Open-source: The New Way of Envisioning Security
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
The Secret's Out: Researchers Reveal Backdoor in Emergency Radio Encryption
For over 25 years, a technology utilized for vital data and voice radio communications globally has remained under wraps, preventing in-depth testing for potential vulnerabilities. However, a small group of researchers in the Netherlands has now shed light on it, uncovering significant flaws, including a deliberate backdoor.
Electrifying Exploit: A Case Study on SSRF Vulnerability in an EV Manufacturer's System
You're cruising down the highway in your sleek, state-of-the-art electric vehicle (EV). The hum of the electric motor is your soundtrack, the open road your cinema. Your dashboard, a symphony of lights and numbers, is a live feed of your vehicle's vitals – battery levels, tire pressure, energy consumption, and more. Suddenly, your phone buzzes. It's your EV's companion app, alerting you to an unexpected battery drain.
Product demo - O24 Farsight VPT for Risk-based Vulnerability Management
There’s a gap between the identification of vulnerabilities and the IT resource available to remediate them within the timeframe hackers operate. With Outscan NX and Farsight, the vulnerability risk management process becomes more streamlined and efficient, enabling organizations to proactively address the biggest risk first to optimize security resource.
MOVEit Vulnerability Investigations Uncover Additional Exfiltration Method
Kroll has identified two different file exfiltration methodologies leveraged by threat actors, primarily CLOP, during recent engagements involving the exploitation of the MOVEit vulnerability (CVE-2023-34362) throughout May and June 2023. In the vast majority of Kroll’s global MOVEit investigations, the primary data exfiltration method consisted of utilizing the dropped web shell to inject a session or create a malicious account (named Method 1 for this piece).
New TETRA:BURST Vulnerabilities Enable Attackers to Intercept and Inject Critical Radio Traffic - How to Mitigate Risk
On July 24, a group of researchers at Midnight Blue announced TETRA:BURST, a set of five new vulnerabilities affecting the TETRA standard for radio communication.
What are Vulnerability Disclosure Programs?
Vulnerability disclosure programs (VDPs) are structured frameworks or processes for organizations to document, submit, and report security vulnerabilities to all other relevant organizations. Being ready and able to address vulnerabilities before they become problems is an essential part of any cybersecurity strategy. While VDPs are not currently required by law, the U.S. government encourages vulnerability disclosure programs as a proactive approach to cybersecurity.
Mitigating the Latest Microsoft Teams Vulnerability with Netskope
Recently, a team of experts from JumpSEC Labs discovered a vulnerability in Microsoft Teams that allows malicious actors to bypass policy controls and introduce malware through external communication channels. Leaving end-users susceptible to phishing attacks. Microsoft’s advice is to educate end-users to detect phishing attempts. One workaround would be to disable Microsoft Teams collaboration with external organizations.
The Rise of CI0p Ransomware with MOVEit Transfer Vulnerabilities
In today’s interconnected world, the reliance on secure file transfer software is paramount for businesses dealing with sensitive data. Among these tools, MOVEit Transfer software has been a popular choice worldwide, especially in the US, to ensure secure file transfers. However, recent events have exposed its vulnerabilities, leading to the active exploitation by the CI0p ransomware group.