%term

Implementing TLS in Java

Nov 9, 2022 By Brian Vermeer In Snyk

TLS, or transport layer security, is a protocol used across the globe to encrypt and secure communication over the internet. In this article, we’ll discuss what TLS is, what benefits it provides, and why you need it. Then we’ll walk through implementing TLS in Java.

Read Post

Snyk

Read more about Implementing TLS in Java

How to Modernize Access Control for Cloud Applications with Or Weis

Nov 9, 2022 By Snyk In Snyk

Building Modern Access Control for Cloud Applications Join us in this livestream with Permit.io CEO Or Weis as we cover what it means to build modern access controls for cloud applications. Many companies these days find themselves having to reimplement access-controls over and over; therefore, in this episode we discuss solutions, the 5 best practices and open-source tools that can be used. Didn't catch the live stream? Ask all of your Snyk questions and we’ll do our very best to answer them in the comment section.

View Video

Snyk

Read more about How to Modernize Access Control for Cloud Applications with Or Weis

Introduction to Snyk's revamped reporting

Nov 9, 2022 By Snyk In Snyk

A short overview of Snyk's new and revamped reporting capabilities, providing the visibility needed to hold data-based conversations between development and security. Key new capabilities include the addition of Snyk Code data, improved user experience and performance, new filtering and data sorting, and new sharing options. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Introduction to Snyk's revamped reporting

CVE-2022-27510: Citrix Gateway and Citrix ADC Critical Authentication Bypass Vulnerability, along with CVE-2022-27513 & CVE-2022-27516

Nov 9, 2022 By Adrian Korn In Arctic Wolf

On November 8th, 2022, Citrix disclosed a critical authentication bypass (CVE-2022-27510), a remote desktop takeover (CVE-2022-27513), and a user login brute force protection functionality bypass (CVE-2022-27516) vulnerability affecting several versions of Citrix ADC and Citrix Gateway. This bulletin only applies to customer-managed Citrix ADC and Citrix Gateway appliances as Citrix-managed cloud services are not affected. A threat actor could leverage these vulnerabilities in specific circumstances.

Read Post

Arctic Wolf

Read more about CVE-2022-27510: Citrix Gateway and Citrix ADC Critical Authentication Bypass Vulnerability, along with CVE-2022-27513 & CVE-2022-27516

Six Actively Exploited Vulnerabilities Patched in Microsoft's November Security Update

Nov 9, 2022 By Steven Campbell In Arctic Wolf

On November 8, 2022, Microsoft published their November 2022 Security Update and patched six actively exploited vulnerabilities. The vulnerabilities impact Windows and Exchange Server.

Read Post

Arctic Wolf

Read more about Six Actively Exploited Vulnerabilities Patched in Microsoft's November Security Update

Denial Of Service vulnerabilities

Nov 9, 2022 By John Gates In CalCom

A denial of service attack is a type of network attack in which an attacker makes the system, machine, or network unavailable to the intended users. There are various types of DOS attacks, like, for instance, a user is trying to reach a webpage but the page redirects the user to another URL or even the user can’t reach its destination i.e. access is blocked. In this article we will discuss.

Read Post

CalCom

Read more about Denial Of Service vulnerabilities

SnykLaunch Fall 2022 Helps Companies Successfully Drive DevSecOps

Nov 8, 2022 By Snyk In Snyk

Snyk's Developer Security Platform Now Secures the Cloud from Code Through Runtime, Enhanced With New Supply Chain Security Capabilities.

Read Post

Snyk

Read more about SnykLaunch Fall 2022 Helps Companies Successfully Drive DevSecOps

SnykLaunch recap: Snyk Cloud, SBOM & reporting capabilities, and customer solutions resources

Nov 8, 2022 By Ravi Maira In Snyk

At SnykLaunch on November 8th, our product leaders unveiled the latest additions to Snyk’s suite of developer-first products. We also gave viewers a sneak peek of these new features in action with live demos. We’re especially excited to announce Snyk Cloud, our cloud security tool that takes a contextual approach to finding and fixing cloud vulnerabilities.

Read Post

Snyk

Read more about SnykLaunch recap: Snyk Cloud, SBOM & reporting capabilities, and customer solutions resources

JFrog's security scanners discovered thousands of publicly exposed API tokens - and they're active! The Full Report

Nov 8, 2022 By Andrey Polkovnychenko and Shachar Menashe In JFrog

Note: This report was previously published in InfoWorld When developing the recently announced JFrog Advanced Security, our Research team decided to try out its new “Secrets Detection” feature. Our goal was to test our vulnerability detection on as much real world data as possible, to make sure we eliminate false positives and catch any bugs in our code.

Read Post

JFrog

Read more about JFrog's security scanners discovered thousands of publicly exposed API tokens - and they're active! The Full Report

Supply chain integrity, transparency and trust is now firmly on the agenda

Nov 8, 2022 By Liz Harris In DataTrails

Supply chain risk continues to make headlines, from Solarwinds and Kaseya to last week’s announcement of a patch for the OpenSSL vulnerability, and the latest cybersecurity review from the U.K.’s National Cyber Security Centre highlights the serious threats posed by supply chain attacks.

Read Post