Security | Threat Detection | Cyberattacks | DevSecOps | Compliance



Explaining the csurf vulnerability: CSRF attacks on all versions

On September 11th, 2022, Snyk published a vulnerability report for the popular CSRF token management csurf npm package. The vulnerability impacts all known versions, which are currently yielding more than 400,000 downloads per week. The vulnerability report is based on the public disclosure by security consultant Adrian Tiron and their write-up on the Fortbridge blog.


Looking back at Black Hat USA 2022

For the past few days, I’ve been getting a lot of messages asking about my experience at this year’s Black Hat USA. So in this post, I’ll be recapping the conference to give you an inside look at what was presented and provide some helpful perspective. Black Hat is one of the largest — and most talked about — cybersecurity conferences. Its inception dates back to 1997.

Stranger Danger: Your Java Attack Surface Just Got Bigger

Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

Meet the Best Hackers: Shuchita Mishra and Parth Shukla | SnykWeek Boston

During SnykWeek Boston, Shuchita Mishra and Parth Shukla were crowned the best hackers by fixing the most vulnerabilities during our fix challenge. Check out our interview with them to learn about the passion for developer security and what they loved most about Snyk.

Vulnerability management: 3 best practices and tips for image building and scanning

As enterprises adopt containers, microservices, and Kubernetes for cloud-native applications, vulnerability management is crucial to improve the security posture of containerized workloads throughout build, deploy, and runtime. Securing your build artifacts and deployment pipeline, especially when it comes to images, is extremely important.


Security 101: Vulnerabilities, Threats & Risk Explained

In cybersecurity, the things to consider are endless. Before we get ahead of ourselves, let’s make sure we fully understand three fundamental concepts of security: In this article, we’ll look at these security concepts in depth and hear from industry experts. (For the latest and greatest in all things security, check out the Splunk Security Blog & these Cybersecurity and InfoSec Events & Conferences.)


CVE-2022-3172 - kube-apiserver can allow an aggregated API server to redirect client traffic to any URL

A new vulnerability was reported on Sep 16th in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. As a result, the client may perform unexpected actions and share the API server credentials with third parties. The aggregated API server extension in Kubernetes API server enables users to extend API server with alternative objects and paths.