Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

signmycode

Top Software Vulnerabilities of 2022 and How to Prevent Them

Did you know that malware attacks on software have increased by 11% to reach 2.8 billion in 2022? This is a staggering rise in security attacks and a huge point of concern for the industry. For many companies, the security of their software systems becomes a priority only after they experience a breach. But it doesn’t have to be that way. If you want to keep your systems secure and provide users with a safe environment, you need to be conscious of security flaws.

devo

Zero Day Exploit for MS Exchange (ProxyNotShell)

On Sept. 29th 2022, cybersecurity organization GTSC publicized a report outlining attacks they have seen in the wild targeting as-yet unpatched vulnerabilities in Microsoft Exchange. When successfully exploited this combination of vulnerabilities results in an authenticated Remote Code Execution (RCE) attack. Until a patch has been issued, Microsoft has posted a security bulletin detailing a workaround.

CrowdStrike

CrowdStrike Falcon Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer

The market-leading CrowdStrike Falcon® platform, applying a combination of advanced machine learning (ML), artificial intelligence (AI) and deep analytics across the trillions of security events captured in the CrowdStrike Security Cloud, has identified a new supply chain attack pattern during the installation of a chat based customer engagement platform.

rezilion

Vulnerability Prioritization is Critical for Tackling a Growing Software Attack Surface

Security leaders are highly concerned about a growing software attack surface, yet few feel confident in their ability to see it and manage it, according to a new survey from Ponemon Institute and sponsored by Rezilion. Most of the leaders agree that eliminating complexity in the software attack surface and eliminating vulnerabilities that are not exploitable are key to reducing threats.

Snyk

Choosing the best Node.js Docker image

Choosing a Node.js Docker image may seem like a small thing, but image sizes and potential vulnerabilities can have dramatic effects on your CI/CD pipeline and security posture. So, how do you choose the best Node.js Docker image? It can be easy to miss the potential risks of using FROM node:latest, or just FROM node(which is an alias for the former). This is even more true if you’re unaware of the overall security risks and sheer file size they introduce to a CI/CD pipeline.

Snyk

Snyk IaC for Terraform Enterprise: Expanding Snyk compatibility with HashiCorp Terraform

Even the most precise and regimented DevOps teams can be plagued by numerous post-deployment security issues, causing potentially damaging production delays and engineering rework. Building on Snyk’s successful acceleration of DevSecOps, Snyk IaC empowers developers to treat Terraform like any other form of code and proactively test IaC early as well as continuously monitor infrastructure post-deployment.

Snyk

Introducing the new Snyk UI

Starting October 12th, 2022 we’ll be rolling out some exciting new user interface changes for the Snyk application, at app.snyk.io. These changes make use of the Snyk design system by incorporating standardized UI components, an updated color palette, and other elements to help you get even more from Snyk. In this blog post, we’ll walk through the most important changes.