A selection of this week’s more interesting vulnerability disclosures and cyber security news. A very worrying discovery…

Every software team is constantly looking for ways to increase their velocity. DevOps has emerged as a leading methodology that combines software development and IT operations to shorten the system development life cycle and provide continuous delivery. However, ensuring software quality and security in a high-velocity environment can be challenging. This is where parallel testing comes into play.

Synopsys is proud to announce that we have been recognized as a Customers’ Choice vendor in the 2023 Voice of the Customer for Application Security Testing on Gartner® Peer Insights™. This distinction is a recognition of vendors in this market based on feedback and ratings from 59 verified end users of our product as of October 2023. Overall, Synopsys reviewers gave us a 4.6 out of 5, with 90% saying they would recommend our product.

In code security, not everything is "shift left." Dynamic testing is as important to help developers build and ship secure applications on the right-hand side of the SDLC. Let's explore the benefits, pitfalls, and popular open-source DAST tools in this blog post from the Escape team.

On Tuesday, December 5, 2023, Atlassian published fixes for four critical-severity remote code execution (RCE) vulnerabilities impacting a variety of Atlassian products, including Atlassian Confluence Server and Data Center. The vulnerabilities were discovered by Atlassian as part of a security review and have not been actively exploited by threat actors. Additionally, we have not observed a public proof of concept (PoC) exploit published for any of the vulnerabilities.

On November 21, 2023, ownCloud published advisories on three security vulnerabilities. The most severe of these vulnerabilities is an information disclosure vulnerability tracked as CVE-2023-49103 (CVSS: 10). The vulnerability is within the “graphapi” extension and is due to a library it relies on. The library provides a URL that when accessed discloses configuration details regarding the PHP environment including environment variables.

As your business grows and you work with more third-party vendors, you need to ensure security and stability across your entire vendor supply chain. With hundreds, if not thousands, of external vendors, it can be daunting and time-consuming for teams to compile all the necessary data about each vendor, evaluate the vendor's impact, and take action to ensure compliance with organizational needs.

The growing frequency and sophistication of cyberattacks, especially on the ransomware front, have compelled even more companies to seek cyber insurance coverage. But as the need for coverage grows, so do the complexities. Even though we’re seeing a trend in which premiums have flattened, with expectations that this will continue as a market correction occurs, significant challenges remain for companies seeking coverage.

If your credit card information is on the dark web you need to immediately contact your credit card issuer, monitor your online accounts for any suspicious activity or transactions, check your credit report and place a fraud alert on your credit report as an extra precaution. Continue reading to learn how your credit card information could have gotten on the dark web and how to keep your credit card information safe in the future.

December 9 marks two years since the world went on high alert because of what was deemed one of the most critical zero-day vulnerabilities ever: Log4Shell. The vulnerability that carried the highest possible severity rating (10.0) was in Apache Log4j, an ubiquitous Java logging framework that Veracode estimated at the time was used in 88 percent of organizations.