What is a Vulnerability? - A Log4Shell story
Software flaws are inevitable, and as Log4Shell recently reminded us, their impact can be massive. Using Log4Shell as a prime example we explain.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
SnykLive | Stranger Danger: Your JavaScript Attack Surface Just Got Bigger | Oct 5, 2022
Your JavaScript Attack Surface Just Got Bigger- here's what you need to know: Building JavaScript applications today means developers must take a step further from writing code. This live stream demonstrates a live JavaScript and cloud-native hacking session to show common threats, vulnerabilities, and misconfigurations. Further, we show how you can protect your application with actionable remediation and best practices for each exploit shown.
Stranger Danger: Your JavaScript Attack Surface Just Got Bigger
Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.
How to use Java DTOs to stay secure
Data Transfer Objects (DTOs) in Java are objects that transport data between subsystems. It is an enterprise design pattern to aggregate data. The main purpose is to reduce the number of system calls needed between the subsystems, reducing the amount of overhead created. In this article, I will explain how DTOs are used in modern Java applications, ways your application can benefit, and how Java DTOs can help you be more secure by preventing accidental data leaks.
DirtyCred: Opening Pandora's Box to Current and Future Container Escapes
DirtyCred is a new Linux kernel exploitation technique that allows kernel Use After Free (UAF) or Double free vulnerabilities to swap a credential or file structure on the kernel heap memory to escalate privileges to root. The replaced credential or file structure provides root access on a Linux host and breaks out of the container at the same time. Ph.D.
Security lessons with a Snyk Ambassador
Security has been a concern in the tech industry for years now. However, not a lot of companies follow their own protocols or guides when it comes to securing code. It’s easy to believe that security incidents are uncommon (or unlikely to happen in your own organization), but the latest issue with Uber is one of many examples to the contrary.
CVE-2022-40684: Critical Remote Authentication Bypass Vulnerability in FortiOS & FortiProxy
Late Thursday, October 6, 2022, Fortinet disclosed a critical remote authentication bypass vulnerability —CVE-2022-40684— impacting FortiOS and FortiProxy. The vulnerability could allow a remote unauthenticated threat actor to obtain access to the administrative interface and perform operations via specially crafted HTTP or HTTPS requests.
Microsoft Updates Mitigations For Unpatched Microsoft Exchange Zero-Days
Read also: Comm100 chat provider hacked in a supply chain attack, a teen used leaked Optus data in a data extortion scam, and more.
Cloud security fundamentals part 1: Know your environment
140,000 Social Security numbers and about 80,000 bank account numbers — that’s what one attacker stole from a major financial institution back in 2019. How did it happen? The attacker used firewall credentials to obtain privilege escalation and hack into improperly secured Amazon cloud instances.
2022 Collaboration Partner of the Year: Snyk
This week, at HashiConf 2022, Snyk was recognized by HashiCorp as the winner of the 2022 Collaboration Technology Partner of the Year award. Carey Stanton, Snyk’s Senior Vice President of Business Development, was in Los Angeles and accepted the award on stage at HashiConf. Snyk is honored to be named HashiCorp’s 2022 Technology Partner of the Year for Collaboration.