Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Windows Downdate Attacks, Quick Share Vulnerability Exploit, and More: Hacker's Playbook Threat Coverage Round-up: August 2024

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for several new threats, including those discovered via original research by the SafeBreach Labs team. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.

A developer's best friend: Lessons learned from our canine companions about AI code security

Happy International Dog Day! This official holiday celebrates our furry friends and the joy they bring to our lives! Today is particularly special for all of us at Snyk because of our four-legged mascot, Patch the Doberman. But what exactly does a dog have to do with application security? Here at Snyk, we see the idea of a “guard dog” protecting someone’s home as similar to how AppSec solutions can protect today’s development practices.

The Hidden Risks of Internet of Bodies (IoB): Cybersecurity in Healthcare Devices

The Internet of Bodies, or IoB, represents a groundbreaking shift in the healthcare industry, connecting vital health management devices like pacemakers, insulin pumps, and health monitors to the Internet. While these advancements come with many remarkable benefits, they also expose these essential devices to new cybersecurity vulnerabilities.

Navigating the AI-powered development era in financial services

Australian and New Zealand financial service institutions (FSIs) are facing pressure to innovate quickly while maintaining robust security and regulatory compliance. Many, like ANZ Bank and Commonwealth Bank, are exploring Generative AI to accelerate software development, but is it a silver bullet?

Google Fixes Actively Exploited Chrome Vulnerability

Google has recently released an urgent security update to fix a high-severity vulnerability in its Chrome browser. This flaw, identified as CVE-2024-7971, has been actively exploited by attackers, posing a significant risk to users. The vulnerability, rooted in the V8 JavaScript and WebAssembly engine, could allow remote attackers to execute harmful code via specially crafted web pages. As cyber threats continue to evolve, it is crucial for users to stay informed and ensure their browsers are up to date.

Elevate Your Security Strategy with Effective Vulnerability Prioritization

Vulnerability prioritization is essential for organizations to efficiently allocate resources, reduce risk, and protect critical assets. However, with an increasing number of vulnerability scanning tools in use, security teams face a growing backlog of findings. This overwhelming volume of data can lead to analysis paralysis, where critical vulnerabilities remain unaddressed while minor issues consume valuable time and resources.

CVE-2024-28986 & CVE-2024-28987: Follow-Up: New SolarWinds HotFix Addresses Critical Vulnerabilities in Web Help Desk

On August 21, 2024, SolarWinds released a second hotfix for SolarWinds Web Help Desk (WHD) version 12.8.3. This hotfix addresses a newly disclosed hardcoded credential vulnerability (CVE-2024-28987) that allows a remote, unauthenticated attacker to access internal functionality and modify data. Additionally, the hotfix resolves the Java deserialization remote code execution (RCE) vulnerability (CVE-2024-28986) disclosed the previous week and fixes functionality issues introduced by the first hotfix.

Three trends shaping software supply chain security today

Building software continues to look like an assembly line, with developers pulling resources from across the web to create applications. Although third-party resources have played an essential role in developing software for many years, the way that development teams use these external components looks different today.

CVE-2024-6800: Critical Authentication Bypass Vulnerability Affecting GitHub Enterprise Server

On August 20, 2024, GitHub released security fixes for a critical authentication bypass vulnerability in GitHub Enterprise Server, identified as CVE-2024-6800. GitHub Enterprise Server is a self-hosted version of GitHub, designed for organizations to manage and collaborate on code securely within their own infrastructure. This vulnerability affects instances using SAML single sign-on (SSO) with certain identity providers (IdPs) that publicly expose signed federation metadata XML.

Five Key Findings from the Inaugural EPSS Report

Last month, Cyentia and First.org published the inaugural Exploit Prediction Scoring System (EPSS) performance report. The report goes beyond just assessing the EPSS predictive scoring model. It looks at historical vulnerability data and published CVEs, as well as provides comparisons to the other popular scoring models: CVSS and CISA-KEV.