Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How to Use the Snyk CLI to Fix Vulnerabilities in Your Application: The Big Fix

Feb 8, 2022 By Snyk In Snyk
Brian Vermeer, Developer Advocate at Snyk, demonstrates how you can use the Snyk CLI to fix vulnerabilities in your application. Join us for The Big Fix, an event that brings developers and security practitioners round the world to find and fix vulnerabilities. Let's make the Internet a safer and better place than before!
View Video
Trustwave

From Stored XSS to Code Execution using SocEng, BeEF and elFinder CVE-2021-45919

Feb 8, 2022 By Trustwave In Trustwave

A stored cross-site scripting vulnerability, tracked as CVE-2021-45919, was identified in elFinder File Manager. The vulnerability can result in the theft of user credentials, tokens, and the ability to execute malicious JavaScript in the user's browser. Any organization utilizing an out-of-date elFinder component on its web application could be affected.

Read Post
jfrog

CVE-2021-44142: Critical Samba Vulnerability Allows Remote Code Execution

Feb 8, 2022 By Itay Vaknin, Brian Moussalli In JFrog

Recently, a critical out-of-bounds vulnerability, assigned to CVE-2021-44142, was disclosed in Samba versions prior to 4.13.17. The Samba vulnerability carries a critical CVSS of 9.9 and allows attackers to remotely execute code on machines running a Samba server with a vulnerable configuration. The vulnerability was disclosed as part of the Pwn2Own Austin competition where researchers are challenged to exploit widely-used software and devices with unknown vulnerabilities.

Read Post

New Year, New Features in Xray

Feb 8, 2022 By JFrog In JFrog
Let’s start 2022 off the right with new features and updates that will extend JFrog Xray’s power and reach in addressing challenges with securing your binaries from development to production. Join Sarit Tager, VP Product Security as she discusses how Xray provides intelligent supply chain security and compliance at DevOps speed. JFrog Xray is a software composition analysis (SCA) solution that scans your open source software (OSS) dependencies for security vulnerabilities and license compliance issues.
View Video
Feroot

How to Protect the Software Supply Chain from Vulnerable Third-Party Code

Feb 8, 2022 By Ivan Tsarynny In Feroot

What happens when the software, scripts and code snippets that your business uses on your website and network have been compromised at the source? The compromise could be unintentional—perhaps the coders simply made a mistake. Or the compromise could be intentional—maybe hackers wrote a malicious script and promoted it as legitimate on a third-party library source to encourage users to download and install.

Read Post

Triaging vulnerabilities - the way it ought to be

Feb 7, 2022 By Snyk In Snyk
We all know that shifting security left is the right approach for securing our apps. We also know that it isn’t enough - developers also need to be empowered to own security. They require tools that integrate into the way they are already working and they need guidance and assistance from the security team. This is especially true for the most challenging vulnerabilities of all: those that are not so easy to fix, but too important to ignore.
View Video
armo

CVE 2022-24348 - Argo CD High Severity Vulnerability and its impact on Kubernetes

Feb 6, 2022 By Amir Kaushansky In ARMO

Researcher Moshe Zioni from Apiiro, discovered a major software supply chain critical vulnerability - CVE-2022-24348 - in the popular open-source CD platform Argo CD. Exploiting it enables attackers to obtain sensitive information like credentials, secrets, API keys from other applications. This in turn can lead to privilege escalation, lateral movements, and information disclosure.

Read Post

What Is Penetration Testing? Benefits And Pen Testing Vulnerabilities

Feb 6, 2022 By Cyphere In Cyphere
Penetration testing is a way to test the security of your network by simulating an attack on it. This video explains what penetration testing is, why you should use it, and how to find out if your company needs one.#penetrationtesting #pentesting #pentests Cyphere is a UK-based cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.
View Video
CrowdStrike

How to Protect Cloud Workloads from Zero-day Vulnerabilities

Feb 4, 2022 By John Walker In CrowdStrike

Protecting cloud workloads from zero-day vulnerabilities like Log4Shell is a challenge that every organization faces. When a vulnerability is published, organizations can try to identify impacted artifacts through software composition analysis, but even if they’re able to identify all impacted areas, the patching process can be cumbersome and time-consuming. As we saw with Log4Shell, this can become even more complicated when the vulnerability is nearly ubiquitous.

Read Post
Snyk

Log4Shell remediation with Snyk by the numbers

Feb 4, 2022 By Jason Lane In Snyk

We’re almost two months from the disclosure of Log4Shell, and we here at Snyk couldn’t be more excited with the role we’ve gotten to play in finding and fixing this critical vulnerability that’s impacted so many Java shops. For starters, we’ve been able to help our customers remediate Log4Shell 100x faster than the industry average! How have we been able to achieve that?

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.