%term

Malicious Packages Special Report - Attacks Move Beyond Vulnerabilities

Sep 20, 2023 By Mend In Mend

Threat actors are after our sensitive data. In 2023, the number of malicious packages published to Node Package Manager (npm) and RubyGems ballooned 315% compared to 2021, and 85% of malicious packages discovered in existing applications were capable of exfiltration – meaning they could cause an unauthorized transmission of information. Software packages containing malicious code are a growing threat, and they may have unknowingly infiltrated your applications.

View Video

Mend

Read more about Malicious Packages Special Report - Attacks Move Beyond Vulnerabilities

Why Log4j Wasn't the Developers' Fault: Understanding the Challenges of Modern Developers

Sep 20, 2023 By Protegrity In Protegrity

In today’s fast-paced digital world, software developers face many challenges as they work tirelessly to create and maintain applications that power our daily lives. The recent Log4Shell vulnerability, which exposed a critical flaw in the widely used Log4j library, has drawn widespread attention and criticism.

Read Post

Protegrity

Read more about Why Log4j Wasn't the Developers' Fault: Understanding the Challenges of Modern Developers

Black Hat Asia customer panel recap: How to lead DevSecOps adoption

Sep 18, 2023 By Brian Piper In Snyk

DevSecOps is all about collaboration: facilitating a solid partnership between development and security teams. However, these collaboration efforts won’t succeed without help from leadership. Development and security teams need top-down support to set measurable goals, create a secure CI/CD pipeline, and establish a DevSecOps culture. Three experts came together at Black Hat Asia 2023 to discuss how leadership can participate in fostering security success.

Read Post

Snyk

Read more about Black Hat Asia customer panel recap: How to lead DevSecOps adoption

How to easily install & run OWASP ZAP tool in the Jit platform.

Sep 18, 2023 By Jit In Jit

Welcome to Jit! In this video, we'll help you configure and run the ZAP tool in three easy steps. First, let's head to the "My Plan" page. Once in, we will scroll down to the "Web Application Security" section and press on the "Web App DAST" plan item. The "Item details" window will appear, and we can check the information. And once we are ready to configure ZAP, we will press the "Activate Security Control" button...

View Video

Jit

Read more about How to easily install & run OWASP ZAP tool in the Jit platform.

MOVEit Transfer: Detecting affected servers at scale

Sep 18, 2023 By Fábio Freitas In BitSight

Earlier this summer, the internet was taken by storm by three critical vulnerabilities affecting MOVEit Transfer, a file-transferring software solution widely used by high-profile companies to store and share, in some cases, even the most sensitive business information.

Read Post

BitSight

Read more about MOVEit Transfer: Detecting affected servers at scale

Vulnerabilities Within Law Enforcement Exposed

Sep 18, 2023 By Cyberint In Cyberint

On September 15th, 2023, it was announced that a company in Stockport, UK, responsible for producing ID cards for various organizations, including Greater Manchester Police, fell victim to a ransomware attack. The attack, conducted using ransomware, had significant implications. Thousands of police officers’ personal details, including their names, were at risk of exposure to the public domain.

Read Post

Cyberint

Read more about Vulnerabilities Within Law Enforcement Exposed

2023 OWASP Top-10 Series: API8:2023 Security Misconfiguration

Sep 16, 2023 By Wallarm In Wallarm

Welcome to the 9th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API8:2023 Security Misconfiguration. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Read Post

Wallarm

Read more about 2023 OWASP Top-10 Series: API8:2023 Security Misconfiguration

You Can't Win: Learning to Live with Security Pessimism

Sep 15, 2023 By Alex Reid, Product Architect In 11:11 Systems

Cybersecurity can, at times, feel like a thankless and invisible task. The punishment for a mistake is immediate and ruthless, the reward for success next to non-existent, because how do you recognise the absence of a breach? But this isn't a new scenario; the IT industry has dealt with this outlook for decades. The job of an IT department is to be invisible, but when something does go wrong all eyes are inevitably on them to fix it.

Read Post

11:11 Systems

Read more about You Can't Win: Learning to Live with Security Pessimism

Three Recent Examples of Why You Need to Know How Vulnerable Your Secrets Are

Sep 15, 2023 By Nicolas DANJON In GitGuardian

In today's digital landscape, the issue of compromised credentials has become a major concern. Discover how renowned companies like Microsoft, VMware, and Sourcegraph were recently confronted with the threats of secrets sprawling.

Read Post

GitGuardian

Read more about Three Recent Examples of Why You Need to Know How Vulnerable Your Secrets Are

Office Hours: Insights - Focus on Top RIsks

Sep 14, 2023 By Snyk In Snyk

We recently announced Insights, a unique capability providing organizations with code to cloud application intelligence that enables development and security teams to manage their application security posture more effectively by identifying, prioritizing, and fixing those issues posing the greater risk. Watch: What Insights is How to access Insights How to use Insights Watch if you are interested in using Insights, have started, or work as an engineer, developer, or in DevOps.

View Video