Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

April 2022

5 Vulnerability Assessment Scanning Tools: 5 Solutions Compared

Vulnerability assessments define, identify, classify, and prioritize flaws and vulnerabilities in applications, devices, and networks that can expose organizations, their products, services, code, and applications, to attack. Security vulnerabilities allow malicious actors to exploit an organization’s applications and systems, so it is essential to identify and respond to them before attackers can exploit them.

Cybernews/ WhiteSource: It's No Longer a Matter of 'If', but 'When' an Organization Will Be Targeted by Threat Actors

From ransomware and viruses to data breaches, there are many types of security threats to look out for. Because they’re becoming more complex, it’s getting more difficult to secure your organization and avoid the financial and reputational consequences. While some organizations use traditional security measures, such as encrypting data or using antivirus software, businesses should also take a look at more advanced solutions, such as open source security and license management services.

Software Supply Chain Security: The Basics and Four Critical Best Practices

Enterprise software projects increasingly depend on third-party and open source components. These components are created and maintained by individuals who are not employed by the organization developing the primary software, and who do not necessarily use the same security policies as the organization. This poses a security risk, because differences or inconsistencies between these policies can create overlooked areas of vulnerability that attackers seek to exploit.

Threat Actor Deploys Malicious Packages Using Hex Encoding and Delayed Execution

Over the past week, the WhiteSource security team has found several instances of packages that use unusual techniques to disguise malicious intent. These techniques differ from what we have usually seen in the past, such as base64 and JS obfuscation. This time, we are seeing a malicious actor use hex encoding to hide the malicious behavior of the package.

Microsoft: Faster, Secure Open Source Code with WhiteSource

WhiteSource provides a simple yet powerful solution for companies to manage the open source components in their application. WhiteSource is designed for security and software development teams, to give managers the control and visibility over the vulnerabilities in their app and developers to tools to quickly fix what matters.

Microsoft Developers Trust WhiteSource for Fast, Secure Open Source Best Practices

WhiteSource provides a simple yet powerful solution for companies to manage the open source components in their application. WhiteSource is designed for security and software development teams, to give managers the control and visibility over the vulnerabilities in their app and developers to tools to quickly fix what matters. WhiteSourceSoftware.com

Get the Response to Spring4Shell Right: Best Practices for Immediate Remediation

With more than 38 percent of our customers impacted by the recently discovered Spring4 Shell zero-day vulnerability and more than 33 percent of impacted organizations having already remediated (removed) some or all their vulnerable libraries, I have been involved in many conversations over this incident.

Automated Software Supply Chain Attacks: Should You be Worried?

From the factory floor to online shopping, the benefits of automation are clear: Larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing malicious packages, the threat actor behind this campaign has taken things to a new scale.