As technology folks, we are often under a lot of pressure to fix some deployed code, update an infrastructure component, or patch some code. Often it’s with little notice and needs to be done 5 minutes ago. The gamble with any “zero turnaround” is the rush to fix now vs. taking the time to test and check.
Adversaries are becoming more adept and sophisticated in their attacks. Taking advantage of vulnerabilities present in major software is often an attractive entry point for establishing a campaign within an enterprise environment. The CrowdStrike 2022 Global Threat Report highlights how adversaries continue to shift tradecraft and weaponize vulnerabilities to evade detection and gain access to critical applications and infrastructure.
CVE-2022-23628 was published last week by the Open Policy Agent (OPA) project maintainers after a user reported unexpected behavior from a policy bundle that was built with optimizations enabled. The problem stemmed from a regression fix in the v0.33.1 release that addressed incorrect pretty-printing of Rego object literals by the `opa fmt` command and the underlying `format` package.
When it comes to making business decisions about new technologies and software adoption into your organization – it’s vital to work with your security team to balance the need for speed without sacrificing security.
Photo by ThisIsEngineering from Pexels Considered one of the largest exploitable vulnerabilities in history, Log4Shell affects many as Log4J is one of the most extensively used logging libraries. An issue that has existed for almost a decade but just recently was discovered, Log4Shell leaves companies vulnerable to the full extent of these attacks. AT&T Alien Labs blogged about the vulnerability back in December 2021, with more technical detail.
Today, I am excited to announce Snyk’s acquisition of Fugue and welcome their team to the Snyk family. The addition of Fugue to Snyk’s platform will allow us to continue our mission to help developers find and fix security issues in the applications they create, by providing visibility into the security of applications and the cloud services they use. But it’s about more than just visibility of the cloud posture.
Magento has been a much used and loved e-commerce platform since its initial release in 2008. One of the things I’ve always loved about Magento is its ability to grow as ecommerce businesses grow. Starting as a self-hosted version (which I’ve used extensively as a developer over the years), Magento now has clear support and management options available via Adobe or third party ecosystem partners.
Despite growing awareness and prioritization of cybersecurity, close to 22,000 vulnerabilities were published in 2021 alone. This concerning number proves that awareness and a willingness to invest in cybersecurity aren’t always enough to protect your organization’s network, and that network vulnerability is far from a problem of the past. To protect your networks, you need to continually monitor and assess their potential vulnerabilities to guarantee security.
Despite growing awareness and prioritization of cybersecurity, close to 22,000 vulnerabilities were published in 2021 alone. This concerning number proves that awareness and a willingness to invest in cybersecurity aren’t always enough to protect your organization’s network, and that network vulnerability is far from a problem of the past. To protect your networks, you need to continually monitor and assess their potential vulnerabilities to guarantee security.