Many of us took ChatGPT for a first-time spin just 12 months ago. Then someone hit the speed multiplier button, and just like that, we’re exiting 2023 with whiplash. Generative artificial intelligence’s (GenAI) breakout year was both exciting and unnerving for cybersecurity professionals who understand that technological change and cyber risk are inextricable.

Snyk's security researchers have conducted some research to better understand the risks of WebExtensions, both well-known (i.e. XSS, code injection) and those more specific to WebExtensions themselves. From our research we identified and disclosed some vulnerabilities within some popular browser extensions: React Developer Tools and Vue.js devtools. In this post, we will explore the WebExtension technology and look into the vulnerabilities identified.

Gift cards have become a go-to Christmas present for many people, but their dramatic rise in popularity has also unfortunately made them a prime target for hackers. The reason why gift cards are such a popular present is because of how practical they are to use. When you’re not sure what to buy someone, gift cards present an easy and accessible way to show someone how much you appreciate them.

As the digital revolution has unfolded, the dramatic increase in the amount of code written, borrowed, and bought means that the attack surface has also increased dramatically. Software proliferation creates challenges for teams that must keep up with innovation while also securing their software.

In late September 2023, the US-based National Institute of Standards and Technology (NIST) published its Cybersecurity Framework Profile for Hybrid Satellite Networks, otherwise known as NIST IR 8441. This blog will explore the reasons behind NIST developing the framework, outline its intentions, and summarize its key points.

Tripwire recently held its annual Energy and NERC Compliance Working Group. This year's attendees included more than 200 Tripwire customer utility personnel representing over 80 different registered entities from all across the US and Canada. The company sizes ranged from public utility districts and city municipalities to medium and larger-sized investor-owned utilities, including many of the Fortune 500 and 1000 power entities.

Insights and recommendations to stay ahead of emerging security issues.

Forming partnerships with new vendors can be a complicated and risk-intensive process for any organization. The best way to manage the risks associated with new partnerships and establish successful vendor management practices is to create an effective vendor onboarding policy. Organizations create vendor onboarding policies to standardize the onboarding process, streamline vendor evaluation, and manage vendor risk and vendor compliance.

LDAP, which stands for Lightweight Directory Access Protocol, provides an open-source, vendor-neutral application protocol for distributed directory services and user authentication. This article provides a brief overview of LDAP uses, followed by a description of LDAP exposure risks and cybersecurity protection strategies.

On August 10, 2023, CrushFTP released an advisory regarding a vulnerability affecting versions of CrushFTP lower than 10.5.1. Since then, the vulnerability has been tracked as CVE-2023-43177 and the security researchers at Converge published a blog sharing their findings on November 16. CVE-2023-43177 is a mass assignment vulnerability related to how CrushFTP parses request headers for the AS2 protocol. Successful exploitation could lead to unauthenticated, remote code execution (RCE).