%term

Automate Cloud compliance with Snyk Cloud

Feb 7, 2023 By Lauren Place In Snyk

Audits are challenging. Especially when it comes to assessing abstract compliance standards against multiple cloud environments, unique cloud infrastructure setups, and many possible (mis)configurations. To help our customers automate compliance assessments, Snyk Cloud now supports 10+ compliance standards— including CIS Benchmarks for AWS, Azure, and Google Cloud, SOC 2, PCI DSS, ISO 27001, HIPAA, and more.

Read Post

Snyk

Read more about Automate Cloud compliance with Snyk Cloud

Snyk Integrations 101

Feb 7, 2023 By Snyk In Snyk

Do you want to learn about key initial integrations when getting started with Snyk? Watch this recording where Shawn Miller and Jim Jones cover Integrations 101.

View Video

Snyk

Read more about Snyk Integrations 101

How YellowAI Uses AWS & Snyk: Securing Cloud & Apps Using a Developer-First Approach

Feb 7, 2023 By Snyk In Snyk

Citu Singh of CNBC-TV18 asks technology business leaders to share their philosophy on developing applications quickly and safely. Apoorva Gaurav, VP of Engineering from YellowAI, talks about how his team uses Snyk, while Shaun McLagan, VP of Snyk APJ, shares the benefits of a developer-first approach to security.

View Video

Snyk

Read more about How YellowAI Uses AWS & Snyk: Securing Cloud & Apps Using a Developer-First Approach

Actively Exploited GoAnywhere MFT Zero-Day Vulnerability

Feb 7, 2023 By James Liolios In Arctic Wolf

On February 3, 2023, the developers of GoAnywhere MFT (Managed File Transfer) sent an advisory to their customers warning them of a zero-day remote code execution vulnerability being actively exploited in the wild. Exploitation of this vulnerability could allow sensitive data to be leaked and potentially used for extortion.

Read Post

Arctic Wolf

Read more about Actively Exploited GoAnywhere MFT Zero-Day Vulnerability

Evolving the Snyk CLI through an extensible approach

Feb 7, 2023 By Steve Winton In Snyk

Every day, thousands of developers use the Snyk CLI as part of their development workflow, to identify and resolve security issues in their code as early as possible. What if these developers and other security professionals could harness the power of this dev-first approach and also utilize entirely new security analyses, filters, and workflows via an extensible approach?

Read Post

Snyk

Read more about Evolving the Snyk CLI through an extensible approach

Active ESXiArgs Ransomware Campaign Targeting ESXi Servers Worldwide

Feb 6, 2023 By James Liolios, Steven Campbell, Christopher Prest, and Arctic Wolf Labs Team In Arctic Wolf

Early Friday morning, February 3, 2023, Arctic Wolf Labs began monitoring a new ransomware campaign targeting public-facing ESXi servers. The campaign has grown exponentially over the weekend, with approximately 3,000 victims worldwide as of early-Monday morning. Based on reporting from OVH, the threat actors behind this campaign are likely leveraging a nearly two year old heap overflow vulnerability (CVE-2021-21974) in VMware ESXi’s OpenSLP service.

Read Post

Arctic Wolf

Read more about Active ESXiArgs Ransomware Campaign Targeting ESXi Servers Worldwide

Dev-First Prevention Strategies

Feb 3, 2023 By Snyk In Snyk

Security and engineering teams often fail to find a balance between meeting the necessary security objectives for their organization and ensuring maximum velocity. While security teams view the process of blocking new critical severity vulnerabilities as a basic security best practice, engineering teams often push back out of fear that it will create too much friction for their developers. This dynamic is often based on prior experience with legacy security systems that focus almost solely on the needs of security and fail to support developers in this process.

View Video

Snyk

Read more about Dev-First Prevention Strategies

4 Categories of Container Security Vulnerabilities (& Best Practices to Reduce Risk)

Feb 2, 2023 By Sarah Zipkin In Veracode

Containerization is becoming increasingly common due to portability, ability to isolate application dependencies, scalability, cost effectiveness, and ease of use. The ability to easily package and deploy code has changed the way that organizations work with applications. But like with Windows servers years ago, or AWS today, any time one specific technology gains a significant portion of the market share, it becomes a target for attackers.

Read Post

Veracode

Read more about 4 Categories of Container Security Vulnerabilities (& Best Practices to Reduce Risk)

Vulnerability Causing Deletion of All Users in CrushFTP Admin Area

Feb 2, 2023 By Trustwave In Trustwave

During a recent penetration test, Trustwave SpiderLabs researchers discovered a weak input validation vulnerability in the CrushFTP application which caused the deletion of all users. CrushFTP is a secure high- speed file transfer server that runs on almost any OS. It handles a wide array of protocols, and security options. CrushFTP stores details of registered users within the filesystem in the users/MainUsers directory.

Read Post

Trustwave

Read more about Vulnerability Causing Deletion of All Users in CrushFTP Admin Area

CVE-2022-27596: QNAP NAS Devices Vulnerable to Critical SQL Injection Vulnerability

Feb 2, 2023 By James Liolios In Arctic Wolf

On January 30, 2023, QNAP Systems Inc. disclosed a new critical vulnerability that could allow remote attackers to inject malicious code on QNAP NAS devices that were exposed to the internet. QNAP has stated that the vulnerability is a SQL Injection flaw being tracked as CVE-2022-27596 and can be abused in low-complexity attacks by unauthenticated malicious remote threat actors without requiring user interaction.

Read Post