%term

Strengthening Your Security with Agentless Vulnerability Management

Sep 27, 2023 By Sysdig In Sysdig

Discover how Sysdig Secure’s new “Agentless Vulnerability Management” approach helps you streamline the onboarding of new deployments, while significantly cutting down complexity and setup time. Agentless security tools generally rely on leveraging existing interfaces and APIs provided by the cloud service providers to collect information and perform vulnerability assessments.

View Video

Sysdig

Read more about Strengthening Your Security with Agentless Vulnerability Management

Over 53% of Organizations Have An Internet-Exposed Vulnerability

Sep 27, 2023 By SecurityScorecard In SecurityScorecard

SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

View Video

SecurityScorecard

Read more about Over 53% of Organizations Have An Internet-Exposed Vulnerability

10 best practices for securely developing with AI

Sep 27, 2023 By Simon Maple In Snyk

By now, we’re all painfully aware that AI has become a crucial and inevitable tool for developers to enhance their application development practices. Even if organizations restrict their developers using AI tools, we hear many stories of how they circumvent this through VPNs, and personal accounts.

Read Post

Snyk

Read more about 10 best practices for securely developing with AI

A Deep Dive into the Exploit Prediction Scoring System EPSS

Sep 27, 2023 By Nucleus In Nucleus

The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. EPSS’s goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data.

View Video

Nucleus

Read more about A Deep Dive into the Exploit Prediction Scoring System EPSS

Signing container images: Comparing Sigstore, Notary, and Docker Content Trust

Sep 26, 2023 By Hrittik Roy In Snyk

In the modern software ecosystem, containerization has become a popular method for packaging and deploying applications. Alongside this growing trend, ensuring the security of software supply chains has become a critical concern for businesses of all sizes. Implementing best practices, such as signing and verifying images to mitigate man-in-the-middle (MITM) attacks and validating their authenticity and freshness, play a pivotal role in safeguarding the integrity of the software supply chain.

Read Post

Snyk

Read more about Signing container images: Comparing Sigstore, Notary, and Docker Content Trust

Delta Dental of California is Another Victim in the String of MOVEit Data Breaches

Sep 26, 2023 By Steven In IDStrong

Delta Dental of California is a major dental insurance provider throughout one of the largest states in the US. The company is well-known for offering PPO dental insurance policies and other varieties of dental insurance options. The company was founded in 1955 and serves millions of Americans throughout nearly all of the 50 states. All California residents using Delta Dental may have been impacted by a recent data breach that could cause real problems for them.

Read Post

IDStrong

Read more about Delta Dental of California is Another Victim in the String of MOVEit Data Breaches

CVE-2023-42793: Critical RCE Vulnerability in TeamCity On-Premises

Sep 26, 2023 By Andres Ramos In Arctic Wolf

On September 20, 2023, JetBrains published a blog detailing a critical Remote Code Execution (RCE) vulnerability that was identified in TeamCity On-Premises (CVE-2023-42793). This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 and can allow an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform RCE. All versions of TeamCity On-Premises are affected by this vulnerability.

Read Post

Arctic Wolf

Read more about CVE-2023-42793: Critical RCE Vulnerability in TeamCity On-Premises

CVE-2023-41991, 41992, 41993: Three Actively Exploited Vulnerabilities in Apple Products Fixed

Sep 25, 2023 By Andres Ramos In Arctic Wolf

On September 21, 2023, Apple released emergency security updates to fix three vulnerabilities impacting macOS, iOS, iPadOS, and Safari. Citizen Lab and Google Threat Analysis Group (TAG) observed these three vulnerabilities exploited in an exploit chain against a former Egyptian Member of Parliament to deploy Predator spyware. Predator was developed by Intellexa/Cytrox to perform surveillance on targeted mobile devices.

Read Post

Arctic Wolf

Read more about CVE-2023-41991, 41992, 41993: Three Actively Exploited Vulnerabilities in Apple Products Fixed

Best Practices with Organizing Results in Snyk

Sep 25, 2023 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Best Practices with Organizing Results in Snyk

2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management

Sep 23, 2023 By Wallarm In Wallarm

Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Read Post