Stranger Danger Live Hack! Your Java Attack Surface Just Got Bigger
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Vulnerability
Outpost24 and Secure Code Warrior integration
Added links in Outpost24 Scale DAST tool to Secure Code Warrior for findings with a CWE. Where an Appsec finding is linked to a CWE we have introduced direct links to Secure Code Warrior eLearning training platform. This gives users the ability to understand what the vulnerability is and more importantly how to address these findings within their development process. Customers do not have to be customers of Secure Code Warrior (SCW) to enjoy the learning modules presented, though customers who are SCW customers may get further insights as well as tracking scores and other metrics.
What are Product Security Incident Response Team (PSIRT) Best Practices?
In my previous post, I disclosed that SonicWall had quietly released vulnerability fixes over the course of several days before vulnerability advisories were published for CVE-2020-5135. Rather than properly fixing CVE-2020-5135, SonicWall’s fix introduced a new vulnerability in the same code. SonicWall was aware of the new vulnerability but deferred the small fix until the next release, more than 6 months later.
Kaseya Ransomware Attack: How Did It Affect the MSSPs And What To Do To Prevent The Risk?
Kaseya #Ransomware Attack A #cybercrime organization with Russian origins called #REvil claims to have infected 1 million systems across 17 countries. It is now demanding $ 70 million in bitcoins in exchange for a "universal decryptor" that will return users’ access. Hackers targeted the US IT company #Kaseya, and then used that company’s software to infiltrate the victims’ systems, using a zero-day vulnerability.
Top 5 high severity CVEs detected by Detectify since June 2020
We’re going to highlight the Top high severity CVEs found by Detectify. Thanks to the Crowdsource global community of handpicked ethical hackers, Detectify users get continuous access to the latest threat findings “from the streets” – even actively exploited vulnerabilities for which there aren’t yet any official vendor patches or updates.
Featured Post
Measuring security for cloud native applications
Modern cloud-native applications - and the DevSecOps culture and practices used to manage them - introduce a fresh layer of challenges to the already thorny topic of security measurement. Historically, security has been typically measured on a regular but intermittent basis, at particular points in time. However, the pace of change at modern, cloud-native organisations, who've implemented DevSecOps and/or CI/CD, is relentless. Many deployments might be made in a single day, and the security posture of businesses might thus change dramatically over that time.
Snyk Powers Docker Vulnerability Scanning
Learn about Snyk's Docker integrations and how the companies work together to help developers secure container images quickly and efficiently early in the software application development lifecycle.
PrintNightmare (CVE-2021-34527): what is it and how could it affect your organisation?
But what is PrintNightmare, why are people so worried and what can organisations do to defend themselves? We address these issues and others in this PrintNightmare security advisory, which will be updated as new information becomes available.
Internal vs External Vulnerability Scans: Understanding the Difference
When it comes to establishing a robust mobile application security posture, vulnerability scanning is certainly the go-to option. But given the complex cybersecurity challenges of modern times, it might be complicated and challenging to implement vulnerability scanning properly. According to the 2020 Edgescan Vulnerability Statistics Report, around 35% of the vulnerabilities discovered in external-facing apps were of critical or high risk.
CVE-2021-34527 PrintNightmare
Whilst originally thought to be a local privilege escalation vulnerability in the Windows Print Spooler, identified as CVE-2021-1675 and patched during Microsoft's June Patch Tuesday, Microsoft increased the severity of this issue on June 21 as well as reclassifying it as a 'remote code execution' (RCE) threat.