%term

Introducing GraceWrapper, TA505's sophisticated post-exploitation enabler

Oct 12, 2022 By David Catalán In Outpost 24

Since its inception almost a decade ago and the MirrorBlast campaign, the threat actor group known as TA505 has continued to plague the financial, retail and restaurant sectors.

Read Post

Outpost 24

Read more about Introducing GraceWrapper, TA505's sophisticated post-exploitation enabler

Improving code quality with linting in Python

Oct 12, 2022 By Keshav Malik In Snyk

Python is a growing language. As it evolves and expands, so do the number of tools and development strategies available for working with it. One process that’s become increasingly popular is linting — or checking code for potential problems. With linting, errors in our code will be flagged so we can correct unusual programming practices that might result in problems. Linting is performed while the source code is written and before it’s compiled.

Read Post

Snyk

Read more about Improving code quality with linting in Python

Secure your application from Argo CD to Kubernetes

Oct 12, 2022 By JJ Ng, Pas Apicella In Snyk

GitOps is a popular framework for managing and securing the application development pipeline. For many who have embarked on a GitOps journey, a common question is: “how can I secure my pipeline when everything is automated?” The GitOps framework is a concept where any code commits or changes are done through Git, which then triggers an automated pipeline that builds and deploys applications on Kubernetes.

Read Post

Snyk

Read more about Secure your application from Argo CD to Kubernetes

What is a Vulnerability? - A Log4Shell story

Oct 12, 2022 By Sysdig In Sysdig

Software flaws are inevitable, and as Log4Shell recently reminded us, their impact can be massive. Using Log4Shell as a prime example we explain.

View Video

Sysdig

Read more about What is a Vulnerability? - A Log4Shell story

SnykLive | Stranger Danger: Your JavaScript Attack Surface Just Got Bigger | Oct 5, 2022

Oct 12, 2022 By Snyk In Snyk

Your JavaScript Attack Surface Just Got Bigger- here's what you need to know: Building JavaScript applications today means developers must take a step further from writing code. This live stream demonstrates a live JavaScript and cloud-native hacking session to show common threats, vulnerabilities, and misconfigurations. Further, we show how you can protect your application with actionable remediation and best practices for each exploit shown.

View Video

Snyk

Read more about SnykLive | Stranger Danger: Your JavaScript Attack Surface Just Got Bigger | Oct 5, 2022

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Oct 12, 2022 By Snyk In Snyk

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.

View Video

Snyk

Read more about Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

How to use Java DTOs to stay secure

Oct 11, 2022 By Brian Vermeer In Snyk

Data Transfer Objects (DTOs) in Java are objects that transport data between subsystems. It is an enterprise design pattern to aggregate data. The main purpose is to reduce the number of system calls needed between the subsystems, reducing the amount of overhead created. In this article, I will explain how DTOs are used in modern Java applications, ways your application can benefit, and how Java DTOs can help you be more secure by preventing accidental data leaks.

Read Post

Snyk

Read more about How to use Java DTOs to stay secure

DirtyCred: Opening Pandora's Box to Current and Future Container Escapes

Oct 10, 2022 By Manoj Ahuje In CrowdStrike

DirtyCred is a new Linux kernel exploitation technique that allows kernel Use After Free (UAF) or Double free vulnerabilities to swap a credential or file structure on the kernel heap memory to escalate privileges to root. The replaced credential or file structure provides root access on a Linux host and breaks out of the container at the same time. Ph.D.

Read Post

CrowdStrike

Read more about DirtyCred: Opening Pandora's Box to Current and Future Container Escapes

Security lessons with a Snyk Ambassador

Oct 10, 2022 By Andres Haro In Snyk

Security has been a concern in the tech industry for years now. However, not a lot of companies follow their own protocols or guides when it comes to securing code. It’s easy to believe that security incidents are uncommon (or unlikely to happen in your own organization), but the latest issue with Uber is one of many examples to the contrary.

Read Post

Snyk

Read more about Security lessons with a Snyk Ambassador

CVE-2022-40684: Critical Remote Authentication Bypass Vulnerability in FortiOS & FortiProxy

Oct 7, 2022 By Steven Campbell In Arctic Wolf

Late Thursday, October 6, 2022, Fortinet disclosed a critical remote authentication bypass vulnerability —CVE-2022-40684— impacting FortiOS and FortiProxy. The vulnerability could allow a remote unauthenticated threat actor to obtain access to the administrative interface and perform operations via specially crafted HTTP or HTTPS requests.

Read Post