How to Use the Snyk CLI to Fix Vulnerabilities in Your Application: The Big Fix
Brian Vermeer, Developer Advocate at Snyk, demonstrates how you can use the Snyk CLI to fix vulnerabilities in your application. Join us for The Big Fix, an event that brings developers and security practitioners round the world to find and fix vulnerabilities. Let's make the Internet a safer and better place than before!
Five Critically Important Facts About npm Package Security
In 2021, the WhiteSource Diffend automated malware detection platform detected and reported more than 1,200 malicious npm packages that were responsible for stealing credentials and crypto, as well as for running botnets and collecting host information from machines on which they were installed.
A Proof-of-Concept for API Caching at Egnyte
As Egnyte’s business and customer base grows, we have an engineering responsibility to provide data quickly and at high availability. In this blog I’ll recap one of those efforts—a proof-of-concept API caching project that serves our large folder listing capabilities and has future applications in other Egnyte services.
Arctic Wolf's Canadian Survey Reveals 2022 Cybersecurity Challenges
Late last year, The Canadian Center for Cyber Security published an in-depth threat bulletin declaring it had knowledge of 235 ransomware incidents against Canadian victims from in 2021, with more than half of these victims being critical infrastructure providers. The report also explains that most ransomware events remain unreported to the Center, and—based on past findings—once targeted, ransomware victims are often attacked multiple times.
Identity Access Management (IAM) Automation - Intro to Torq Webinar
Security teams are struggling to keep up with the increasing number of attack surfaces and the demands on remediating those attack surfaces in real-time. Security automation is the key to unlocking your security team’s productive potential, but traditional SOAR platforms (Security Orchestration, Automation, and Response) are complex and can take months of development to implement your first automation response sequence.
3 Ways to take your Third- and Fourth-Party Risk Management to the Next Level with Automatic Vendor Detection
Vendors are a key part of every business and, therefore, every organization’s security. Yet, one of the biggest challenges for security and third-party risk management teams is tracking down their vendors. It’s no wonder that 65% of organizations don’t know which third parties have access to their most sensitive data. On top of that, vendor risk management teams need to worry about who their vendors’ vendors are – namely their fourth parties.
How to meet OMB's Zero Trust Strategy goals for IT, IoT and OT Devices
On Jan. 26, the Office of Management and Budget (OMB) published its widely anticipated final version of its zero trust architecture strategy, identifying top cybersecurity priorities for the federal government. This achievement raises the country’s cyber defense strategy to a level commensurate with the “increasingly sophisticated and persistent threat campaigns” it faces.
From Stored XSS to Code Execution using SocEng, BeEF and elFinder CVE-2021-45919
A stored cross-site scripting vulnerability, tracked as CVE-2021-45919, was identified in elFinder File Manager. The vulnerability can result in the theft of user credentials, tokens, and the ability to execute malicious JavaScript in the user's browser. Any organization utilizing an out-of-date elFinder component on its web application could be affected.