Snyk Security Intelligence Overview
Learn about Snyk's three key sources of security intelligence: Snyk Vulnerability Database, the Snyk Code knowledge base, and the Snyk IaC unified policy engine.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Snyk Security Intelligence: Snyk Vulnerability Database
Learn how Snyk researchers, machine learning, and the greater security community working together in perfect security harmony to maintain Snyk Vulnerability Database — the industry leading resource for open source and container vulnerabilities.
Snyk Security Intelligence: Snyk Code Knowledge Base
Learn how Snyk security researchers build our cutting-edge Snyk Code knowledge base using a combination of AI, machine learning, and security expertise.
DevSecOps Lifecycle Coverage with Snyk and Dynatrace: Next Level Integrated Solution
In this Snyk Partner Speak video, we introduce the DevSecOps Lifecycle Coverage integration with Dynatrace. Learn how this integration takes our strategic alliance to the next level!
Russian Investigator Detained After Taking 1,000 Bitcoin Bribe From Hackers
Read also: Multiple firms impacted in the widespread MOVEit hacking spree, a hack drains at least $35M in crypto from Atomic Wallet users, and more.
MOVEit File Transfer Zero-day Compromises Multiple Organizations
An attack exploiting CVE-2023-34362, a zero-day vulnerability in the MOVEit file transfer software, was disclosed at the start of June, with additional victims still being uncovered. The vulnerability is an SQL injection vulnerability that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. The attack was carried out by at least one threat who gained unauthorized access to the software and stole sensitive data from affected organizations.
Snyk Partner Speaks series: True DevSecOps with Snyk and Dynatrace
The latest video in our Snyk Partner Speak Series showcases how Snyk and Dynatrace bring complementary capabilities to different parts of the DevSecOps lifecycle. Check it out and learn how the integration enables organizations to observe, investigate, fix, and govern with a single solution. The Snyk DevSecOps Lifecycle Coverage App is the newest milestone in the Snyk and Dynatrace strategic alliance.
SafeBreach Coverage for US-CERT Alert (AA23-158A) - CVE-2023-3462 MOVEit Vulnerability
On June 7th, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory highlighting the recent efforts of threat actors to disseminate CL0P ransomware. The various malicious indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) being leveraged by the threat actors are listed in US-CERT Alert (AA23-158A) – CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.
Clop Ransomware Likely Sitting on MOVEit Transfer Vulnerability (CVE-2023-34362) Since 2021
NOTE: The MOVEit Transfer vulnerability remains under active exploitation, and Kroll experts are investigating. Expect frequent updates to the Kroll Cyber Risk blog as our team uncovers more details. On June 5, 2023, the Clop ransomware group publicly claimed responsibility for exploitation of a zero-day vulnerability in the MOVEit Transfer secure file transfer web application (CVE-2023-34362).
Responding to the Critical MOVEit Transfer Vulnerability (CVE-2023-34362)
On May 31, 2023, Kroll received multiple reports that a zero-day vulnerability in MOVEit Transfer was being actively exploited to gain access to MOVEit servers. Kroll has observed threat actors using this vulnerability to upload a web shell, exfiltrate data and initiate intrusion lifecycles. This vulnerability may also enable a threat actor to move laterally to other areas of the network.