Researcher Moshe Zioni from Apiiro, discovered a major software supply chain critical vulnerability - CVE-2022-24348 - in the popular open-source CD platform Argo CD. Exploiting it enables attackers to obtain sensitive information like credentials, secrets, API keys from other applications. This in turn can lead to privilege escalation, lateral movements, and information disclosure.

In a world driven by digital business, enterprise security needs to be continuously monitored and improved to keep up with evolving cyber-threats and to ensure data protection across the web. As the corporate, office-based workforce evolves to become more permanently remote, increased access control to business assets is needed for those both within and outside of the company network.

An industry with a vast amount of disciplines and specialisations is likely to make newcomers apprehensive when starting. An individual may consider the many paths they wish to walk down and become encumbered with feelings of fear and doubt in their abilities. This is a position that many cyber-security professionals are likely to find themselves in.

For the average person, “traditional hacking” isn’t really an ever-present threat. It’s unlikely that a hacker will ever try to track you down, steal one of your devices, and bypass whatever you’ve set up to protect your personal data. Social engineering, on the other hand, is an increasingly common security threat that you’ve probably encountered many, many times before.

With the release of our new Badges feature, you can add a “Seal of Trust” to your website so your partners can easily see a snapshot of your security health.

2021 broke new ground in terms of cybersecurity, and much was ground just as well left unbroken. With no indication that ransomware, data breaches, and assorted malware will go away soon, the new year is a time for organizations to get a fresh start and really fortify themselves against a widening field of threats. One month in, we've already seen a disturbing array of attacks, from those on political targets to distressing new malware to a breach of exceptional sensitive information.

Protecting cloud workloads from zero-day vulnerabilities like Log4Shell is a challenge that every organization faces. When a vulnerability is published, organizations can try to identify impacted artifacts through software composition analysis, but even if they’re able to identify all impacted areas, the patching process can be cumbersome and time-consuming. As we saw with Log4Shell, this can become even more complicated when the vulnerability is nearly ubiquitous.

We’re almost two months from the disclosure of Log4Shell, and we here at Snyk couldn’t be more excited with the role we’ve gotten to play in finding and fixing this critical vulnerability that’s impacted so many Java shops. For starters, we’ve been able to help our customers remediate Log4Shell 100x faster than the industry average! How have we been able to achieve that?

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Something that always surprises me that still happens…. You put something on the Internet and don’t secure it, you do know what is going to happen right? Evidently people still think no one will find them.

When it comes to protecting personal healthcare information or a medical facility from cyberattacks or data breaches, the first step that must be taken is a thorough and exhaustive data assessment. The data assessment will provide your organization with a complete understanding of: Why? Because a cybersecurity team cannot be expected to protect something if it does not know it exists in the first place.