Vulnerability

Dev-First Prevention Strategies

Feb 3, 2023 By Snyk In Snyk

Security and engineering teams often fail to find a balance between meeting the necessary security objectives for their organization and ensuring maximum velocity. While security teams view the process of blocking new critical severity vulnerabilities as a basic security best practice, engineering teams often push back out of fear that it will create too much friction for their developers. This dynamic is often based on prior experience with legacy security systems that focus almost solely on the needs of security and fail to support developers in this process.

View Video

Snyk

Read more about Dev-First Prevention Strategies

AppSec Decoded: Takeaways from the 2022 "Software Vulnerability Snapshot"report | Synopsys

Feb 3, 2023 By Synopsys In Synopsys

Watch the second episode to uncover the major takeaways including the so-called low-risk software vulnerabilities to common software supply chain attacks, and more.

View Video

Synopsys

Read more about AppSec Decoded: Takeaways from the 2022 "Software Vulnerability Snapshot"report | Synopsys

Vulnerability Causing Deletion of All Users in CrushFTP Admin Area

Feb 2, 2023 By Trustwave In Trustwave

During a recent penetration test, Trustwave SpiderLabs researchers discovered a weak input validation vulnerability in the CrushFTP application which caused the deletion of all users. CrushFTP is a secure high- speed file transfer server that runs on almost any OS. It handles a wide array of protocols, and security options. CrushFTP stores details of registered users within the filesystem in the users/MainUsers directory.

Read Post

Trustwave

Read more about Vulnerability Causing Deletion of All Users in CrushFTP Admin Area

CVE-2022-27596: QNAP NAS Devices Vulnerable to Critical SQL Injection Vulnerability

Feb 2, 2023 By James Liolios In Arctic Wolf

On January 30, 2023, QNAP Systems Inc. disclosed a new critical vulnerability that could allow remote attackers to inject malicious code on QNAP NAS devices that were exposed to the internet. QNAP has stated that the vulnerability is a SQL Injection flaw being tracked as CVE-2022-27596 and can be abused in low-complexity attacks by unauthenticated malicious remote threat actors without requiring user interaction.

Read Post

Arctic Wolf

Read more about CVE-2022-27596: QNAP NAS Devices Vulnerable to Critical SQL Injection Vulnerability

4 application security bad habits to ditch in 2023 (and best practices to adopt instead)

Feb 2, 2023 By Belyn Lai In Snyk

Regardless of how last year went, a few things probably come to mind that you’d like to leave in 2022. Maybe it’s a bad habit you’d like to drop or a mindset you’d like to change. But speaking of ditching bad habits, some poor cloud application security practices shouldn’t carry over to 2023 either!

Read Post

Snyk

Read more about 4 application security bad habits to ditch in 2023 (and best practices to adopt instead)

4 Categories of Container Security Vulnerabilities (& Best Practices to Reduce Risk)

Feb 2, 2023 By Sarah Zipkin In Veracode

Containerization is becoming increasingly common due to portability, ability to isolate application dependencies, scalability, cost effectiveness, and ease of use. The ability to easily package and deploy code has changed the way that organizations work with applications. But like with Windows servers years ago, or AWS today, any time one specific technology gains a significant portion of the market share, it becomes a target for attackers.

Read Post

Veracode

Read more about 4 Categories of Container Security Vulnerabilities (& Best Practices to Reduce Risk)

CTI Roundup: Threat Actors Use Sliver C2 Framework

Feb 1, 2023 By Tanium In Tanium

Sliver’s growing popularity as an open-source C2 framework, Emotet’s comeback and new evasion techniques, and how Chinese hackers exploited a Fortinet flaw using a 0-Day.

Read Post

Tanium

Read more about CTI Roundup: Threat Actors Use Sliver C2 Framework

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Feb 1, 2023 By Snyk In Snyk

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.

View Video

Snyk

Read more about Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Snyk Workflows - Basic Workflows (IDE & CLI)

Feb 1, 2023 By Snyk In Snyk

Snyk integrates with your IDEs, repos, workflows, and automation pipelines to add security expertise to your toolkit. The “menu” of options available to you is extensive, so we created this three-part series to get you started and running. The first session covers basic workflows in the IDE and CLI. You’ll learn to proactively plan how to leverage Snyk in different places and different ways. We will cover basic workflows and how to use them, as well as quick tips.

View Video

Snyk

Read more about Snyk Workflows - Basic Workflows (IDE & CLI)

When is the right time for vulnerability scanning?

Feb 1, 2023 By Vanta In Vanta

All it takes for cybercriminals to breach your mission-critical networks, database, and IT systems is a single unpatched vulnerability. To prevent this and maintain good cyber hygiene, you need to obtain real-time vulnerability data. ‍ Vulnerability scans generate a lot of data that when analyzed reveal several security flaws.

Read Post