Microsoft Power Platform DLP Bypass Uncovered - Finding #3 - Custom Connectors
Hello everyone! I’m Yuval Adler, Customer Success Director at Zenity.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Account Takeover Vulnerability in Azure's API Management Developer Portal
How an Account Takeover vulnerability, discovered during a routine customer engagement, became a candidate for responsible disclosure, via the Microsoft Security Research Center Researcher Portal.
Website Vulnerability Scanning Guide For Enterprises
Globally around 30,000 websites face a hack each day. Now multiply that by the days in a year and we have ourselves a whopping cause of concern.
Snyk Workflows - Builds & Branching
Snyk integrates with your IDEs, repos, workflows, and automation pipelines to add security expertise to your toolkit. The “menu” of options available to you is extensive, so we created this three-part series to get you started and running. What about when you need to compare different versions of code? This third session of the series covers the more advanced topic of builds and branching and more.
Wallarm Platform Demo: API Discovery & API Posture Management
Learn how to discover all the APIs in your portfolio, based on actual traffic instead relying on schemas, including internal and external-facing endpoints, so you can protect them against OWASP Top-10 threats like Injections and BOLA, ensure sensitive data are protected against unintentional or malicious disclosure, and much more.
Mitigating path traversal vulns in Java with Snyk Code
Path traversal is a type of security vulnerability that can occur when a web application or service allows an attacker to access server files or directories that are outside the intended directory structure. This can lead to the unauthorized reading or modification of sensitive data.
Wallarm Platform Demo: API Attack Perimeter Visibility
Learn about our CVE Exposure capabilities, which provides in-depth insight into vulnerabilities and attacks against your APIs, and how to remediate these issues.
Resolving CVE-2022-1471 with the SnakeYAML 2.0 Release
In October of 2022, a critical flaw was found in the SnakeYAML package, which allowed an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Finally, in February 2023, the SnakeYAML 2.0 release was pushed that resolves this flaw, also referred to as CVE-2022-1471. Let’s break down how this version can help you resolve this critical flaw.
This Week in VulnDB - The Big Fix Edition
Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.
Critical RCE Vulnerability in Multiple Cisco IP Phones: CVE-2023-20078
On Wednesday, March 1, 2023, Cisco published an advisory of a critical severity vulnerability impacting 6800, 7800, and 8800 series IP phones. The vulnerability allows for unauthenticated execution of arbitrary code. The vulnerability was responsibly disclosed to Cisco by a security researcher, and security patches are available to remediate the vulnerability.