Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

NIST (National Institute of Standards and Technology) recently released its revamped cybersecurity framework (CSF), aptly called NIST CSF 2.0. The CSF previously had five functions: Identify, Protect, Detect, Respond, and Recover. With 2.0, there is now a sixth: Govern. While Snyk plays an important role in application security and governance, in this blog, we're going to look at the function Snyk Learn plays in CSF 2.0: Protect.

The Kroll CTI team observed a campaign using a new malware that appears to be very similar to BABYSHARK, previously reported to have been developed and used by the APT group Kimsuky (KTA082). The malware was deployed as part of an attempted compromise that was detected and stopped by the Kroll Responder team. The activity started with exploitation of a recently addressed authentication bypass in the remote desktop software ScreenConnect, developed by ConnectWise.

Not that long ago, AI was generally seen as a futuristic idea that seemed like something out of a sci-fi film. Movies like Her and Ex Machina even warned us that AI could be a Pandora's box that, once opened, could have unexpected outcomes. How things have changed since then, thanks in large part to ChatGPT’s accessibility and adoption!

During a recent customer assessment, our pen testers discovered a critical vulnerability that exemplifies the importance of manual and continuous pen testing. The issue involved a feature intended for administrators, allowing them to send messages to a “broadcast” endpoint, which would then be displayed in a modal pop-up box for all logged-in users of the web application. However, our pen testers found that this functionality was accessible to any user, regardless of their role.

A recent advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA) has shed light on vulnerabilities in Ivanti VPNs that are currently being actively exploited by malicious actors. Ivanti VPN solutions, widely utilized for their robust security features and efficient network management capabilities, have recently been identified as containing critical vulnerabilities.

A critical security flaw, known as CVE-2024-1071, has been found in the Ultimate Member plugin for WordPress. This vulnerability, with a CVSS score of 9.8, poses a significant risk to over 200,000 active installations. It potentially enables attackers to extract sensitive data from compromised databases, presenting a severe threat to website security.

If you’re an administrator running Ivanti VPN (Connect Secure and Policy Secure) appliances in your network, then the past two months have likely made you wish you weren’t. In a relatively short timeframe bad news kept piling up for Ivanti Connect Secure VPN customers, starting on Jan. 10th, 2024, when critical and high severity vulnerabilities, CVE-2024-21887 and CVE-2023-46805 respectively, were disclosed by Ivanti impacting all supported versions of the product.

On February 29th, the Cybersecurity and Infrastructure Security Agency (CISA) issued two separate advisories related to malicious behavior exhibited by threat actors. The first advisory AA24-060A pertains to Phobos Ransomware and the second advisory AA24-060B pertains to the exploitation of vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways.

Cloudflare has been part of a multivendor, industry-wide effort to mitigate two critical DNSSEC vulnerabilities. These vulnerabilities exposed significant risks to critical infrastructures that provide DNS resolution services. Cloudflare provides DNS resolution for anyone to use for free with our public resolver 1.1.1.1 service. Mitigations for Cloudflare’s public resolver 1.1.1.1 service were applied before these vulnerabilities were disclosed publicly.