%term

ALPHV Blackcat, GCP-Native Attacks, Bandook RAT, NoaBot Miner, Ivanti Secure Vulnerabilities, and More: Hacker's Playbook Threat Coverage Round-up: February 2024

Feb 29, 2024 By Kaustubh Jagtap In SafeBreach

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats, including those based on original research conducted by SafeBreach Labs. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

Read Post

SafeBreach

Read more about ALPHV Blackcat, GCP-Native Attacks, Bandook RAT, NoaBot Miner, Ivanti Secure Vulnerabilities, and More: Hacker's Playbook Threat Coverage Round-up: February 2024

Snyk documentation: Our journey so far

Feb 29, 2024 By David Bailey In Snyk

As the manager of Snyk user documentation for the past three years, I’ve overseen many improvements in our user docs.

Read Post

Snyk

Read more about Snyk documentation: Our journey so far

Visualizing Vulnerability Management: What Does a Single Pane of Glass Really Look Like?

Feb 29, 2024 By Nucleus In Nucleus

Single Pane of Glass (SPOG) is a common buzzword that sends shivers down the spines of technical folks everywhere. Yet, executive teams ask for it, especially in vulnerability management. At the same time, the complex and fragmented nature of modern IT environments wreaks havoc on organizations aiming to understand their current location related to remediating and patching risks. So, what exactly is a single pane of glass, and what does it look like for enterprises today?

View Video

Nucleus

Read more about Visualizing Vulnerability Management: What Does a Single Pane of Glass Really Look Like?

5 Node.js security code snippets every backend developer should know

Feb 28, 2024 By Liran Tal In Snyk

As backend developers, we are tasked with the crucial role of ensuring the security of our applications. Node.js is not exempt from this responsibility and its growing popularity makes it a lucrative target for hackers, making it imperative to follow best security practices when working with Node.js. In this blog post, we will be exploring some essential Node.js security code snippets every backend developer should know in 2024.

Read Post

Snyk

Read more about 5 Node.js security code snippets every backend developer should know

AppSec Vulnerability Management: Uniting AppSec and CloudSec

Feb 28, 2024 By Kevin Swan In Seemplicity

Businesses have come a long way in their individual journeys to digital transformation, all to enhance their customer and workforce experiences. This shift elevated the importance of both Application Security (AppSec) and Cloud Security (CloudSec) in safeguarding digital assets and ensuring infrastructure resilience.

Read Post

Seemplicity

Read more about AppSec Vulnerability Management: Uniting AppSec and CloudSec

Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor

Feb 27, 2024 By David Cohen In JFrog

In the realm of AI collaboration, Hugging Face reigns supreme. But could it be the target of model-based attacks? Recent JFrog findings suggest a concerning possibility, prompting a closer look at the platform’s security and signaling a new era of caution in AI research. The discussion on AI Machine Language (ML) models security is still not widespread enough, and this blog post aims to broaden the conversation around the topic.

Read Post

JFrog

Read more about Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor

How REI built a DevSecOps culture and how Snyk helped

Feb 27, 2024 By Brian Piper In Snyk

A few years ago, REI embarked on its digital transformation and cloud migration journey, moving on-prem development environments to AWS. But, as REI’s development teams began this transition, their security counterparts noticed that application security just wasn’t keeping up. As a result, REI began another journey: identifying the right security tooling and cultural shifts for AppSec success.

Read Post

Snyk

Read more about How REI built a DevSecOps culture and how Snyk helped

Veracode Scan for VS Code: Now with Veracode Fix

Feb 27, 2024 By Robert Haynes In Veracode

Veracode is pleased to announce the availability of Veracode Fix capability in Veracode Scan for VS Code. Now developers can discover and remediate security flaws using Veracode’s Generative AI-powered tools directly from their Integrated Development Environment (IDE). According to the Veracode State of Software Security, 45.9% of organizations have critical security debt.

Read Post

Veracode

Read more about Veracode Scan for VS Code: Now with Veracode Fix

ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)

Feb 26, 2024 By Deepak Kumar Choudhary In Indusface

ConnectWise ScreenConnect, a widely used remote desktop product, has recently been found vulnerable to two critical security flaws, assigned CVE numbers CVE-2024-1709 and CVE-2024-1708. These vulnerabilities, if exploited, can lead to remote code execution, potentially compromising sensitive data and critical systems. What’s more alarming is that reports are indicating active exploitation of these vulnerabilities in the wild.

Read Post

Indusface

Read more about ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)

Practical Steps to Prevent SQL Injection Vulnerabilities

Feb 26, 2024 By Jenny Buckingham In Veracode

In today's digital landscape, web applications and APIs are constantly under threat from malicious actors looking to exploit vulnerabilities. A common and dangerous attack is a SQL injection. In this blog, we will explore SQL injection vulnerabilities and attacks, understand their severity levels, and provide practical steps to prevent them. By implementing these best practices, you can enhance the security of your web applications and APIs.

Read Post