Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Malicious npm packages and their dangers have been a frequent topic of discussion — whether it’s hundreds of command-and-control Cobalt Strike malware packages, typosquatting, or general malware published to the npm registry (including PyPI and others). To help developers and maintainers defend against these security risks, Snyk published a guide to npm security best practices.

I’ve always had a great love of all things wireless/RF for as long as I can remember. The ability to send frames/packets of data out into the world (the airwaves!) for anyone with the right equipment and looking at the right frequency to pluck them out and reconstruct them - amazing! I am still the proud owner of both ORiNOCO Gold and Silver PCMCIA cards, these two bad boys defined wireless hacking back in the early 2000’s.

At Snyk we’re constantly trying to improve how you can work with Projects at scale. To continue the journey, we’ve been furthering how you can organize your Projects. There are nearly limitless ways to organize projects outside of Snyk because there is no standard mental model that is used by everyone, for example, some organize projects as mono-repos, and others as application components.

Generative AI capabilities continue to make their way into every organization, with increasingly useful ways of helping employees and contractors be more productive. This includes advancing how fully automated vulnerability remediation works, and with the power of generative AI, is able to take into account unique environments and uses in real-time.

In today's rapidly evolving cloud landscape, managing permissions and ensuring robust security controls are essential for organizations utilizing Amazon Web Services (AWS). AWS Identity and Access Management (IAM) is crucial in managing permissions to access AWS resources. While IAM provides granular control over permissions, AWS IAM permissions boundaries offer additional security and flexibility for fine-tuning access controls.

For those responsible directly or indirectly for the cyber defense of their organizations, June 2023 is proving to be an extremely challenging month. In this month alone, vulnerabilities were discovered in various appliances, ranging from CVE-2023-27997 impacting FortiGate devices to CVE-2023-35708 impacting MOVEit Transfer software as well as the exploitation activity discovered of Barracuda appliances via CVE-2023-2868.

On the 31st of May 2023 a public warning was issued by MOVEit, regarding a critical SQL injection vulnerability found in in their systems. This vulnerability allowed malicious actors to gain access to the database. The flaw, known as CVE-2023-34362, was identified on the 2nd of June, but it had already been exploited four days before the alert. By the end of May, approximately 2,500 instances of MOVEit file transfers were discovered to be exposed online, primarily in the United States.

On June 23, 2023, Fortinet disclosed a critical Remote Code Execution (RCE) vulnerability (CVE-2023-33299) affecting FortiNAC, a network access control solution utilized by organizations to manage network access policies and compliance. This vulnerability is the result of the deserialization of untrusted data. Deserialization vulnerabilities such as this one are dangerous because a threat actor can insert a modified serialized object into the system which leads to unauthenticated RCE.

Recently, a critical vulnerability tracked as CVE-2023-27997 was identified in Fortinet Fortigate appliances. Fortinet makes some of the most popular firewall and VPN devices on the market, which makes them an attractive target for threat actors. This vulnerability has been exploited by the Chinese APT group Volt Typhoon, among others, targeting governments and organizations worldwide. As a result, Fortinet has released an urgent patch for affected systems.