%term

Bug Bash - How To & Best Practices - Snyk Customer Office Hours

Jan 9, 2023 By Snyk In Snyk

What is a bug bash? What is the value? How can you run one within your company? We share how to plan a Bug Bash, as well as best practices from customers who've been running these. We will also provide a check list and other resources.

View Video

Snyk

Read more about Bug Bash - How To & Best Practices - Snyk Customer Office Hours

CVE-2022-47523 - High Severity Vulnerability in ManageEngine Credential Management Products

Jan 6, 2023 By Adrian Korn In Arctic Wolf

Between the 28th –30th of December 2022, Zoho released security updates to address a SQL injection vulnerability that they identified, designated as CVE-2022-47523. An advisory was later published, summarizing the affected products and remediation. This vulnerability affects several credential management products including ManageEngine PAM360, ManageEngine Access Manager Plus, and ManageEngine Password Manager Pro.

Read Post

Arctic Wolf

Read more about CVE-2022-47523 - High Severity Vulnerability in ManageEngine Credential Management Products

Pen Test vs Vuln Scans - What's the difference? Cybersecurity 101

Jan 6, 2023 By Bulletproof In Bulletproof

What’s the difference between #penetrationtesting and #vulnerabilityscanning? It’s not the set-up for a joke, it’s a quick explainer vid. Find out the difference and why you need both. Part of our #cybersecurity101 series.

View Video

Bulletproof

Read more about Pen Test vs Vuln Scans - What's the difference? Cybersecurity 101

Supply chain security incident at CircleCI: Rotate your secrets

Jan 6, 2023 By Sonya Moisset, Vandana Verma In Snyk

On January 4, CircleCI, an automated CI/CD pipeline setup tool, reported a security incident in their product by sharing an advisory.

Read Post

Snyk

Read more about Supply chain security incident at CircleCI: Rotate your secrets

Watch out for DoS when using Rust's popular Hyper package

Jan 5, 2023 By Ori Hollander In JFrog

The JFrog Security Research team is constantly looking for new and previously unknown vulnerabilities and security issues in popular open-source projects to help improve their security posture and defend the wider software supply chain.

Read Post

JFrog

Read more about Watch out for DoS when using Rust's popular Hyper package

Attack Surface Management vs. Vulnerability Management: What's the Difference?

Jan 5, 2023 By Luis Marte In IONIX

Attack surface management (ASM) and vulnerability management (VM) are often confused, but they’re not the same. The primary difference between the two is scope: Attack surface management and external attack surface management (EASM) assume that a company has many unknown assets and therefore begin with discovery. Vulnerability management, on the other hand, operates on the list of known assets.

Read Post

IONIX

Read more about Attack Surface Management vs. Vulnerability Management: What's the Difference?

The trouble with CVEs and vulnerability management in modern tech stacks

Jan 5, 2023 By Rickard Carlsson In Detectify

Conversations about basic cybersecurity hygiene often start with a lecture on effective patch management. While proper patch management is certainly recommended, much more can be done. Say you’ve locked the doors of your house before leaving for vacation – an opportunist might only check to see if the doors are locked, but a persistent thief might try the windows or look for other ways in. Similarly, CVEs and CVSS serve a purpose, but they still leave you with many untreated risks. Why?

Read Post

Detectify

Read more about The trouble with CVEs and vulnerability management in modern tech stacks

Why Open Source License Management Matters

Jan 5, 2023 By Adam Murray In Mend

The ongoing rise in open source vulnerabilities and software supply chain attacks poses a growing threat to businesses, which heavily rely on applications for success. Between 70 and 90 percent of organizations’ code base is open source, while vulnerabilities such as Log4j have significantly exposed organizations to cyberattacks.

Read Post

Mend

Read more about Why Open Source License Management Matters

Why an SBOM is Vital to Application Security and Compliance

Dec 30, 2022 By Alfrick Opidi In Mend

Attacks targeting the software supply chain are on the rise. Indeed, data from the Mend Open Source Risk Report shows a steady quarterly increase in the number of malicious packages published in 2022, with a significant jump in Q3, which jumped 79 percent from Q2. The European Cybersecurity Agency (ENISA) predicts that supply chain attacks will increase fourfold by 2022.

Read Post

Mend

Read more about Why an SBOM is Vital to Application Security and Compliance

Are educational institutions easy victims of ransomware groups?

Dec 29, 2022 By Endpoint Central In ManageEngine

Ransomware’s new favorite victim is educational institutions. Ransomware attacks, that exploit targets utilizing malicious software code, have increased tremendously over the past few years. In addition to targeting business sectors, cybercriminals are now attempting to ambush the security posture of educational sectors. Educational institutions are an easy prey for ransomware attackers as they lack the fundamental elements of a secured network.

Read Post