One of our missions at Snyk is a simple one: help developers fix things easily. We further our mission by releasing features and improvements as quickly as possible, but it’s also just as important that developers have an experience which helps them gain as much value from Snyk as possible. This includes being able to quickly understand what needs to be fixed, and making that task incredibly easy.

CVE-2020-27223 is a denial of service vulnerability discovered in the Eclipse Foundation’s popular Jetty web server.

It is imperative for any national security agency to diagnose, identify, and address the possible vulnerabilities within their defence system to avert exploitation of the nation’s security.

All sources agree that cyber crime is increasing year on year, putting businesses small and large at increasing risk. Attacks jumped by 31% during the height of the 2020 pandemic alone, and is predicted to cost the global economy over $10 trillion by 2025. In order to stay ahead of the hackers, savvy enterprises are stepping up their security scanning regimes by using vulnerability scanning and penetration tests to uncover security flaws.

Considering the continuous increase in cybersecurity attacks targeting large organizations over the past few years and regulations like PCI DSS, HIPAA, NIST 800-731 – to name a few – it’s no surprise that enterprise investment in vulnerability management is on the rise. Detecting, prioritizing, and remediating security vulnerabilities in today’s rapidly evolving threat landscape is no small feat.

The convenience of keyless entry systems can come at a price: your security. Learn how key fob hacks happen and why proactive security measures are a vital part of stopping them. With increased connectivity capabilities and larger and more complex software in automotive systems, modern vehicles are becoming more susceptible to cyber security attacks.

When it comes to securing your applications, it’s not unusual to only consider the risks from your first-party code. But if you’re solely considering your own code, then your attack surface is likely bigger than you think. Our recent State of Software Security report found that 97 percent of the typical Java application is made up of open source libraries. That means your attack surface is exponentially larger than just the code written in-house.

Find out how the additions of threat intelligence-led exploit database will enhance and affect your vulnerability management findings in Outpost24.

XML External Entities (XXE or XML injection) is #4 in the current OWASP Top Ten Most Critical Web Application Security Risks.

I recently discovered that all versions of Windows Server 2012 (but not Server 2012 R2) are affected by a DLL hijacking vulnerability that can be exploited for privilege escalation. Moreover, the flaw can be triggered by a regular user and does not require a system reboot. Sounds like a pretty big deal, right? Well, not according to Microsoft, unfortunately.