%term

Out of This World Cybersecurity

Mar 23, 2023 By Snyk In Snyk

From cybersecurity Executive Orders, to Emergency Directives, to establishing a presence on the moon, cybersecurity at NASA encompasses a wide variety of both Information and Operational Technology assets, some of which are literally out of this world. Attendees will gain insights into the challenges and best practices in securing critical assets in highly dynamic and complex environments.

View Video

Snyk

Read more about Out of This World Cybersecurity

Dev First Prevention Strategies Using the CI/CD

Mar 23, 2023 By Snyk In Snyk

Watch this office hours where we cover best practices for introducing a blocking/prevention strategy using the CI/CD Integration. Security and engineering teams often fail to find a balance between meeting the necessary security objectives for their organization and ensuring maximum velocity. While security teams view the process of blocking new critical severity vulnerabilities as a basic security best practice, engineering teams often push back out of fear that it will create too much friction for their developers.

View Video

Snyk

Read more about Dev First Prevention Strategies Using the CI/CD

Zero Day Defined: Zero-Day Vulnerabilities, Exploits & Attacks

Mar 23, 2023 By Muhammad Raza In Splunk

Zero-Day” is an intriguing concept in the domain of cybersecurity. Imagine diligently following security best practices such as patching exploits and updating the systems regularly. Plus, you’re following strict risk management and governance frameworks within the organization to vet new software applications for security risk before adding them to your library. But what happens when the security flaws are novel — and a patch does not exist?

Read Post

Splunk

Read more about Zero Day Defined: Zero-Day Vulnerabilities, Exploits & Attacks

The rising trend of malicious packages in open source ecosystems

Mar 23, 2023 By Idan Digmi In Snyk

Since the beginning of 2023, Snyk has documented around 6800 malicious packages across PyPI and the npm registry, which requires little to no interaction, almost 860 of which were discovered by us.

Read Post

Snyk

Read more about The rising trend of malicious packages in open source ecosystems

Rubrik Gets Hit by The GoAnywhere Security Vulnerability: Is Customer Data at Risk?

Mar 23, 2023 By Steven In IDStrong

Rubrik is a security company that specializes in cloud data management services. The company helps store and secure information for customers, and it's vital that it is able to keep that data safe. This is why hearing about a possible cyber-attack on the company is alarming. Rubrik was hit by the same GoAnywhere security vulnerability that dozens of other companies suffered from.

Read Post

IDStrong

Read more about Rubrik Gets Hit by The GoAnywhere Security Vulnerability: Is Customer Data at Risk?

Expression DoS Vulnerability Found in Spring - CVE-2023-20861

Mar 22, 2023 By Dae Glendowne In Code Intelligence

As part of our efforts to improve the security of open-source software, we continuously test open-source projects with our JVM fuzzing engine Jazzer in Google’s OSS-Fuzz. One of our tests yielded a Denial of Service vulnerability in the Spring Framework (CVE-2023-20861). Spring is one of the most widely used frameworks for developing web applications in Java. As a result, vulnerabilities have an amplified impact on all applications that rely on the vulnerable version.

Read Post

Code Intelligence

Read more about Expression DoS Vulnerability Found in Spring - CVE-2023-20861

Coffee Talk with SURGe: Oakland Ransomware Attack, BreachForums, Acropalypse Vulnerability, GPT-4

Mar 22, 2023 By Splunk In Splunk

Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan shared their takes on responding to 0day vulnerabilities and the trio also discussed GPT-4 and the future of generative AI.

View Video

Splunk

Read more about Coffee Talk with SURGe: Oakland Ransomware Attack, BreachForums, Acropalypse Vulnerability, GPT-4

Save time fixing security vulnerabilities much earlier in your SDLC

Mar 22, 2023 By Paul Garden In JFrog

Are you or your development team tired of using application security tools that generate countless results, making it difficult to identify which vulnerabilities pose actual risks? Do you struggle with inefficient or incorrect prioritization due to a lack of context? What adds insult to injury is that traditional CVSS scoring methods ignore critical details like software configurations and security mechanisms.

Read Post

JFrog

Read more about Save time fixing security vulnerabilities much earlier in your SDLC

VIN Cybersecurity Exploits and How to Address Them in 2023

Mar 22, 2023 By Tripwire Guest Authors In Tripwire

Cybersecurity is no longer the exclusive domain of computers, servers, and handheld devices. As wireless connectivity grows, it makes many daily activities more convenient, but it also means that cars may be vulnerable to cyberattacks. Connected, Autonomous, Shared and Electric vehicles are starting to dominate the auto market, but they often carry significant cybersecurity risks.

Read Post

Tripwire

Read more about VIN Cybersecurity Exploits and How to Address Them in 2023

Cato Protects Against CVE-2023-23397 Exploits

Mar 22, 2023 By Matan Mittelman In Cato Networks

A new critical vulnerability impacting Microsoft Outlook (CVE-2023-23397) was recently published by Microsoft. The CVE is particularly concerning as no user involvement is required by the exploit. Once a user receives a malicious calendar invite, the attacker can gain a user’s Active Directory credentials. Microsoft has released a security update that can be found here. Cato Research strongly encourages updating all relevant systems as proof-of-concept exploits have already appeared online.

Read Post