Prolific Cybercrime Marketplace WT1SHOP Shut Down in Law Enforcement Operation
Read also: Albania cuts diplomatic ties with Iran over a cyberattack, a new Apple zero-day is being sold on the dark web, and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Vulnerability
Integrating Snyk Open Source C/C++ security scanning into CI pipelines
Snyk Open Source supports C and C++ scanning for vendored open source dependencies via CLI — and we are happy to share that it is now available via our CI plugins as well. This guide will walk you through integrating C/C++ security scanning within pipelines to get vulnerability information and remediation advice directly to developers. Note that in the scope of this guide, we’ll refer to “C/C++” as just “C++”
Smart home under fuzzing
Smart homes rely on secure devices. Fuzz testing identifies software vulnerabilities in smart devices by fuzzing wireless and IoT protocols.
CVE-2022-36085, OPA and Styra DAS
Testing the relatively new function mocking feature of OPA revealed a vulnerability in the Go API, where the use of the WithUnsafeBuiltins function on the compiler object — a deprecated legacy function used to declare a set of function names as unsafe, and as such rejected in the policy compilation stage — could be bypassed by mocking a function, effectively replacing it with one of the functions deemed unsafe.
How to find and fix XML entity vulnerabilities
XML is a human-readable text format used to transport and store structured data. Tags and data structures are defined by users in self-describing documents that are universally parsable by any XML tool, giving developers a highly configurable mechanism for data representation. To build on XML’s limited base syntax, an author can define the structure and acceptable content of a document’s data using a document type definition (DTD).
Best practices for API gateway security
APIs are a critical component of today’s development landscape because of their importance in microservices. Since modern software is often composed of various microservices, certain functionalities may be beyond the scope of an individual API. With an API gateway, we can aggregate those services to behave as if they were a single API, and return complex responses from disparate microservices through a single call to an API gateway.
Stranger Danger: Your JavaScript Attack Surface Just Got Bigger
Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.
Snyk Security using Language Server Protocol
Snyk provides plugins or extensions for Visual Studio Code, Jetbrains IDEs like IntelliJ, WebStorm, PHPStorm, GoLand, and Visual Studio. But have you ever wanted to integrate Snyk in your daily work when your favorite editor or IDE is Vim, Emacs, Sublime, or Eclipse? This is going to be possible soon, as we’ve published our Eclipse plugin, including the new Snyk Language Server Protocol.
This Week in VulnDB
Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.
The npm faker package and the unexpected demise of open source libraries
Where do open source dependencies go to die, and why do they come to an end? What happened to the npm faker module? Can it happen again? Join me to learn how open source software libraries rise to glory and how they reach their end of life. I’ll also include some takeaways for developers and ops engineers.