In a recent post by ZDI, researchers found an out-of-bounds access flaw (CVE-2021-31440) in the Linux kernel’s (5.11.15) implementation of the eBPF code verifier: an incorrect register bounds calculation occurs while checking unsigned 32-bit instructions in an eBPF program. The flaw can be leveraged to escalate privileges and execute arbitrary code in the context of the kernel.

SecurityScorecard also found that 1 in 5 of the world’s food processing, production, and distribution companies rated have a known vulnerability in their exposed Internet assets

CVE-2021-22116, CVE-2021-33175, and CVE-2021-33176 are denial of service vulnerabilities in three popular open source message broker applications.

This quick blog is the first in a two-part series discussing a userland Windows exploit initially disclosed by James Forshaw and Alex Ionescu. The exploit enables attackers to perform highly privileged actions that typically require a kernel driver.

As per UK DCMS’s data breaches survey, about 32% of businesses in the UK have faced a form of cybersecurity threat between 2018 and 2019. As a result of these network security vulnerabilities, these businesses incurred costs on lost data and many other damages that totalled £4,180.

In previous posts we explored the potential for intent-based Android security vulnerabilities and then used Snyk Code to find exploits in popular apps on the Google Play store. If you know Snyk, you also know there’s no way we can just point out vulnerabilities and not recommend fixes. Analyzing such an extensive dataset enabled us to review a lot of code.

We sat down with our customer - Deputy Group CISO at ITV, Jaspal Jandu who offers a practical view of today’s cybersecurity challenges including digital transformation, vulnerability management, risk prioritization and building a security culture from within.