ESG's John Oltsik on Improving the Effectiveness of Attack Surface Management Programs
Senior principal analyst and ESG fellow John Oltsik discusses Improving the Effectiveness of Attack Surface Management Programs.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
IONIX Threat Exposure Radar
In a world where organizations cannot fix everything, security and IT teams need a practical way to identify and act on critical exposures. IONIX Threat Exposure Radar exposes critical risks so you can effectively reduce risk and improve your security posture.
File encryption in Python: An in-depth exploration of symmetric and asymmetric techniques
In our modern world, we constantly share private, confidential, and sensitive information over digital channels. A fundamental component of this communication is file encryption — transforming data into an unreadable format using encryption algorithms.
Citrix Bleed Vulnerability: SafeBreach Coverage for US-CERT Alert (AA23-325A)
On November 21st, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC) released an advisory highlighting the ongoing exploit of the Citrix Bleed Vulnerability (CVE-2023-4966) by Lockbit 3.0 affiliates.
Secure Your Pipeline with Snyk and GitHub Actions #cloudsecurity #cybersecurity #appsec
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Unpacking the Zimbra Cross-Site Scripting Vulnerability (CVE-2023-37580)
On November 16, 2023, a significant security concern was published by Google's Threat Analysis Group (TAG). They revealed an alarming vulnerability in Zimbra Collaboration, a widely-used email hosting tool for organizations. This vulnerability, designated with an identifier, CVE-2023-37580, is a glaring example of a reflected cross-site scripting (XSS) issue. It allows malicious scripts to be injected into unsuspecting users' browsers through a deceptively simple method: clicking on a harmful link.
Security Terms: What is a WAF? #cybersecurity #applicationsecurity #cloudsecurity
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Decoding CVSS 4.0: Clarified Base Metrics
Since 2005, the Common Vulnerability Scoring System (CVSS) has been used to assess and communicate the severity of vulnerabilities in software. If you’re involved in cybersecurity, even if you’re not directly involved in managing vulnerabilities, you’ve probably come across CVSS designations like ‘critical’ or ‘high’ when referring to vulnerabilities in the industry.
Unveiling LummaC2 stealer's novel Anti-Sandbox technique: Leveraging trigonometry for human behavior detection
The Malware-as-a-Service (MaaS) model, and its readily available scheme, remains to be the preferred method for emerging threat actors to carry out complex and lucrative cyberattacks. Information theft is a significant focus within the realm of MaaS, with a specialization in the acquisition and exfiltration of sensitive information from compromised devices, including login credentials, credit card details, and other valuable information.
Snyk Apps now GA: An easy, standardized, and secure framework for building custom integrations
Snyk is excited to announce general availability of Snyk Apps, a framework for building and distributing custom security solutions to better inform security decisions and boost developer productivity. As Snyk Apps reaches this milestone, Snyk’s Technology Alliance Partnership Program (TAPP) has more than 70 members today.