Smartfix
Are you using struggling to fix vulnerabilities in transitive dependencies? WhiteSource can integrate with your repository and provide automatic pull requests with fix recommendations for transitive dependencies.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Cybersecurity Tips for Healthcare Organizations
“Why do ransomware attackers target healthcare companies so often?” Here are 2 reasons why: Goldmine of personal information: If you look on the dark web, the price of a stolen credit card would be $5 for a validated card. But the price of personal information (passport, social security number, etc.) could range from $400 to $6,500 per person because you can create a fake identity and use it to create accounts in various places.
This Week in VulnDB - PHP Use after free vulnerability deep dive and more
Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.
NginxDay: Vulnerabilities in NGINX's LDAP Reference Implementation
On Monday, April 11, 2022, NGINX published a security blog post detailing three vulnerabilities in the NGINX LDAP reference implementation. NGINX is web server software that also performs reverse proxy, load balancing, email proxy, and HTTP cache services. No CVE has been assigned to these vulnerabilities at this time. The reference implementation uses Lightweight Directory Access Protocol (LDAP) to authenticate users of NGINX proxied applications.
Threat Actor Deploys Malicious Packages Using Hex Encoding and Delayed Execution
Over the past week, the WhiteSource security team has found several instances of packages that use unusual techniques to disguise malicious intent. These techniques differ from what we have usually seen in the past, such as base64 and JS obfuscation. This time, we are seeing a malicious actor use hex encoding to hide the malicious behavior of the package.
XDR: A New Vision for InfoSec's Ongoing Problems
Let’s face it. The information security industry loves a new acronym. For industry long-timers, a new acronym might be just the latest reason for an eye roll. For folks new to the field, it can be very confusing. A constructive way to look at XDR — extended detection and response — is as an opportunity to take a fresh look at some old problems and gain clarity.
Amazon EC2 Just-in-time Access With Teleport and Slack
This blog is part three in a series about identity-based access and management of AWS resources. In Part I, we covered how to use OSS Teleport to access Amazon EC2 instances running in private subnets. Part II explained implementing identity-based access via SSO integration with Okta. In Part III, we will guide you through the steps to configure privilege escalation for just-in-time access requests.
How to Foster a Productive SOC Culture
According to the 2021 Devo SOC Performance ReportTM — which is based on the results of a survey of more than 1,000 security practitioners — having an understaffed SOC or constant turnover of security talent can cripple an organization’s security posture. Let’s look at some of the root causes that can lead to these two interconnected problems.
Challenges and solutions for securing distributed, remote and hybrid workforces
The world has changed. The COVID-19 pandemic has dramatically increased the number of teams that are working with a remote and distributed model. This change is a welcome acceleration of what many feel would have been the eventual outcome of our digital future. With this new model comes a new and changing set of security challenges.
Stranger Danger: Your JavaScript Attack Surface Just Got Bigger
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.