One of the top security concerns we hear from technology leaders is about the security of open source software (OSS) and cloud software development. An open source vulnerability scanner (for scanning OSS) helps you discover risk in the third-party code you use. However, just because a solution scans open source does not mean you are ultimately reducing security risk with it.

EPSS is a relatively recent addition to the world of freely available security scoring systems. While it’s not without its flaws and limitations, EPSS can be a powerful predictor of exploits to come and a useful tool in your arsenal, as long as you wield it correctly.

On December 20, 2023, NIST updated a CVE to reflect a new path traversal vulnerability in struts-core. This is CVE-2023-50164, also listed on the Snyk Vulnerability database, with 9.8 critical severity CVSS. If you’ve been doing cybersecurity long enough, you remember the 2017 Equifax breach, which also took place due to an unpatched Struts vulnerability. In this post, I outline the issue, discuss its severity, walk you through a proof-of-concept exploit, and provide remediation advice.

Recently, Snyk hosted a wine tasting & customer discussion featuring David Imhoff, Product Security Leader at Kroger. The discussion focused on tackling the challenges of securing digital supply chains. Kroger is a retail giant with 2,700 stores and 400,000 employees. The organization faces unique challenges because it operates on such a massive scale, adding complexity to its software supply chain and security.

Googling your organization’s name will bring up all sorts of information. However, there’s more to the internet than the surface web that’s accessed through regular search engines: the deep web and the dark web. To stay ahead of potential threats and maximize incident response performance, security teams need a complete view of their organization’s presence across all areas of the internet.

Coming into 2023, we predicted that the economic downturn would fuel sophisticated fraud, the growth of serverless workloads will increase the attack surface, and there would be more MFA bombing attacks. As we look to 2024, Outpost24’s team of security experts have predicted the emerging threats that will shape the cybersecurity landscape. Dark AI tools, and a shift in security priorities are some of the challenges that organizations will face.

How vulnerable are credit unions, the bedrock of community finance, to rapidly advancing cyber threats? CISO Global understands that credit unions’ member-owned and not-for-profit structure allows their banking counterparts to outpace them in allocating resources for cyber defenses. While credit unions are deeply committed to protecting member data, their budgetary constraints might limit their ability to invest in the most advanced cybersecurity technologies and staff.

Transparency in vulnerability disclosure plays a crucial role in effective risk management, regardless of software development models. The Common Vulnerabilities and Exposures (CVE) database serves as a valuable resource, offering insights into known weaknesses even when fixes are unavailable. This empowers organizations to make informed decisions about prioritizing mitigation strategies and protecting their systems.