Log4Shell Deep Dive
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Security
Snyk + Dynatrace workshop: Integrating for real-time vulnerability detection
Since 2019, Snyk and Dynatrace have partnered with a shared mission of securing the entire software development lifecycle (SDLC) and accelerating digital transformation. As many agile organizations migrate their workloads to the cloud, it’s tempting for teams to let security take a back-seat until all the pieces of the infrastructure puzzle are in place.
Happy holidays from 1Password
Forget hunting down the WiFi password, ‘tis the season to invite your loved ones to 1Password Families.
Arctic Wolf Cloud Detection and Response
Cloud Detection and Response protects you from key cloud threats like account and business email compromise, ransomware, suspicious resource usage, and phished credentials. Arctic Wolf's Concierge Security® Team continually reviews your cloud posture and works to harden your environment over time. The cloud has changed the way we work. Accelerate your cloud transformation and have confidence your business is secure with Arctic Wolf Cloud Detection and Response.
Arctic Wolf Releases Open Source Log4Shell Detection Script
After successful deployment to Arctic Wolf’s customer community of more than 2,300 organizations worldwide, today we are making “Log4Shell Deep Scan” publicly available on GitHub. Log4Shell Deep Scan enables detection of both CVE-2021-45046 and CVE-2021-44228 within nested JAR files, as well as WAR and EAR files.
December 2021 Patch Tuesday: AppX Installer Zero-day, Multiple Critical Vulnerabilities
It’s the last Patch Tuesday update of 2021, and as with many other updates this year, this month’s list includes important ones — among them a zero-day (CVE-2021-43890 in AppX installer), multiple critical vulnerabilities and a variety of attack types utilized in several Microsoft product families — highlighting once again that patching and prioritization are prominent programs SecOps staff must regularly implement to keep adversaries from infiltrating their organizations’
Securing Microservices-Based Apps with Dynamic Traffic Authz
Learn how to tightly control traffic flow to, from and between microservices with Styra Declarative Authorization Service (DAS) & Kong Mesh. When it comes to the digital transformation journey, teams are often faced with distributed software architectures in order to accelerate innovation and reduce costs. With Styra Declarative Authorization Service (DAS) now integrated with Kong Mesh, teams have the collaboration tools and visibility required to manage service mesh traffic via Open Policy Agent (OPA) at a global scale.
Weekly Cyber Security News 17/12/2021
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. If you have been (luckily) hiding under a stone this week you might not be aware of a major global infosec disaster that has been on going unfolding since last weekend. As usual it is a key component included in so many other products that has a 0-day. You might want to check Twitter right away…