Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On October 25, 2022, the OpenSSL project announced the existence of a critical vulnerability in the OpenSSL library affecting OpenSSL versions 3.0.0 and above, as well as any application with an embedded, impacted OpenSSL library. This announcement did not include any details on what this vulnerability is or how it can be exploited. On November 1, 2022, a cryptographic library used for encrypting communications in a wide variety of applications on the internet.

Hi there Ruby developers! If you’ve been looking for an effective way to establish a Ruby on Rails Docker setup for your local development environment, then this post is for you. It’s a continuation of our previous article on how to install Ruby in a macOS for local development. Ruby developers frequently need to account for a database when building a Ruby on Rails project, as well as other development environment prerequisites.

On October 28th, 2022, ConnectWise disclosed a critical remote code execution (RCE) vulnerability affecting ConnectWise Recover (version 2.9.7 and earlier) and R1Soft Server Backup Manager (version 6.16.3 and earlier). A threat actor could leverage an authentication bypass vulnerability in these products (CVE-2022-36537) to leak server private key files, software licenses, and system configuration files and ultimately achieve RCE as the system superuser.

Vulnerability management can be more than just running scans and sorting by Common Vulnerability Scoring System scores! Take your program to the next level by adding a threat-based approach to vulnerability management by combining the hacker mindset with cyber threat intelligence. With so many vulnerabilities published daily, having a team knowledgeable with the latest threats can help IT teams quickly identify assets that require expedited remediation.

OpenSSL released version 3.0.7 with security fixes for High Severity vulnerabilities CVE-2022-3786 & CVE-2022-3602 discussed here. Here's how to know if you're affected and what to do if you are.

The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786) on October 25, which affect all OpenSSL v3 versions up to 3.0.6. These vulnerabilities are remediated in version 3.0.7 which was released November 1. OpenSSL 1.X versions are unaffected by the vulnerabilities.

On Oct 25, 2022 The OpenSSL project announced a forthcoming release of OpenSSL (version 3.0.7) to address a critical security vulnerability. This release should go live on Tuesday, November 1, 2022 between 1300 and 1700 UTC. Snyk has published a placeholder advisory with the current known details, and will update the advisory when official vulnerability details are publicized. The last critical vulnerability in OpenSSL was released in 2016.

A critical vulnerability was discovered in current versions of OpenSSL affecting almost every organization. A fix is now out. Learn more about the vulnerabilities and what to do if you have been impacted.

In 2022, AWS (Amazon Web Services) remains one of the dominant cloud platforms and continues to be recognized as a leader in Cloud Infrastructure and Platform Services. AWS accounts for 34% of the cloud infrastructure service providers, so many organizations today have either all, most, or at least some of their infrastructure on AWS.

When building applications in Java, we highly depend on external libraries and frameworks. And each Java package that is imported likely also depends on more libraries. This means that the amount of Java packages included in your application is often not really transparent. As a developer, these nested (transitive) dependencies create the problem that you probably do not know all the libraries you are actually using.