Vulnerability

How to Find Arbitrary Code Execution Vulnerabilities with Fuzzing

Oct 5, 2022 By Roman Wagner In Code Intelligence

Remember Log4j? Arbitrary code execution bugs are more common than you think, even in memory-safe languages, like Java. Learn how to find these vulnerabilities with fuzzing. Arbitrary code execution vulnerabilities represent one of the most dangerous classes of vulnerabilities in Java applications. Incidents such as Log4Shell clearly demonstrate the impact of these security issues, even in memory-safe languages. They also show that fuzzing can be very effective in finding these vulnerabilities.

Read Post

Code Intelligence

Read more about How to Find Arbitrary Code Execution Vulnerabilities with Fuzzing

Uncovering Hidden Bugs and Vulnerabilities in C/C++ | How to Fuzz Your Code With 3 Commands

Oct 5, 2022 By Code Intelligence In Code Intelligence

CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands. In this stream, I will demonstrate: 1) How to cover the current state of fuzz testing 2) How to set up CLI fuzzing within 3 commands 3) How to uncover multiple bugs and severe memory corruption vulnerabilities

View Video

Code Intelligence

Read more about Uncovering Hidden Bugs and Vulnerabilities in C/C++ | How to Fuzz Your Code With 3 Commands

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Oct 5, 2022 By Snyk In Snyk

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.

View Video

Snyk

Read more about Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

How to hack a vulnerable OWASP Node.js apps: Part 2 | Snyk

Oct 5, 2022 By Snyk In Snyk

How to hack a vulnerable OWASP Node.js Apps We are back with part 2 of this livestream. Join us as we demonstrate how you can use the Node.js app. We also show the various ways it can be hacked so you can learn how to prevent it. Didn't catch the live stream? Ask all of your Snyk questions and we’ll do our very best to answer them in the comment section.

View Video

Snyk

Read more about How to hack a vulnerable OWASP Node.js apps: Part 2 | Snyk

Snyk and HashiCorp: The Snyk IaC Integration With HashiCorp Terraform Cloud and Terraform Enterprise

Oct 4, 2022 By Snyk In Snyk

In this video, learn about the Snyk IaC integration with HashiCorp Terraform Cloud and Terraform Enterprise, which enable developers to automate security checks and ensure public cloud environments are secure and compliant pre-deployment — directly in their Terraform Cloud pipelines.

View Video

Snyk

Read more about Snyk and HashiCorp: The Snyk IaC Integration With HashiCorp Terraform Cloud and Terraform Enterprise

Phony PyPi package imitates known developer

Oct 4, 2022 By Kyle Suero, Elliot Ward In Snyk

Snyk Security Researchers have been using dynamic analysis techniques to unravel the behaviors of obfuscated malicious packages. A recent interesting finding in the Python Package Index (PyPi) attempted to imitate a known open source developer through identity spoofing. Upon further analysis, the team uncovered that the package, raw-tool, was attempting to hide malicious behavior using base64 encoding, reaching out to malicious servers, and executing obfuscated code.

Read Post

Snyk

Read more about Phony PyPi package imitates known developer

Unify vulnerability detection and remediation with the ManageEngine-Tenable.io integration

Oct 3, 2022 By Patch Manager Plus In ManageEngine

According to the latest Ransomware Spotlight Year End report, 56% of the 223 older vulnerabilities identified prior to 2021 are still actively exploited and used as the entry points to ransomware attacks. This warrants the question of why enterprises aren’t patching vulnerabilities regularly.

Read Post

ManageEngine

Read more about Unify vulnerability detection and remediation with the ManageEngine-Tenable.io integration

ProxyNotShell-Microsoft Exchange Vulnerabilities

Oct 3, 2022 By The Cyberint Research Team In Cyberint

On September 29, Microsoft Security Threat Intelligence reported two significant zero-day vulnerabilities being exploited in the wild. The two vulnerabilities, named “ProxyNotShell”, affect Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.

Read Post

Cyberint

Read more about ProxyNotShell-Microsoft Exchange Vulnerabilities

Vulnerability Assessment vs Risk Assessment

Oct 3, 2022 By Cybriant In Cybriant

As a CIO in charge of your organization's security, you're responsible for ensuring the security of your company's data. But with so many cybersecurity threats out there, it can be difficult to know where to start. Should you focus on conducting a vulnerability assessment? Or is a risk assessment more important? In this article, we will discuss vulnerability vs risk, cyber threats, and protecting sensitive data.

Read Post