Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

cyphere

The top 10 network security vulnerabilities for businesses in 2021

Jun 3, 2021 By Editor In Cyphere

As per UK DCMS’s data breaches survey, about 32% of businesses in the UK have faced a form of cybersecurity threat between 2018 and 2019. As a result of these network security vulnerabilities, these businesses incurred costs on lost data and many other damages that totalled £4,180.

Read Post
Snyk

Mitigating and remediating intent-based Android security vulnerabilities

Jun 2, 2021 By Kirill Efimov, Raul Onitza-Klugman In Snyk

In previous posts we explored the potential for intent-based Android security vulnerabilities and then used Snyk Code to find exploits in popular apps on the Google Play store. If you know Snyk, you also know there’s no way we can just point out vulnerabilities and not recommend fixes. Analyzing such an extensive dataset enabled us to review a lot of code.

Read Post

Outpost24 - Full stack vulnerability management and security assessment

Jun 1, 2021 By Outpost 24 In Outpost 24
We don’t think it’s fair that businesses are targets of cybercriminals. That's why we’ve created the most complete security assessment platform to help our customers tighten their 'full stack' security exposure before their business can be disrupted.
View Video
Axis Security

The SolarWinds Vulnerability

Jun 1, 2021 By Axis Security
Before the ink was even dry on the SUNBURST headlines, another threat campaign ("SUPERNOVA"), run by a different threat actor, was discovered. This paper addresses the SolarWinds authentication bypass vulnerability, how SUPERNOVA exploits that vulnerability, and one way organizations can protect themselves against attacks like SUPERNOVA.
Get White Paper
Snyk

Snyk uncovers supply chain security vulnerabilities in Visual Studio Code extensions

May 26, 2021 By Liran Tal In Snyk

We have been witnessing an ever growing amount of supply chain security incidents in the wild. Everything from open source package managers security flaws being exploited to continuous integration systems being compromised to software artifacts being backdoored. And now, those incidents are starting to extend to the place where developers spend most of their time: their integrated development environment, and specifically the Visual Studio Code IDE.

Read Post
Snyk

Deep dive into Visual Studio Code extension security vulnerabilities

May 26, 2021 By Raul Onitza-Klugman, Kirill Efimov In Snyk

To stay ahead of attackers, we constantly monitor various security threats. One of these threats — supply chain attacks — aims to compromise an organization through its software development process. Recently, a huge spike in supply chain attacks was observed — dependency confusion was discovered, the SolarWinds breach was reported and more malicious packages were flagged. This certainly drew our attention (as well as the rest of the world’s)!

Read Post
sysdig

Detecting and Mitigating CVE-2021-25737: EndpointSlice validation enables host network hijack

May 24, 2021 By Stefano Chierici In Sysdig

The CVE-2021-25737 low-level vulnerability has been found in Kubernetes kube-apiserver where an authorized user could redirect pod traffic to private networks on a Node. The kube-apiserver affected are: By exploiting the vulnerability, adversaries could be able to redirect pod traffic even though Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range.

Read Post
Subscribe to Vulnerability

Copyright © 2024 OpsMatters™. All rights reserved.