Vulnerability

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Dec 14, 2022 By Snyk In Snyk

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.

View Video

Snyk

Read more about Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Instilling a Higher Level of Trust: Miles & Stockbridge

Dec 14, 2022 By Centripetal In Centripetal

In this day and age securing data and ensuring clients are confident in their information being protected is imperative to build trust. So when integrating solutions how can you make sure that not only is data secure, but that you continue to increase bandwidth within your organization and mitigate future possible vulnerabilities?

View Video

Centripetal

Read more about Instilling a Higher Level of Trust: Miles & Stockbridge

Introducing Third-Party Vulnerability Detection

Dec 13, 2022 By BitSight In BitSight

Learn how Bitsight Third-Party Vulnerability Detection empowers third-party risk professionals to find and remediate threats - including major security events - more quickly within their vendor portfolio. Identify exposure and mitigate risk more easily with critical insights into the impact on your organization’s third parties.

View Video

BitSight

Read more about Introducing Third-Party Vulnerability Detection

2023 Cybersecurity Predictions

Dec 13, 2022 By Outpost 24 In Outpost 24

In light of the numerous large-scale cyberattacks witnessed in the last year, 2023 promises to be an exciting time for cybersecurity. Outpost24 experts share their thoughts on what we can expect in the new year, and how to best prepare against new threats.

Read Post

Outpost 24

Read more about 2023 Cybersecurity Predictions

Azure Bicep security fundamentals

Dec 13, 2022 By Mark Johnson In Snyk

Azure Bicep is getting more popular by the day and is rapidly becoming the replacement for Azure Resource Manager (ARM) templates. In this post, I am going to go over some security fundamentals when using Bicep. If you are not familiar with Bicep then I recommend taking a look at the Microsoft Learn documentation to find out more.

Read Post

Snyk

Read more about Azure Bicep security fundamentals

Continued Exploitation and Evolution of ProxyShell Vulnerabilities - The Monitor, Issue 22

Dec 13, 2022 By Kroll In Kroll

In August 2021, threat actors started to exploit ProxyShell vulnerabilities in certain Microsoft Exchange Server versions. Today, not only is Kroll seeing actors continue to leverage ProxyShell in larger network intrusions but also now organizations must also be on guard for the so-called ProxyNotShell vulnerabilities, which surfaced in September 2022.

Read Post

Kroll

Read more about Continued Exploitation and Evolution of ProxyShell Vulnerabilities - The Monitor, Issue 22

CrowdStrike Services Helps Organizations Prioritize Patching Vulnerabilities with CrowdStrike Falcon Spotlight

Dec 13, 2022 By Steven Alexander In CrowdStrike

When the CrowdStrike Services team conducts a proactive security engagement, such as a Cybersecurity Maturity Assessment or Tabletop Exercise, it often uses CrowdStrike Falcon® Spotlight to identify what vulnerabilities exist in the environment. Unfortunately, this can be a disheartening experience, as many organizations we see have millions, even tens of millions, of unpatched vulnerabilities. It’s typical to see at least a quarter of those listed with a CVSS rating of Critical.

Read Post

CrowdStrike

Read more about CrowdStrike Services Helps Organizations Prioritize Patching Vulnerabilities with CrowdStrike Falcon Spotlight

OpenAI (ChatGPT) Vulnerability Remediation Concept Work

Dec 13, 2022 By Kondukto In Kondukto

Kondukto integrates with OpenAI and gets vulnerability remediation advice for all your security testing results on this concept work. OpenAI is an artificial intelligence research laboratory that surprised the world with ChatGPT. It was founded in San Francisco in late 2015 by Sam Altman and Elon Musk, and many others. ChatGPT grabbed 1M people's attention in the first six days, and unbelievable AI & Human conversations screenshots are still getting shared.

View Video

Kondukto

Read more about OpenAI (ChatGPT) Vulnerability Remediation Concept Work

AWS re:Invent 2022: How Neiman Marcus transitioned to developer-first security

Dec 12, 2022 By Megan Moore In Snyk

At this year’s AWS re:Invent conference, Snyk’s VP of Product Marketing, Ravi Maira, spoke with Omar Peerzada, Cyber Security Architect at Neiman Marcus, about how his team transitioned from older security practices to a developer-first security strategy. Watch the full talk now, or keep reading for the highlights.

Read Post

Snyk

Read more about AWS re:Invent 2022: How Neiman Marcus transitioned to developer-first security

SBOMs and the Hunt for Software Supply Chain Vulnerabilities

Dec 12, 2022 By Daniel Trivellato, VP Product & Engineering In Forescout

That’s an excerpt from the fact sheet accompanying the May 2021 Executive Order on Improving the Nation’s Cybersecurity (EO). It refers to one of seven ambitious measures in the EO: shoring up security of that notorious playground for hackers, the software supply chain. Knowing that organizations lack visibility into the components that comprise their connected assets, bad actors can have a field day exploiting vulnerabilities to penetrate networks and take control.

Read Post