Over the last year, many of us have been introduced to the term “Software Supply Chain”. For better or worse, it is now part of our defense vernacular and won’t be going away any time soon. If anything, it has consumed us in many ways and has been the cause of many nights of lost sleep. Well, that could just be us on the SURGe team here at Splunk.

The JFrog Security research team has recently disclosed two denial of service issues (CVE-2021-37136, CVE-2021-37137) in Netty, a popular client/server framework which enables quick and easy development of network applications such as protocol servers and clients. In this post we will elaborate on one of the issues – CVE-2021-37136.

Not every organization is - or even wants to be - a Fortune 500. Unfortunately, cybercriminals don’t care how big your company is. In fact, they often look to target small and midsize businesses (SMBs) knowing that they might have fewer security resources. You have the same problems that the big companies have, but you also have less money and people. Using centralized log management can give you the security solution you need, at a price you can afford.

In 1970, the world experienced its first “cyber attack” – What first started as a harmless joke, paved the way for a new wave of criminality - cybercrime. Since then, attacks have become more sophisticated with the use of malware, ransomware, and phishing attacks, among many others. In fact, according to Security Magazine, today’s hackers attack computers with Internet access every 39 seconds on average.

iOS is the operating system which powers Apple’s iPhone devices, and includes the special version iPadOS which runs on iPads. Apple claims it to be particularly secure, at least partly as a result of the limitations they place on what it is able to run. But regardless of how secure the OS is, apps built for it still need to be written in a secure way. Getting it wrong will leave your customers vulnerable.

BazarLoader (sometimes referred to as BazaLoader) is a popular downloader among criminals, used to distribute multiple malicious payloads including Ryuk and Conti ransomware. According to a recent report by Phishlabs, during Q3 2021 this malware accounted for 24.7% of all attacks, earning the unwelcome accolade of being the most common payload.

ISO/IEC 27001, commonly referred to as ISO 27001, is the most widely adopted international standard for managing data security and information security through an information security management system (ISMS). The standard was first published in 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO 27001:2013 is the latest revision to the standard.

Technology has become an essential part of daily life. From the way we get around to the things we buy, computers are at the forefront of change. This is especially true for vehicles. Vehicle technology has evolved dramatically over recent decades. The latest iteration of vehicle remodelling in the automobile industry is heavily software-focused, from autonomous and connected vehicles to electric vehicles and car-sharing.

Following a series of headline-grabbing ransomware attacks that disrupted critical services in the US, FBI Director Christopher Wray likened the threat posed by ransomware to the September 11 terrorist attacks of 2001. According to Wray, recent attacks against one of the largest oil pipeline operators in the United States and a major meat processing operation may be just a harbinger of what is to come.

Over seven years later, the Heartbleed vulnerability still offers important lessons in application security. Heartbleed is a serious vulnerability discovered in the openssl open source software component in April 2014. This article is a deep dive on Heartbleed and its broader implications for application security.