Vulnerability

Money Lover App Vulnerability Exposes Personal Info

Feb 7, 2023 By Trustwave In Trustwave

An information disclosure vulnerability has been identified in Money Lover, a finance tracking application created by Finsify and available on Android, iOS, Microsoft Store, with a web interface. This vulnerability allows any authenticated user to view live transactions related to shared wallets.

Read Post

Trustwave

Read more about Money Lover App Vulnerability Exposes Personal Info

The 443 Episode 228 - What is CVSS?

Feb 7, 2023 By WatchGuard In WatchGuard

This week on the podcast we cover the Common Vulnerability Scoring System (CVSS) including how it works and some of its limitations. Before that though, we discuss a recent survey on the risks of ChatGPT's usage in cyberattacks and the latest activity from Lazarus, the North Korean government hacking operation. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.

View Video

WatchGuard

Read more about The 443 Episode 228 - What is CVSS?

Automate Cloud compliance with Snyk Cloud

Feb 7, 2023 By Lauren Place In Snyk

Audits are challenging. Especially when it comes to assessing abstract compliance standards against multiple cloud environments, unique cloud infrastructure setups, and many possible (mis)configurations. To help our customers automate compliance assessments, Snyk Cloud now supports 10+ compliance standards— including CIS Benchmarks for AWS, Azure, and Google Cloud, SOC 2, PCI DSS, ISO 27001, HIPAA, and more.

Read Post

Snyk

Read more about Automate Cloud compliance with Snyk Cloud

Snyk Integrations 101

Feb 7, 2023 By Snyk In Snyk

Do you want to learn about key initial integrations when getting started with Snyk? Watch this recording where Shawn Miller and Jim Jones cover Integrations 101.

View Video

Snyk

Read more about Snyk Integrations 101

How YellowAI Uses AWS & Snyk: Securing Cloud & Apps Using a Developer-First Approach

Feb 7, 2023 By Snyk In Snyk

Citu Singh of CNBC-TV18 asks technology business leaders to share their philosophy on developing applications quickly and safely. Apoorva Gaurav, VP of Engineering from YellowAI, talks about how his team uses Snyk, while Shaun McLagan, VP of Snyk APJ, shares the benefits of a developer-first approach to security.

View Video

Snyk

Read more about How YellowAI Uses AWS & Snyk: Securing Cloud & Apps Using a Developer-First Approach

Actively Exploited GoAnywhere MFT Zero-Day Vulnerability

Feb 7, 2023 By James Liolios In Arctic Wolf

On February 3, 2023, the developers of GoAnywhere MFT (Managed File Transfer) sent an advisory to their customers warning them of a zero-day remote code execution vulnerability being actively exploited in the wild. Exploitation of this vulnerability could allow sensitive data to be leaked and potentially used for extortion.

Read Post

Arctic Wolf

Read more about Actively Exploited GoAnywhere MFT Zero-Day Vulnerability

Evolving the Snyk CLI through an extensible approach

Feb 7, 2023 By Steve Winton In Snyk

Every day, thousands of developers use the Snyk CLI as part of their development workflow, to identify and resolve security issues in their code as early as possible. What if these developers and other security professionals could harness the power of this dev-first approach and also utilize entirely new security analyses, filters, and workflows via an extensible approach?

Read Post

Snyk

Read more about Evolving the Snyk CLI through an extensible approach

Active ESXiArgs Ransomware Campaign Targeting ESXi Servers Worldwide

Feb 6, 2023 By James Liolios, Steven Campbell, Christopher Prest, and Arctic Wolf Labs Team In Arctic Wolf

Early Friday morning, February 3, 2023, Arctic Wolf Labs began monitoring a new ransomware campaign targeting public-facing ESXi servers. The campaign has grown exponentially over the weekend, with approximately 3,000 victims worldwide as of early-Monday morning. Based on reporting from OVH, the threat actors behind this campaign are likely leveraging a nearly two year old heap overflow vulnerability (CVE-2021-21974) in VMware ESXi’s OpenSLP service.

Read Post

Arctic Wolf

Read more about Active ESXiArgs Ransomware Campaign Targeting ESXi Servers Worldwide

CyRC Special Report: How companies fared in the aftermath of Log4Shell

Feb 3, 2023 By Jonathan Knudsen In Synopsys

We examine the Log4Shell disclosure through the lens of the Black Duck Knowledge Base to understand how organizations respond to high-profile vulnerabilities.

Read Post

Synopsys

Read more about CyRC Special Report: How companies fared in the aftermath of Log4Shell

Dev-First Prevention Strategies

Feb 3, 2023 By Snyk In Snyk

Security and engineering teams often fail to find a balance between meeting the necessary security objectives for their organization and ensuring maximum velocity. While security teams view the process of blocking new critical severity vulnerabilities as a basic security best practice, engineering teams often push back out of fear that it will create too much friction for their developers. This dynamic is often based on prior experience with legacy security systems that focus almost solely on the needs of security and fail to support developers in this process.

View Video