On Tuesday, October 11th, 2022, Aruba disclosed three critical vulnerabilities impacting EdgeConnect Enterprise Orchestrator. The vulnerabilities, CVE-2022-37913, CVE-2022-37914, CVE-2022-37915, are remote code execution and authentication bypass vulnerabilities that could enable remote threat actors to compromise a host. In order for a threat actor to exploit these vulnerabilities, WAN access would need to be available for the CLI and/or web-based management interfaces.

Read also: Microsoft fixes a Windows zero-day, Mango Markets DeFi platform robbed of over $100M, and more.

Snyk Code supports various languages important in the cloud native arena, Ruby being among them (and we’ve seen great adoption, so thank you!). Our researchers are constantly monitoring our rule sets, using our training set of open source projects, but also — and, yes this is an advantage of a SaaS service — how the rules do on the code that is scanned. Just as a reminder, Snyk does not use your code to train our sets — but we do aggregate usage statistics.

ModSecurity is an open-source web application firewall (WAF) engine maintained by Trustwave. This blog post discusses multiple input interpretation weaknesses in the ModSecurity project. Each input interpretation weakness could allow a malicious actor to evade some ModSecurity rules. Both ModSecurity v2 and ModSecurity v3 were affected. The issues have been addressed in v2.9.6 and v3.0.8, respectively.

In our previous blog breaking down The 5 Fundamentals of Cloud Security, we discussed the importance of knowing your environment. Teams need to have a comprehensive inventory of their cloud environments to have a clear understanding of the security risks that might exist within. With that in mind, let’s explore the importance of vulnerability prevention and secure design working together to keep threat actors from gaining meaningful access to your organization’s cloud control plane.

Since its inception almost a decade ago and the MirrorBlast campaign, the threat actor group known as TA505 has continued to plague the financial, retail and restaurant sectors.

Python is a growing language. As it evolves and expands, so do the number of tools and development strategies available for working with it. One process that’s become increasingly popular is linting — or checking code for potential problems. With linting, errors in our code will be flagged so we can correct unusual programming practices that might result in problems. Linting is performed while the source code is written and before it’s compiled.

GitOps is a popular framework for managing and securing the application development pipeline. For many who have embarked on a GitOps journey, a common question is: “how can I secure my pipeline when everything is automated?” The GitOps framework is a concept where any code commits or changes are done through Git, which then triggers an automated pipeline that builds and deploys applications on Kubernetes.