Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How YellowAI Uses AWS & Snyk: Securing Cloud & Apps Using a Developer-First Approach

Feb 7, 2023 By Snyk In Snyk
Citu Singh of CNBC-TV18 asks technology business leaders to share their philosophy on developing applications quickly and safely. Apoorva Gaurav, VP of Engineering from YellowAI, talks about how his team uses Snyk, while Shaun McLagan, VP of Snyk APJ, shares the benefits of a developer-first approach to security.
View Video
Arctic Wolf

Actively Exploited GoAnywhere MFT Zero-Day Vulnerability

Feb 7, 2023 By James Liolios In Arctic Wolf
On February 3, 2023, the developers of GoAnywhere MFT (Managed File Transfer) sent an advisory to their customers warning them of a zero-day remote code execution vulnerability being actively exploited in the wild. Exploitation of this vulnerability could allow sensitive data to be leaked and potentially used for extortion.
Read Post
Snyk

Evolving the Snyk CLI through an extensible approach

Feb 7, 2023 By Steve Winton In Snyk

Every day, thousands of developers use the Snyk CLI as part of their development workflow, to identify and resolve security issues in their code as early as possible. What if these developers and other security professionals could harness the power of this dev-first approach and also utilize entirely new security analyses, filters, and workflows via an extensible approach?

Read Post
Arctic Wolf

Active ESXiArgs Ransomware Campaign Targeting ESXi Servers Worldwide

Feb 6, 2023 By James Liolios, Steven Campbell, Christopher Prest, and Arctic Wolf Labs Team In Arctic Wolf
Early Friday morning, February 3, 2023, Arctic Wolf Labs began monitoring a new ransomware campaign targeting public-facing ESXi servers. The campaign has grown exponentially over the weekend, with approximately 3,000 victims worldwide as of early-Monday morning. Based on reporting from OVH, the threat actors behind this campaign are likely leveraging a nearly two year old heap overflow vulnerability (CVE-2021-21974) in VMware ESXi’s OpenSLP service.
Read Post

Dev-First Prevention Strategies

Feb 3, 2023 By Snyk In Snyk
Security and engineering teams often fail to find a balance between meeting the necessary security objectives for their organization and ensuring maximum velocity. While security teams view the process of blocking new critical severity vulnerabilities as a basic security best practice, engineering teams often push back out of fear that it will create too much friction for their developers. This dynamic is often based on prior experience with legacy security systems that focus almost solely on the needs of security and fail to support developers in this process.
View Video
veracode

4 Categories of Container Security Vulnerabilities (& Best Practices to Reduce Risk)

Feb 2, 2023 By Sarah Zipkin In Veracode

Containerization is becoming increasingly common due to portability, ability to isolate application dependencies, scalability, cost effectiveness, and ease of use. The ability to easily package and deploy code has changed the way that organizations work with applications. But like with Windows servers years ago, or AWS today, any time one specific technology gains a significant portion of the market share, it becomes a target for attackers.

Read Post
Trustwave

Vulnerability Causing Deletion of All Users in CrushFTP Admin Area

Feb 2, 2023 By Trustwave In Trustwave

During a recent penetration test, Trustwave SpiderLabs researchers discovered a weak input validation vulnerability in the CrushFTP application which caused the deletion of all users. CrushFTP is a secure high- speed file transfer server that runs on almost any OS. It handles a wide array of protocols, and security options. CrushFTP stores details of registered users within the filesystem in the users/MainUsers directory.

Read Post
Arctic Wolf

CVE-2022-27596: QNAP NAS Devices Vulnerable to Critical SQL Injection Vulnerability

Feb 2, 2023 By James Liolios In Arctic Wolf
On January 30, 2023, QNAP Systems Inc. disclosed a new critical vulnerability that could allow remote attackers to inject malicious code on QNAP NAS devices that were exposed to the internet. QNAP has stated that the vulnerability is a SQL Injection flaw being tracked as CVE-2022-27596 and can be abused in low-complexity attacks by unauthenticated malicious remote threat actors without requiring user interaction.
Read Post
Snyk

4 application security bad habits to ditch in 2023 (and best practices to adopt instead)

Feb 2, 2023 By Belyn Lai In Snyk

Regardless of how last year went, a few things probably come to mind that you’d like to leave in 2022. Maybe it’s a bad habit you’d like to drop or a mindset you’d like to change. But speaking of ditching bad habits, some poor cloud application security practices shouldn’t carry over to 2023 either!

Read Post

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Feb 1, 2023 By Snyk In Snyk
Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.