A Day In The Life of an Energy Company CISO - Mel Migriño
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Spring4Shell: The zero-day RCE in the Spring Framework explained
On March 30, 2022, a critical remote code execution (RCE) vulnerability was found in the Spring Framework. More specifically, it is part of the spring-beans package, a transitive dependency in both spring-webmvc and spring-webflux. This vulnerability is another example of why securing the software supply chain is important to open source.
RDS Clipboard Redirection: Should you allow it?
In this article we will provide basic information regarding the Clipboard Redirection setting, which enables the copy past function in remote desktop. Once you have decided the setting’s desired value, be sure and test it to fully understand what will be its impact on your production. This is critical since you don’t want it to result in damage to production. Configuring RDS Clipboard Redirection settings is a fundamental step in the hardening project.
The Essential List of Terraform Modules and Their Purposes
Rapid and constantly-evolving software development cycles have increased the need for reliable and fast infrastructure changes. Thus manually carrying out infrastructure changes has become an unscalable process – which is what Infrastructure as Code (IaC) tools are here to solve. They enable teams to codify their infrastructure configurations and integrate them directly into their CI/CD pipelines.
Building Your Security Analytics Use Cases
It’s time again for another meeting with senior leadership. You know that they will ask you the hard questions, like “how do you know that your detection and response times are ‘good enough’?” You think you’re doing a good job securing the organization. You haven’t had a security incident yet. At the same time, you also know that you have no way to prove your approach to security is working. You’re reading your threat intelligence feeds.
Keeper Commander - Using SSH Command
Keeper Commander can establish basic SSH connections through the command line interface on any device using the native SSH connection tool. Commander's ssh command provides instant SSH connections for any "SSH" Record Type in the vault. To create an “SSH” type record in your vault, create a new record and select “SSH key” as your record type. Paste your private key to the appropriate field in your record and populate the login and hostname fields.
This Week in VulnDB - highlight on sprint4shell and dep supply chain vulnerability
Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.
Using the Snyk Vulnerability Database to find projects for The Big Fix
As developers, we all have our morning startup routine: make coffee, check Slack/Discord/email, read the latest news. One thing I do as part of my daily startup routine is check the Snyk Vulnerability Database for the latest open source vulnerabilities. It’s been especially interesting to see the types of exploits and vulnerabilities that appear in different ecosystems.
The Cloud Expansion Checklist: How to Get IT Decision-Makers and Developers on the Same Page
Cloud-native and open-source technologies are booming. But for a successful cloud expansion, IT decision-makers and developers need to be in agreement despite their unique roles in the process. As more enterprises transition to cloud-native environments, the big question is how aligned are IT decision-makers and developers?
Is there such a thing as Spring4Shell?
Very early in the morning on March 30th (for me), my colleague DeveloperSteve posted a “Hey, have you seen this?” message in our slack channel. It was an “advance warning” of a “probable” remote code execution (RCE) in the massively popular Java Spring framework. I would come to find out that even earlier than that, the Snyk Security team started investigation a potential RCE in Spring after seeing a tweet that has since been deleted.