Recently, Snyk hosted a wine tasting & customer discussion featuring David Imhoff, Product Security Leader at Kroger. The discussion focused on tackling the challenges of securing digital supply chains. Kroger is a retail giant with 2,700 stores and 400,000 employees. The organization faces unique challenges because it operates on such a massive scale, adding complexity to its software supply chain and security.

Googling your organization’s name will bring up all sorts of information. However, there’s more to the internet than the surface web that’s accessed through regular search engines: the deep web and the dark web. To stay ahead of potential threats and maximize incident response performance, security teams need a complete view of their organization’s presence across all areas of the internet.

Coming into 2023, we predicted that the economic downturn would fuel sophisticated fraud, the growth of serverless workloads will increase the attack surface, and there would be more MFA bombing attacks. As we look to 2024, Outpost24’s team of security experts have predicted the emerging threats that will shape the cybersecurity landscape. Dark AI tools, and a shift in security priorities are some of the challenges that organizations will face.

How vulnerable are credit unions, the bedrock of community finance, to rapidly advancing cyber threats? CISO Global understands that credit unions’ member-owned and not-for-profit structure allows their banking counterparts to outpace them in allocating resources for cyber defenses. While credit unions are deeply committed to protecting member data, their budgetary constraints might limit their ability to invest in the most advanced cybersecurity technologies and staff.

Transparency in vulnerability disclosure plays a crucial role in effective risk management, regardless of software development models. The Common Vulnerabilities and Exposures (CVE) database serves as a valuable resource, offering insights into known weaknesses even when fixes are unavailable. This empowers organizations to make informed decisions about prioritizing mitigation strategies and protecting their systems.

An open redirect vulnerability occurs when a website allows user-supplied input to influence the destination of a redirect without implementing proper validation or sanitization measures. To exploit this vulnerability, an attacker may send users a seemingly trustworthy link, which, when clicked, redirects them to a harmful website, potentially leading to phishing attacks or other malicious activities.

Common cybersecurity vulnerabilities that cybercriminals can exploit include weak credentials, lack of data encryption, misconfigurations, out-of-date software and zero days. These vulnerabilities often lead to cyber attacks that bypass an organization’s security measures and steal confidential data. Organizations need to identify and mitigate these vulnerabilities to prevent security breaches.

Welltok provides a multi-use platform allowing institutions and individuals to manage their health and well-being. It is a third-party solution that caters to clinics, health networks, industry leaders, and private clinics. They also offer personalized resources and solutions meant to improve the health and lives of applicable patients.

The SSH Terrapin attack (CVE-2023-48795) has recently caught attention, targeting the SSH protocol security by truncating cryptographic information. The inherent flaw in the SSH protocol itself affects a wide range of SSH client and server implementations. Following our initial research communication, this post will detail its fundamentals and impact.