Austrian Cyber Mercenaries Caught Exploiting Windows, Adobe Zero-Days
Read also: Digital security giant Entrust hit with ransomware, the US doubles a reward for info on North Korean hackers, and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
A Day In the life of a CISO
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Exploit of Log4Shell Vulnerability Leads to Compromise of Major South American Vaccine Distributor
On June 23, The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) released a joint Cybersecurity Advisory (CSA) warning network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers.
The Developer's Guide to IaC Scanning
IaC (infrastructure as code) is the latest tool to transform the face of IT infrastructure – in a nutshell, it means managing and provisioning infrastructure through code instead of manual processes. IaC provides developers with a blueprint that allows them to create tools and provision infrastructure on-demand while staying in control, increasing efficiency, and maintaining consistency when deploying updates and changes.
Stranger Danger: Your JavaScript Attack Surface Just Got Bigger
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Buffer overflow attacks in C++: A hands-on guide
A buffer overflow is a type of runtime error that allows a program to write past the end of a buffer or array — hence the name overflow — and corrupt adjacent memory. Like most bugs, a buffer overflow doesn’t manifest at every program execution. Instead, the vulnerability is triggered under certain circumstances, such as unexpected user input.
[Webinar] Detecting intrusion in DevOps environments with AWS canary tokens
Last year, hardcoded secrets made it 2nd to the OWASP Top 10 Web Application Security Risks. This year, the vulnerability gained a spot and now ranks 15th on the MITRE CWE Top 25 Most Dangerous Software Weaknesses. Needless to say, no organization wants to have its secrets exposed during software development. But what if I told you security teams could use hardcoded secrets to their advantage? Join me on Wednesday, July 27th, for a live discussion with Eric Fourrier, CTO at GitGuardian, on how to detect compromised developer and DevOps environments with canary tokens.
Snyk Unveils Snyk Cloud, the Industry's First Developer-Centric Cloud Security Solution
New Product Secures the Cloud from Code Through Runtime, Facilitating DevSecOps Collaboration.
CrowdStrike Expands CNAPP Capabilities to Secure Containers and Help Developers Rapidly Identify and Remediate Cloud Vulnerabilities
Expansion of agent-based and agentless protection provides support for Amazon ECS allowing DevSecOps teams to build even more securely on AWS environments.
The lifecycle of a software vulnerability
This is the second part of a three-blog series on startup security. Please check out part one too. The anatomy of a software vulnerability is a bit like mercury accumulation in seafood. Trace amounts of naturally occurring mercury in seawater is absorbed by algae and bioaccumulates up the food chain. Large fish at the top of the food chain contain the most mercury and should be consumed in limited quantities.