Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

New Exchange RCE vulnerability actively exploited

Exchange admins now have another exploit to deal with despite still reeling from a number of high profile attacks this year including ProxyLogon and ProxyShell. A new high severity Remote Code Execution (RCE) exploit for on-premise Exchange Servers has been published and is being actively exploited in the wild.

ManageEngine Vulnerability Manager Plus simplifies compliance with the CIS Benchmarks

New software and assets introduced into your network are, by default, configured to be multifunctional and convenient to use, but they’re not always the most secure. IT teams also make constant changes to systems’ configurations, leading to inevitable security gaps. Maintaining secure configurations in assets and software is essential for organizations that want to avoid potential cyberattacks or face costly audit penalties.

How You Should Rank Cybersecurity Vulnerabilities

If there’s one thing you can expect from cybercriminals, it’s that they’re always looking for new ways to locate and exploit your organization’s vulnerabilities. The National Institute of Standards and Technology (NIST) defines a vulnerability as a “weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.”

Internal vs. External Vulnerability Scan: What Are the Differences?

Cyberattackers and hackers try to exploit security vulnerabilities to gain unauthorized access to enterprise networks. Their intentions typically include installing malware, stealing sensitive data, launching supply chain attacks, or engaging in cyber extortion or espionage.

Announcing automated fixes for vulnerabilities in .NET dependencies

We’re pleased to announce improved support for.NET applications in Snyk Open Source, allowing developers to fix vulnerabilities in.NET dependencies with the help of actionable advice and automated pull requests! As of the time of writing, NuGet, the Microsoft-supported and de-facto standard package manager for.NET, has 276,266 unique packages, downloaded on average more than a billion times a week!

What is Common Vulnerability Scoring System (CVSS)?

Given the large and growing number of cyber attacks that exploit software vulnerabilities, vulnerability management is critical. A variety of unintended consequences can result from misjudging the severity of an existing vulnerability. Legal battles, financial losses, and reputational damage are all possible outcomes for a business. To combat today's modern cyber security challenges, it's critical to have a vulnerability management program in place.

TensorFlow Python Code Injection: More eval() Woes

JFrog security research team (formerly Vdoo) has recently disclosed a code injection issue in one of the utilities shipped with Tensorflow, a popular Machine Learning platform that’s widely used in the industry. The issue has been assigned to CVE-2021-41228. This disclosure is hot on the heels of our previous, similar disclosure in Yamale which you can read about in our previous blog post.

The Benefits and Challenges of Reporting vs. Remediation with SBOMs

As organizations look for solutions that enable them to create a software bill of materials (SBOM) to ensure they’re meeting new governmental mandates for protecting the software supply chain, it’s important to understand the difference between solutions based on reporting vs. remediation. The primary focus of any SBOM solution should be on open source code. The use of open source continues to expand exponentially. Open source components comprise 60%-80% of today’s applications.