Veracode Scan for VS Code was one of the big hits on the expo floor at the RSA Security conference in May this year. People liked the integration of Veracode Static, Veracode SCA, and Veracode Fix into a single extension, giving developers the tools to scan their code and resolve problems with AI assistance while they are actively developing code.

Vanta has helped auditors automate and simplify thousands of compliance audits, and we’re now making the process even easier. Today we’re excited to share that we’ve added new endpoints for auditor tools to the Vanta API, leading to a better collaboration experience for auditors and customers. ‍ With our new API endpoints, audit partners can integrate their tools with Vanta, allowing them to work in their preferred systems.

Qilin (also known as Agenda) is a ransomware-as-a-service criminal operation that works with affiliates, encrypting and exfiltrating the data of hacked organisations and then demanding a ransom be paid.

According to the CrowdStrike 2024 Global Threat Report, the fastest recorded eCrime breakout time was just 2 minutes and 7 seconds in 2023. This underscores the need to equip security analysts with modern tools that level the playing field and enable them to work more efficiently and effectively.

Businesses of all shapes and sizes can fall victim to data breaches. Unfortunately, even with the best privacy and security measures in place, hackers are continually becoming more skilled at beating them. A well designed and implemented data breach response plan is essential if businesses are to minimize the effect of data breaches and protect their reputation. Not only that, but they can reduce the financial damage to the business and better position the organization for recovery.

CodeSecDays provided an invaluable platform for the French AppSec community to come together, share insights, address challenges, and explore best practices for securing digital infrastructures. Here are the key highlights.

After our recent successes exploring WebSocket Hijacking vulnerabilities, we decided to expand this research project into other attacks that involve WebSockets. We started by looking at WebSocket smuggling attacks and expanded our scope to include HTTP response header injection attacks and potential novel impacts.

CVE-2024-32002 was published on May 15, 2024 and is affecting versions of Git SCM. The vulnerability exploits a bug where Git can be fooled into writing files into a.git/ directory instead of a submodule's worktree. To fully mitigate this vulnerability additional steps need to be taken beyond updates.