Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.

SecurityScorecard’s CISO Mike Wilkes and Threat Researcher Ryan Slaney discuss their latest insights on the Lapsus$ threat group, the recent Okta breach, and what CISOs should do to protect their organizations. SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

As recent vulnerabilities like log4j have shown, having a standardized approach to identifying vulnerabilities and applying patches is essential to organizations looking to keep their systems safe from exploits. Whether it's preventative maintenance or responding to new 0-days, a continuous vulnerability management program ensures that security teams can rapidly identify risks and work cross-functionally to deploy patches and verify successful remediation.

This episode of Veracode Insiders features Elisa Velarde, Senior Product Marketing Manager, here at Veracode. Tune in for an update on a new product enhancement that allows your security team to find log4shell at runtime.

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Keeper Commander can establish basic SSH connections through the command line interface on any device using the native SSH connection tool. Commander's ssh command provides instant SSH connections for any "SSH" Record Type in the vault. To create an “SSH” type record in your vault, create a new record and select “SSH key” as your record type. Paste your private key to the appropriate field in your record and populate the login and hostname fields.

Here are 2 things that helped us successfully scale SecurityScorecard: Having a customer-first mentality: You need to understand your customers deeply. You need to adopt Amazon’s empty-chair approach where the most important voice is the customers’ voice, not the CEOs’. Beginning with the right foundation: Here’s what most companies get wrong: When they start up and have 10-20 people, they focus on their customers.

Cyphere has a build and configuration review service that helps you to identify issues with your OS, device builds and configurations. In this video, we take a look at what Cyphere offers and discuss whether or not it's the right choice for you.#buildreview #buildconfiguration Cyphere is a UK-based cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.

Active Directory (AD) is legacy technology that was not designed for modern attacks – yet it is still relied on by over 90% of the Fortune 1000 companies. This video highlights how modern attacks like ransomware exploit this “weakest link in your cyber defense”, and why this is a problem you cannot afford to ignore.