Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Windows Downdate: Downgrade Attacks Using Windows Updates

Downgrade attacks—also known as version-rollback attacks—are a type of attack designed to revert an immune, fully up-to-date software back to an older version. They allow malicious actors to expose and exploit previously fixed/patched vulnerabilities to compromise systems and gain unauthorized access.

Asset and Inventory Management - The Foundation of the Vulnerability Management Lifecycle

Organizations face a myriad of cybersecurity threats that can compromise sensitive data and disrupt operations. A cornerstone of defending against these threats is an effective vulnerability management program. This program’s first, and arguably most critical, step is strong asset and inventory management. A thorough and accurate asset inventory is essential for identifying and mitigating vulnerabilities.

A security expert's view on Gartner's generative AI insights

Snyk’s goal has always been to empower developers to build fast but safely. This is why we created the developer security category and why we were amongst the first advocates of “shifting left.” Now, AI has changed the equation. According to Gartner, over 80% of enterprises will have used generative AI APIs or models, or deployed their own AI model, by 2026.

Samsung Introduces Million-Dollar Bug Bounty for Critical Galaxy Vulnerabilities

Samsung has introduced a groundbreaking bug bounty program offering up to $1,000,000 for discovering critical vulnerabilities in its mobile devices. This initiative, named the 'Important Scenario Vulnerability Program (ISVP),' underscores Samsung's commitment to bolstering the security of its Galaxy devices. The program focuses on vulnerabilities related to arbitrary code execution, device unlocking, data extraction, arbitrary application installation, and bypassing device protections.

Tech Analysis: Addressing Claims About Falcon Sensor Vulnerability

CrowdStrike is aware of inaccurate reporting and false claims about the security of the Falcon sensor. This blog sets the record straight by providing customers with accurate technical information about the Falcon sensor and any claims regarding the Channel File 291 incident. CrowdStrike has provided a Technical Root Cause Analysis and executive summary that describes the bug in detail.

Application vulnerability management best practices

Over the years, application vulnerability management has been vital to DevSecOps — which emphasizes shared security responsibility across teams. However, as development practices have evolved, security teams must learn how to adapt and meet developers within their existing workflows. For example, containerization, infrastructure as code (IaC) AI coding assistants, and increased reliance on third-party code are all commonplace in the typical development lifecycle.

Mastering Best Practices for Vulnerability Management

Understanding vulnerability management is crucial for maintaining the security of your systems. It involves identifying, assessing, and mitigating vulnerabilities that exist within your network, applications, and infrastructure. By gaining a deep understanding of vulnerability management, you can effectively prioritize and address security risks. One key aspect of vulnerability management is conducting regular vulnerability assessments.

Trustwave Managed Vulnerability Scanning Shines a Light on Vulnerabilities

The digital landscape constantly shifts, presenting exciting opportunities and lurking threats for businesses of all sizes. In this ever-evolving environment, maintaining a secure network is no longer a luxury; it's a necessity. However, achieving true security requires more than just firewalls and antivirus software. It demands a comprehensive understanding of your network's vulnerabilities – the chinks in your digital armor that attackers could exploit.

LLM Security: Splunk & OWASP Top 10 for LLM-based Applications

As a small kid, I remember watching flying monkeys, talking lions, and houses landing on evil witches in the film The Wizard of Oz and thinking how amazing it was. Once the curtain pulled back, exposing the wizard as a smart but ordinary person, I felt slightly let down. The recent explosion of AI, and more specifically, large language models (LLMs), feels similar. On the surface, they look like magic, but behind the curtain, LLMs are just complex systems created by humans.