In today's digital and interconnected era, the healthcare sector operates in a landscape of security risks. In 2023 alone, the number of vulnerabilities uncovered in medical devices jumped by 59% to 993 issues. Consequently, the U.S. Food and Drug Administration (FDA), the European Commission, and other governmental agencies have issued cybersecurity guidelines for medical devices. Many of these guidelines advocate for fuzz testing as a means of vulnerability detection.

This month we dive into CVE-2024-27198 for JetBrains TeamCity and the controversy surrounding the patching process that contributed to it being exploited in the wild.

Using our own proprietary External Attack Surface Management (EASM) solution, Outpost24’s Sweepatic, we have conducted an attack surface analysis on the Paris 2024 Olympic Games online infrastructure. The Paris 2024 cybersecurity team have done plenty right, but we’ve also highlighted some real-life attack surface risks that have slipped through the gaps (and do so for many organizations) including open ports, SSL misconfigurations, cookie consent violations, and domain squatting.

CVE-2024-3094 is a critical backdoor vulnerability found in the XZ Utils open-source library. The vulnerability was caused by a malicious code injected into the library by one of the maintainers. The vulnerability allows remote attackers to execute any desired code on systems with exposed SSH packages.

Snyk AppRisk Pro ships with a range of innovative, ecosystem-driven capabilities alongside new analytics tools, providing comprehensive application risk management with Snyk.

As application architectures shift to the cloud and the velocity of software delivery accelerates, organizations are seeking more powerful capabilities to identify security vulnerabilities within their production applications. Traditional static application security testing (SAST) tools, by themselves, are insufficient.