In recent years, blockchain technology has garnered significant attention thanks to its remarkable tamper-proof features and robust security. It is also expected that the blockchain technology market will exceed 1.2 billion US dollars by 2030, with an annual growth rate of 82.8 percent. However, recent headlines have exposed numerous vulnerabilities and cyberattacks targeting blockchain technology.

On October 16, 2023, Cisco published a security advisory regarding an actively exploited and unpatched privilege escalation vulnerability in the Web UI feature of the Cisco IOS XE operating system, both physical and virtual. The vulnerability could allow a remote, unauthenticated threat actor to create an account with maximum privileges (privilege level 15 access) on the affected device. Due to these factors, Cisco has given this vulnerability the maximum possible CVSS score of 10.

On October 18, 2023, ServiceNow published a knowledge base article revealing that they are aware of reporting that details a potential misconfiguration issue. This issue lies in the Access Control Lists (ACL) within ServiceNow that if misconfigured could result in unauthenticated threat actors being able to access data. The issue was discovered by a security engineer at AppOmni, and was disclosed in a blog to the public on October 14, 2023.

We just released a new Snyk Partner Speak Video to showcase Snyk and Slack’s joint integration that enables you to view and use Snyk data on Slack channels. The new Snyk App for Slack provides notifications within the channels your teams rely on most to address security issues in your code, open source dependencies, containers, and cloud infrastructure.

As the world embraces the power of artificial intelligence, large language models (LLMs) have become a critical tool for businesses and individuals alike. However, with great power comes great responsibility – ensuring the security and integrity of these models is of utmost importance.

On Wednesday, October 18, 2023, we discovered attacks on our system that we were able to trace back to Okta – threat actors were able to leverage an authentication token compromised at Okta to pivot into Cloudflare’s Okta instance. While this was a troubling security incident, our Security Incident Response Team’s (SIRT) real-time detection and prompt response enabled containment and minimized the impact to Cloudflare systems and data.

In an evolving era of Artificial Intelligence (AI) and Large Language Models (LLMs), innovative tools like GitHub's Copilot are transforming the landscape of software development. In a prior article, I published about the implications of this transformation and how it extends to both the convenience offered by these intelligently automated tools and the new set of challenges it brings to maintaining robust security in our coding practices.

Cisco has released a Product Security Incident Response Team (PSIRT) advisory regarding a zero-day vulnerability in the web UI feature of Cisco IOS XE software. Cisco has stated that the web-based user interface should never be accessible through the public internet, yet research indicates that more than 10,000 Cisco devices have been exploited by an unknown threat actor. This critical vulnerability is being tracked as CVE-2023-20198 and is currently undergoing investigation for active exploitation.

In our connected world, securing digital data has become an utmost priority. With the wide spread of Java applications in various sectors, from banking to healthcare, we must emphasize the importance of encryption. Encryption is converting readable data or plaintext into unreadable data or ciphertext, ensuring that even if encrypted data is intercepted, it remains inaccessible to unauthorized individuals.

In vulnerability management (VM), the task of sifting through vast amounts of data to pinpoint critical insights can feel like searching for a needle in a haystack, specifically a haystack with many precious needles that all look alike. And, of course, the one needle you’re looking for is mission-critical and can mean the difference between securing your business and leaving it open to attack.