Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Researchers from ESET have shed light on a new macOS backdoor, discovered in April 2022, dubbed CloudMensis. At first glance this is just the latest example of spyware targeting the Apple operating system with the intent of exfiltrating documents, keystrokes, and screen captures. However, as the name suggests, one of the interesting features of this malware is a sophisticated two-stage kill chain that exploits legitimate cloud services in different phases of the attack.

As described in Splunk Vulnerability Disclosure SVD-2022-0624, there is a list of SPL (Search Processing Language) commands that are classified as risky. This is because incorrect use of these risky commands may lead to a security breach or data loss. As a precautionary measure, the Splunk Search app pops up a dialog, alerting users before executing these commands whenever these commands are called.

Companies are introducing new apps and services to enable remote work, improve supply chains and handle disruptions caused by the pandemic. Our digital-first world thrives on speed and efficiency, and containers play a huge part in getting applications up and running quickly. Though containers offer many advantages over traditional virtualization, they also introduce significant security risks.

This post is applicable to Business plan and Enterprise plan customers. Adopting a new platform can seem intimidating, but with Snyk it doesn’t have to be. We have three tips to help you roll out Snyk, and have a seamless and successful first 30 days across your business or enterprise. Before you start inviting team members and importing projects, you’ll want to consider your account strategy, set up single sign-on (SSO), and configure your first organization.

On Thursday, July 21, 2022, SonicWall disclosed a critical severity vulnerability – CVE-2022-22280 – impacting their Analytics On-Prem and Global Management System (GMS) products, which are used for central management and deployment of SonicWall firewalls, email security, remote access, and other solutions.

On Wednesday, July 20, 2022, Cisco disclosed a critical severity vulnerability – CVE-2022-20857 – impacting Cisco Nexus Dashboard, an integrated dashboard used for visibility and provisioning data center and cloud network infrastructure. If successfully exploited, the vulnerability could allow an unauthenticated, remote threat actor to execute arbitrary commands as the root user in any pod on a node.

Snyk’s Senior Product Marketing Manager, Frank Fischer, recently hosted a webinar about the value in using a developer security platform to secure code, dependencies, containers, and infrastructure as code (IaC). During this talk, Fischer discussed the shift in software security that has occurred over the past decade, the need for developers to take part in the security process, and the value of Snyk in securing the entire development lifecycle.

In the last phishing blog we discussed how modern phishing works on the frontend. Read on to find out how threat actors can easily find and authenticate a suitable domain by modifying both Gophish and Evilginx to evade security controls In the last phishing blog we discussed how modern phishing works on the frontend. Here we go behind the scenes to dissect how to configure and authenticate a good domain for your phishing campaign using Apache as Reverse Proxy. Excited? You caught the hook, read on!

The world of software development has been rocked by JavaScript. With nearly every modern web app making extensive use of JavaScript on the front end. And with JavaScript’s popularity also on the backend with Node.js, it’s hardly surprising that new vulnerabilities are emerging daily, given the sheer volume of open source project dependencies being used by JavaScript developers. The culprit? It all comes down to the free-ware NPM packages installed within Node.js.