%term

Detect vulnerabilities in minutes with Agentless Scanning for Cloud Security Management

Apr 30, 2024 By Pronoy Chaudhuri In Datadog

Security teams require complete visibility into their hosts, containers, and functions in order to detect, prioritize, and remediate their most pressing security risks. The Datadog Agent helps you achieve this visibility by collecting deep insights in your environment through logs, distributed traces, infrastructure metrics, and other key telemetry.

Read Post

Datadog

Read more about Detect vulnerabilities in minutes with Agentless Scanning for Cloud Security Management

How Mulesoft fosters a developer-first, shift-left culture with Snyk

Apr 30, 2024 By Gerald Crescione In Snyk

While shifting security left has been a hot topic for around a decade, many organizations still face issues trying to make it a reality. There are many misconceptions about what shift left means and what it looks like for development teams to take ownership of security without derailing their existing workflows.

Read Post

Snyk

Read more about How Mulesoft fosters a developer-first, shift-left culture with Snyk

Snyk CLI: Introducing Semantic Versioning and release channels

Apr 30, 2024 By Chintan B. In Snyk

We are pleased to introduce Semantic Versioning and release channels to Snyk CLI from v.1.1291.0 onwards. In this blog post, we will share why we are introducing these changes, what problems these changes solve for our customers, and how our customers can opt-in according to their needs.

Read Post

Snyk

Read more about Snyk CLI: Introducing Semantic Versioning and release channels

CVE-2024-20353 and CVE-2024-20359: Cisco ASA and FTD Vulnerabilities Exploited by State-Sponsored Threat Actor in Espionage Campaign "ArcaneDoor"

Apr 29, 2024 By Andres Ramos In Arctic Wolf

On April 24, 2024, Cisco Talos and several government security agencies published details on a sophisticated threat campaign focused on espionage and gaining unauthorized access to sensitive information from targeted government entities and organizations in critical infrastructure. As part of that publication, Cisco disclosed CVE-2024-20353 and CVE-2024-20359, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices, which were actively exploited in the documented campaign.

Read Post

Arctic Wolf

Read more about CVE-2024-20353 and CVE-2024-20359: Cisco ASA and FTD Vulnerabilities Exploited by State-Sponsored Threat Actor in Espionage Campaign "ArcaneDoor"

How to Use GitHub Actions Environment Variables and Secrets

Apr 29, 2024 By Snyk In Snyk

Today we show you how to use GitHub Actions Environment Variables and Secrets!

View Video

Snyk

Read more about How to Use GitHub Actions Environment Variables and Secrets

When and How to Use Trivy to Scan Containers for Vulnerabilities

Apr 29, 2024 By Liron Biam In Jit

Containers are integral to modern application development portability, resource efficiency, and ease of deployment. But there is a flip side to these benefits. Unlike traditional applications, containers bundle everything needed to run, making them a scattered setup for hidden security issues. 54% of container images in Docker Hub were found to contain sensitive information that could lead to unauthorized access, data breaches, or identity theft.

Read Post

Jit

Read more about When and How to Use Trivy to Scan Containers for Vulnerabilities

Enhancing Cybersecurity with BlueVoyant's AI Technology for Emerging Vulnerabilities

Apr 29, 2024 By George Aquila In BlueVoyant

After a new zero-day vulnerability is announced, the National Vulnerability Database (NVD) publishes a measure of its severity under the Common Vulnerability Scoring System (CVSS). CVSS scores are a crucial tool for organizations as they give an approximation of the severity of disclosed vulnerabilities.

Read Post

BlueVoyant

Read more about Enhancing Cybersecurity with BlueVoyant's AI Technology for Emerging Vulnerabilities

Critical Authentication Bypass Vulnerability in Delinea Secret Server Disclosed Along With PoC

Apr 28, 2024 By Andres Ramos In Arctic Wolf

On April 12, 2024, Delinea issued an advisory to address a critical authentication bypass vulnerability identified in the SOAP API component of its Secret Server product, available in both Cloud and On-Premises solutions. A threat actor could exploit this vulnerability to bypass authentication, gain administrative access, and extract sensitive information.

Read Post

Arctic Wolf

Read more about Critical Authentication Bypass Vulnerability in Delinea Secret Server Disclosed Along With PoC

How to Analyze a Vulnerability from Snyk's Vulnerability Database - Snyk VulnDB

Apr 28, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about How to Analyze a Vulnerability from Snyk's Vulnerability Database - Snyk VulnDB

How threat intelligence can improve vulnerability management outcomes

Apr 27, 2024 By Chris Jacob, Global Vice President, Threat Intelligence Engineers In ThreatQuotient

It might surprise you to know that more than 70 new vulnerabilities are published every day. And despite their risk-reducing value in helping SOC teams address these, vulnerability management solutions have drawbacks. Often, they only provide a snapshot of an organization's vulnerabilities at a point in time. In fact, owing to their nature, vulnerabilities identified today may not exist tomorrow, or they may appear and disappear intermittently. This leaves security teams scrambling to understand not only what the risk is, but how it affects them and where they should start first with any remediation.

Read Post