Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

3 Best Practices to Save Yourself Zero-Day Exploits

Sep 26, 2022 By SecurityScorecard In SecurityScorecard
52% of attacks in 2021 began with a zero-day exploit. Here are 4 things you can do to make sure your organization is safe: Understand your attack surfaces from the outside. You need to understand how your external attack surface looks because that's how attackers break in. Have a patching program on hand. When a patch comes out from a software vendor, apply it as soon as possible. Then, rescan your entire attack surface to confirm that it’s applied properly. Build your network with resilience in mind.
View Video
Arctic Wolf

CVE-2022-3236 - Remote Code Execution Vulnerability in Sophos Firewall

Sep 26, 2022 By Sule Tatar In Arctic Wolf
On Friday, September 23, 2022, Sophos disclosed a critical code injection vulnerability impacting Sophos Firewall. This vulnerability, assigned CVE-2022-3236, affects Sophos Firewall versions v19.0 MR1 (19.0.1) and older and could lead to remote code execution. In order for a threat actor to exploit this vulnerability, WAN access would need to be enabled for the Webadmin and User Portal consoles.
Read Post
indusface

5 Tips to Stay Ahead of OpenSSL Vulnerabilities

Sep 22, 2022 By Indusface In Indusface

Newer OpenSSL vulnerabilities are identified regularly by genuine security researchers or come to light as zero-day vulnerabilities when exploited by threat actors. While patching the bugs and OpenSSL vulnerabilities are important, organizations cannot wait for and rely just on patches to protect their websites. They need to be proactive in identifying and securing these vulnerabilities before attackers can find and exploit them.

Read Post
Snyk

Explaining the csurf vulnerability: CSRF attacks on all versions

Sep 21, 2022 By Brian Clark In Snyk

On September 11th, 2022, Snyk published a vulnerability report for the popular CSRF token management csurf npm package. The vulnerability impacts all known versions, which are currently yielding more than 400,000 downloads per week. The vulnerability report is based on the public disclosure by security consultant Adrian Tiron and their write-up on the Fortbridge blog.

Read Post
Snyk

Looking back at Black Hat USA 2022

Sep 21, 2022 By Vandana Verma In Snyk

For the past few days, I’ve been getting a lot of messages asking about my experience at this year’s Black Hat USA. So in this post, I’ll be recapping the conference to give you an inside look at what was presented and provide some helpful perspective. Black Hat is one of the largest — and most talked about — cybersecurity conferences. Its inception dates back to 1997.

Read Post

Stranger Danger: Your Java Attack Surface Just Got Bigger

Sep 21, 2022 By Snyk In Snyk
Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.
View Video

Meet the Best Hackers: Shuchita Mishra and Parth Shukla | SnykWeek Boston

Sep 21, 2022 By Snyk In Snyk
During SnykWeek Boston, Shuchita Mishra and Parth Shukla were crowned the best hackers by fixing the most vulnerabilities during our fix challenge. Check out our interview with them to learn about the passion for developer security and what they loved most about Snyk.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.