%term

This Week in VulnDB - highlight on sprint4shell and dep supply chain vulnerability

Mar 31, 2022 By Snyk In Snyk

Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.

View Video

Snyk

Read more about This Week in VulnDB - highlight on sprint4shell and dep supply chain vulnerability

Spring Framework Remote Code Execution (CVE-2022-22965)

Mar 31, 2022 By The Veracode Research Team In Veracode

Details of a zero-day vulnerability in Spring Framework were leaked on March 29, 2022 but promptly taken down by the original source. Although much of the initial speculation about the nature of the vulnerability was incorrect, we now know that the vulnerability has the potential to be quite serious depending on your organization’s use of Spring Framework. There is also a dedicated CVE 2022-22965 assigned to this vulnerability. We will keep this blog updated as new information comes up.

Read Post

Veracode

Read more about Spring Framework Remote Code Execution (CVE-2022-22965)

SecurityScorecard Analysis of Lapsus$ Threat Group

Mar 31, 2022 By SecurityScorecard In SecurityScorecard

SecurityScorecard’s CISO Mike Wilkes and Threat Researcher Ryan Slaney discuss their latest insights on the Lapsus$ threat group, the recent Okta breach, and what CISOs should do to protect their organizations. SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

View Video

SecurityScorecard

Read more about SecurityScorecard Analysis of Lapsus$ Threat Group

Vulnerability Management - Intro to Torq Webinar

Mar 31, 2022 By Torq In Torq

As recent vulnerabilities like log4j have shown, having a standardized approach to identifying vulnerabilities and applying patches is essential to organizations looking to keep their systems safe from exploits. Whether it's preventative maintenance or responding to new 0-days, a continuous vulnerability management program ensures that security teams can rapidly identify risks and work cross-functionally to deploy patches and verify successful remediation.

View Video

Torq

Read more about Vulnerability Management - Intro to Torq Webinar

Veracode Product Update

Mar 31, 2022 By Veracode In Veracode

This episode of Veracode Insiders features Elisa Velarde, Senior Product Marketing Manager, here at Veracode. Tune in for an update on a new product enhancement that allows your security team to find log4shell at runtime.

View Video

Veracode

Read more about Veracode Product Update

Feroot

Mar 31, 2022

Secure your JavaScript web applications and webpages with automated security scanning, monitoring, and controls to stop cyber threats and protect customer data.

View Organisation

Read more about Feroot

What is Zero Standing Privilege (ZSP)?

Mar 31, 2022 By Sakshyam Shah In Teleport

Zero standing privilege (ZSP) is an applied zero trust security strategy for privileged access management (PAM). The term zero standing privilege was coined by an analyst at Gartner. In practice, it implies no users should be pre-assigned with administrative account privileges. Zero-trust security forbids authorization based on static predefined trust boundaries.

Read Post

Teleport

Read more about What is Zero Standing Privilege (ZSP)?

When it Comes to Tax Season, There is no Safe Haven From Phishing Attacks

Mar 31, 2022 By Steve Banda In Lookout

In this world, nothing is certain except death and taxes. The latter of which malicious actors capitalize on seasonally with phishing attacks. From consumers to corporate finance and human resources (HR) departments, these social engineering attacks have become so pervasive that the IRS issued an annual advisory as a warning to businesses and consumers.

Read Post

Lookout

Read more about When it Comes to Tax Season, There is no Safe Haven From Phishing Attacks

Banner Grabbing Tools And Techniques Explained

Mar 31, 2022 By Editor In Cyphere

As we all know, whenever it comes to penetration testing, the first thing which comes to mind is reconnaissance. Banner grabbing is used in the initial phase of reconnaissance to get an idea about the target system or application.

Read Post

Cyphere

Read more about Banner Grabbing Tools And Techniques Explained

A Day In The Life of an Energy Company CISO - Mel Migriño

Mar 31, 2022 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about A Day In The Life of an Energy Company CISO - Mel Migriño

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This Week in VulnDB - highlight on sprint4shell and dep supply chain vulnerability

Spring Framework Remote Code Execution (CVE-2022-22965)

SecurityScorecard Analysis of Lapsus$ Threat Group

Vulnerability Management - Intro to Torq Webinar

Veracode Product Update

Feroot

What is Zero Standing Privilege (ZSP)?

When it Comes to Tax Season, There is no Safe Haven From Phishing Attacks

Banner Grabbing Tools And Techniques Explained

A Day In The Life of an Energy Company CISO - Mel Migriño

Monthly Archive

Follow Us