Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Rezilion

Security Teams Need to Address One of the Biggest Software Supply Chain Risks: Open Source

One of the biggest threats to software supply chain security is open source software applications and components. Many enterprises and small businesses have come to rely on open source solutions, and they are an important part of IT strategies today. But vulnerabilities in open source software present a risk because they can provide cyber criminals with a way to carry out attacks.

Why Developers Need a Security Mindset (And How to Help Them With It)

It’s never been a more important time for developers to have a security mindset. Software developers are increasingly relying on open source components in their products. While this makes their jobs somewhat easier, open source is prone to vulnerabilities. It’s no secret that developers often find it challenging to prioritize cybersecurity, using the rationale that it should fall under the purview of security teams.

Widespread Exploitation Continues: MOVEit CVE-2023-34362 Leaves Organizations at Risk

MOVEit CVE-2023-34362 is a Critical SQL Injection vulnerability rated 9.8. It affects all versions of Progress Software’s managed file transfer (MFT) solution, MOVEit Transfer. This vulnerability has the potential to grant unauthorized access. For in-depth information about the vulnerability, including mitigation measures, incident response, and the attack surface, refer to our previous blog post published on June 6th.

Organizations Need to Establish Trust to Enhance Supply Chain Security

Enhancing the trust and security of the supply chain is on the minds of many a cybersecurity executive today, and will likely be a topic of interest and concern in the months and years to come. It’s not surprising then, that the focal point of a recent RSA Conference virtual seminar was supply chain security. A panel held during the event covered the topic of establishing trust to enhance supply chain security, which is surely one of the more daunting challenges organizations face.

What You Need to Know About StackRot - CVE-2023-3269

StackRot, identified as CVE-2023-3269 is a 7.8 HIGH use-after-free vulnerability in the Linux kernel versions 6.1 to 6.4 that can lead to privilege escalation. The vulnerability, which was disclosed by Ruihan Li who also released detailed information about it, is caused by a change in the VMA (Virtual Memory Address) tree structure from using red-black trees to maple trees.

AppSec and Software Supply Chain Security: How Do They Go Together?

AppSec and Software Supply Chain Security are two terms more frequently used as part of DevOps, as well as when considering how to develop a security strategy. Software supply chain attacks are on the rise and organizations must brace for the strong possibility that their software supply chain will be a target–so much so that Gartner has projected that by 2025, supply chain risk management will be a key success driver for more than 50% of organizations.

EPSS Vs CVSS: How Do They Compare?

The tech industry loves its acronyms and one that is grabbing attention these days is the Exploit Prediction Scoring System (EPSS). Since many people are more familiar with the Common Vulnerability Scoring System (CVSS), the question becomes, what is the difference between the two scores? A definition of both is a good place to start. The EPSS is a large, open, data-driven effort used to estimate the probability of a software vulnerability being exploited in the wild.

Rezilion Report Finds World's Most Popular Generative AI Projects Present High Security Risk

Rezilion announces a new report, "Expl[AI]ning the Risk: Exploring the Large Language Models (LLM) Open-Source Security Landscape," finding that the world's most-popular generative artificial intelligence (AI) projects present a high security risk to organizations.

Report: The Risk of Generative AI and Large Language Models

Generative AI has reshaped the digital content landscape, with Large Language Models (LLMs) like GPT pushing the boundaries of what machines can create. However, as this technology rapidly enters the market, are we giving enough attention to its security aspects and generative AI risk?

How Are SBOMs Shared? New Findings From A CISA SBOM Survey

In a post published earlier. this week, we delved into the sharing lifecycle phases of a Software Bill of Materials (SBOM) from a report the Cybersecurity and Infrastructure Security Agency (CISA) recently released. Included within the report was a survey on the current state of SBOM sharing among stakeholders, in which 21 organizations provided responses on their approaches.