Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Did you know that malware attacks on software have increased by 11% to reach 2.8 billion in 2022? This is a staggering rise in security attacks and a huge point of concern for the industry. For many companies, the security of their software systems becomes a priority only after they experience a breach. But it doesn’t have to be that way. If you want to keep your systems secure and provide users with a safe environment, you need to be conscious of security flaws.

On Sept. 29th 2022, cybersecurity organization GTSC publicized a report outlining attacks they have seen in the wild targeting as-yet unpatched vulnerabilities in Microsoft Exchange. When successfully exploited this combination of vulnerabilities results in an authenticated Remote Code Execution (RCE) attack. Until a patch has been issued, Microsoft has posted a security bulletin detailing a workaround.

The market-leading CrowdStrike Falcon® platform, applying a combination of advanced machine learning (ML), artificial intelligence (AI) and deep analytics across the trillions of security events captured in the CrowdStrike Security Cloud, has identified a new supply chain attack pattern during the installation of a chat based customer engagement platform.

In the days of on-prem data centers and early cloud adoption, the roles of application developers, infrastructure operations, and security were largely siloed. In the cloud, this division of labor increases the time-to-market for innovation, reduces productivity, and invites unnecessary risk.

Vitrea View is a tool that uses the DICOM standard to view medical images. If exploited an attacker could access patient information and obtain additional access to various services associated with Vitrea View..

Choosing a Node.js Docker image may seem like a small thing, but image sizes and potential vulnerabilities can have dramatic effects on your CI/CD pipeline and security posture. So, how do you choose the best Node.js Docker image? It can be easy to miss the potential risks of using FROM node:latest, or just FROM node(which is an alias for the former). This is even more true if you’re unaware of the overall security risks and sheer file size they introduce to a CI/CD pipeline.

On September 14, the White House released Executive Order M-21-30, emphasizing and reminding us that there are NIST guidelines for securing any software being sold to the US Government. According to the Executive Order (EO), self-attestation is a requirement for software vendors or agencies and acts as a “conformance statement” outlined by the NIST Guidance.

Even the most precise and regimented DevOps teams can be plagued by numerous post-deployment security issues, causing potentially damaging production delays and engineering rework. Building on Snyk’s successful acceleration of DevSecOps, Snyk IaC empowers developers to treat Terraform like any other form of code and proactively test IaC early as well as continuously monitor infrastructure post-deployment.