We’re happy to announce the general availability of C/C++ security scanning in Snyk Open Source, enabling development and security teams to find and fix known security vulnerabilities in their C/C++ open source library dependencies. 2:21
With more than 38 percent of our customers impacted by the recently discovered Spring4 Shell zero-day vulnerability and more than 33 percent of impacted organizations having already remediated (removed) some or all their vulnerable libraries, I have been involved in many conversations over this incident.
What is an SSH bastion and how is this different from an SSH jump server or an SSH proxy? In this post, we’ll answer this question and will show you how to set it up using two popular open source projects. Both Teleport and OpenSSH support bastions, and they are extremely similar as they are both single-binary Linux daemons. Both require a simple configuration file usually stored somewhere under /etc/.
The recently discovered flaw in Apache’s popular open source logging library for Java, Log4j, could wreak havoc for years to come. Analysts are predicting it could take as long as five years to finish patching related security flaws because of the widespread adoption of the logging library and the complexity involved in maintaining third-party software libraries.
“Never click unexpected links!” Ever hear someone yell this? Virtually every person in tech has a healthy suspicion of random links; it is for a good reason. Every now and then there are huge leaks from industry leaders as a result of a targeted campaign. One of the most reliable ways to “phish” someone, or exfiltrate their credentials, is to abuse an open redirect vulnerability in a safe-looking website and redirect the victims to a malicious one.
From the factory floor to online shopping, the benefits of automation are clear: Larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing malicious packages, the threat actor behind this campaign has taken things to a new scale.