In today's world of fast-paced software development, security is not an option — it’s a necessity. Security has become an integral part of the development process rather than a separate concern addressed by a different team once development is complete. Integrating Snyk security into your development workflows is a crucial step toward achieving comprehensive software security.
Everyone is talking about generative artificial intelligence (GenAI) and a massive wave of developers already incorporate this life-changing technology in their work. However, GenAI coding assistants should only ever be used in tandem with AI security tools. Let's take a look at why this is and what we're seeing in the data. Thanks to AI assistance, developers are building faster than ever.
On October 18, security researcher Zemnmez began the process of responsibly disclosing a "Use of Weak Hash" vulnerability that they found in crypto-js, an open source JavaScript library of crypto standards, for which maintenance has been discontinued. The vulnerability also impacts the crypto-es package (for ES6 and TypeScript), and the researcher has opened a similar issue requesting that the maintainers enable private disclosures.
The new rules from the U.S. Securities and Exchange Commission (SEC) on reporting mark a significant shift in the requirements for disclosing cyber breaches, leaving many businesses wondering how their cybersecurity practices will be impacted in the long run. These new rules create significant new disclosure obligations for public companies, requiring timely and detailed disclosures of material cybersecurity incidents and periodic disclosures about cybersecurity risk management and governance.
At Fireblocks, a strong commitment to regulatory compliance has always been at the core of our operations. That’s why we’re excited to announce that we’re building out our On-Chain Digital Identity and Programmable Compliance Team, with the strategic appointments of Peter Marton, Director of Digital Identity, and cryptography expert Chaitanya Reddy Konda, Senior Technical Product Manager, Digital Identity and Privacy.
In October 2023, Netskope analyzed a malicious Word document and the malware it contained, dubbed “Menorah.” The malware was attributed to an advanced persistent threat group APT34, and was reported to be distributed via spear-phishing. The malicious Office file uses dispersed and obfuscated VBA code to evade detection. The advanced persistent threat group targets users of outdated versions of Microsoft Office, since it does not attempt to bypass the mark of the web security check.
