Cybersecurity Education (NICE) Framework.
Today, we’re excited to launch a few new features as part of our ongoing efforts in our Software Supply Chain Security solution. These developer-first tools help you gain a better understanding of your app’s supply chain, identify potential risks, and take the necessary steps to get ahead of them.
Modern applications are built, deployed and, run in increasingly complex and dynamic environments. Assessing and prioritizing the security issues introduced by these applications without taking this context into account inevitably leads to focusing remediation efforts on the wrong set of issues. This not only results in real risk slipping under the radar but also wastes the valuable time of developers, increasing their frustration and eroding their trust in security.
As we approach the second half of 2023, both security and development teams are seeing seismic shifts in the application security world. DevOps practices continue to evolve, meaning that developers are introducing code more and more rapidly, andwith the help of AI, developers of all kinds are able to create code faster than ever. Plus, apps aren’t just made up of first-party code and third-party dependencies anymore.
The increasing adoption of software bill of materials (SBOM) standards are starting to drive better interoperability between security tools. The NTIA’s work on defining a minimum set of elements for an SBOM was a key part of that, especially with multiple formats like CycloneDX and SPDX in widespread use. But with work on SPDX 3.0 and CycloneDX 1.5 progressing, there are lots of things we can do with the SBOM formats beyond the minimum elements.
We just released parlay, a new open source tool that can enrich SBOMs with additional information. You can read more in the announcement blog post. In that post, we briefly mentioned why this is important for decision-making based on SBOM data, but thought a few quick examples might be interesting. parlay can add a lot of extra information to an SBOM, and we can use that information to write more powerful policies.
SecurityScorecard conducted an extensive investigation into the Zellis breach. This research revealed alarming insights about the scale and persistence of the attack. The data exfiltration was carried out in several steps: Netflow data from Zellis IP ranges indicated large outbound transfers over HTTPS, which pointed towards the presence of a web shell. Additionally, SecurityScorecard researchers detected exfiltration over SSH to known malicious IP addresses.
Outpost24, a leading cybersecurity risk management platform, today announced the acquisition of Sweepatic. Outpost24, a leading cybersecurity risk management platform, today announced the acquisition of Sweepatic. Based in Leuven (BE), Sweepatic is an innovative external attack surface management (EASM) platform. Gartner identified EASM as a top Security and Risk Management (SRM) trend for 2022.
On May 31, 2023, Kroll received multiple reports that a zero-day vulnerability in MOVEit Transfer was being actively exploited to gain access to MOVEit servers. Kroll has observed threat actors using this vulnerability to upload a web shell, exfiltrate data and initiate intrusion lifecycles. This vulnerability may also enable a threat actor to move laterally to other areas of the network.
Improved BlackCat ransomware variant strikes with lightning speed in stealthier attacks, Microsoft finds a macOS bug that lets hackers bypass SIP root restrictions, and Dark Pink hackers continue to target government and military organizations.
