%term

Secure Your Pipeline with Snyk and GitHub Actions #cloudsecurity #cybersecurity #appsec

Nov 22, 2023 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Secure Your Pipeline with Snyk and GitHub Actions #cloudsecurity #cybersecurity #appsec

Vulnerability Management Needs Threat Intelligence: Here's How To Combine Them

Nov 22, 2023 By Daniel Pigeon In Cyberint

In 2022, more than 25,000 new CVEs were discovered and added to the NIST National Vulnerability Database. In just the first ten months of 2023, another 23,500 CVEs were identified and added to the NIST NVD. That’s more than 48,000 new vulnerabilities documented in less than 2 years! With so many new CVEs being identified all the time, vulnerability management can seem like an insurmountable challenge. Despite the staggering numbers, there’s good news.

Read Post

Cyberint

Read more about Vulnerability Management Needs Threat Intelligence: Here's How To Combine Them

Digital Supply-Chain Attacks: Exploits and Statistics

Nov 22, 2023 By IONIX In IONIX

Growing digital connectivity has led to the rise of digital supply-chain attacks. This session will explain, demonstrate, and provide statistics about the complexity of the problem and about attacks that arose due to dependencies on external infrastructures. While there is no simple solution to the problem, we will present a strategy to reduce exposure and create processes to avoid such vulnerabilities.

View Video

IONIX

Read more about Digital Supply-Chain Attacks: Exploits and Statistics

ESG's John Oltsik on Improving the Effectiveness of Attack Surface Management Programs

Nov 22, 2023 By IONIX In IONIX

Senior principal analyst and ESG fellow John Oltsik discusses Improving the Effectiveness of Attack Surface Management Programs.

View Video

IONIX

Read more about ESG's John Oltsik on Improving the Effectiveness of Attack Surface Management Programs

IONIX Threat Exposure Radar

Nov 22, 2023 By IONIX In IONIX

In a world where organizations cannot fix everything, security and IT teams need a practical way to identify and act on critical exposures. IONIX Threat Exposure Radar exposes critical risks so you can effectively reduce risk and improve your security posture.

View Video

IONIX

Read more about IONIX Threat Exposure Radar

File encryption in Python: An in-depth exploration of symmetric and asymmetric techniques

Nov 22, 2023 By Keshav Malik In Snyk

In our modern world, we constantly share private, confidential, and sensitive information over digital channels. A fundamental component of this communication is file encryption — transforming data into an unreadable format using encryption algorithms.

Read Post

Snyk

Read more about File encryption in Python: An in-depth exploration of symmetric and asymmetric techniques

Unpacking the Zimbra Cross-Site Scripting Vulnerability (CVE-2023-37580)

Nov 21, 2023 By Wallarm In Wallarm

On November 16, 2023, a significant security concern was published by Google's Threat Analysis Group (TAG). They revealed an alarming vulnerability in Zimbra Collaboration, a widely-used email hosting tool for organizations. This vulnerability, designated with an identifier, CVE-2023-37580, is a glaring example of a reflected cross-site scripting (XSS) issue. It allows malicious scripts to be injected into unsuspecting users' browsers through a deceptively simple method: clicking on a harmful link.

Read Post

Wallarm

Read more about Unpacking the Zimbra Cross-Site Scripting Vulnerability (CVE-2023-37580)

Security Terms: What is a WAF? #cybersecurity #applicationsecurity #cloudsecurity

Nov 21, 2023 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Security Terms: What is a WAF? #cybersecurity #applicationsecurity #cloudsecurity

Decoding CVSS 4.0: Clarified Base Metrics

Nov 21, 2023 By Kevin Swan In Seemplicity

Since 2005, the Common Vulnerability Scoring System (CVSS) has been used to assess and communicate the severity of vulnerabilities in software. If you’re involved in cybersecurity, even if you’re not directly involved in managing vulnerabilities, you’ve probably come across CVSS designations like ‘critical’ or ‘high’ when referring to vulnerabilities in the industry.

Read Post

Seemplicity

Read more about Decoding CVSS 4.0: Clarified Base Metrics

Unveiling LummaC2 stealer's novel Anti-Sandbox technique: Leveraging trigonometry for human behavior detection

Nov 20, 2023 By Alberto Marín In Outpost 24

The Malware-as-a-Service (MaaS) model, and its readily available scheme, remains to be the preferred method for emerging threat actors to carry out complex and lucrative cyberattacks. Information theft is a significant focus within the realm of MaaS, with a specialization in the acquisition and exfiltration of sensitive information from compromised devices, including login credentials, credit card details, and other valuable information.

Read Post