One of the main goals of this research was to explore C/C++ vulnerabilities in the context of NodeJS npm packages. The focus will be on exploring and identifying classic vulnerabilities like Buffer Overflow, Denial of Service (process crash, unchecked types), and Memory Leakages in the context of NodeJS C/C++ addons and modeling relevant sources, sinks, and sanitizers using Snyk Code (see Snyk brings developer-first AppSec approach to C/C++).

As your organization considers how to shift security left and facilitate shared responsibility for fixing issues, it can be tricky to know where to start. Which tooling will work best with your existing processes? What are the best ways to spread the word about the importance of application security? And once you’ve chosen tools, how do you actually get developers to use them?

In 2024, the Australian government introduced PSPF Direction 001-2024 in recognition of the potential threats posed by Foreign Ownership, Control, or Influence (FOCI) on technology assets and GovTech (government technology operations). As part of the Protective Security Policy Framework (PSPF), PSPF 001-2024 is a crucial step in evaluating and mitigating cyber risks associated with foreign interference in the procurement and maintenance of technology assets.

As you’re browsing the internet on your phone, you encounter a pop-up message saying, “Your iPhone has been hacked!” The message claims your device has been infected with malware. Is this message even real? No, pop-ups claiming that your iPhone has been hacked are not real. These kinds of pop-ups are scams that cybercriminals create intending to scare you into clicking them. After you click on these pop-ups, malware can start downloading on your device.

SharpRhino RAT threatens IT admins, ransomware gangs ramp up pressure on targets, and a new phishing scam leverages Google Drawings and WhatsApp links.

This post is based on ongoing security research – the post will continue to be updated as we get additional information… A critical vulnerability has just been announced in Ivanti’s Virtual Traffic Manager (vTM) that allows unauthenticated remote attackers to create administrator users.

As companies build more cloud-native apps, securing them across different infrastructures becomes a challenge. Cloud-native apps leveraging different deployment environments such as on-premises, public cloud, or hybrid have different security challenges as they are scaling, interoperable, and cost-effective.

A critical problem for security and legal professionals who manage supply chain risk is that cybersecurity risks are dynamic and always shifting. You have done your due diligence and selected a vendor with strong cybersecurity controls – but how can you guarantee that your vendor maintains this type of security hygiene and doesn’t become a target and a “weak link” in your supply chain?

SecurityScorecard is excited to announce that we are now an AWS OMNIA partner. This unlocks a critical opportunity for the 90,000 buying organizations that make up the OMNIA partner network to reduce and manage Supply Chain Cyber Risks. The third party attack surface is a fast growing risk vector and SecurityScorecard offers an industry leading solution to help organizations combat these threats.

The most secure browsers depend on your security preferences and what you’re looking for in your browsing experience, but we suggest Chrome for its incognito mode, Firefox for its anti-tracking systems and DuckDuckGo for its privacy settings. Depending on the kinds of security features you need, each browser below has its own strengths and weaknesses. No matter which web browser you use, you should look for several safety features that protect your private data.