Stranger Danger: Your JavaScript Attack Surface Just Got Bigger
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Buffer overflow attacks in C++: A hands-on guide
A buffer overflow is a type of runtime error that allows a program to write past the end of a buffer or array — hence the name overflow — and corrupt adjacent memory. Like most bugs, a buffer overflow doesn’t manifest at every program execution. Instead, the vulnerability is triggered under certain circumstances, such as unexpected user input.
[Webinar] Detecting intrusion in DevOps environments with AWS canary tokens
Last year, hardcoded secrets made it 2nd to the OWASP Top 10 Web Application Security Risks. This year, the vulnerability gained a spot and now ranks 15th on the MITRE CWE Top 25 Most Dangerous Software Weaknesses. Needless to say, no organization wants to have its secrets exposed during software development. But what if I told you security teams could use hardcoded secrets to their advantage? Join me on Wednesday, July 27th, for a live discussion with Eric Fourrier, CTO at GitGuardian, on how to detect compromised developer and DevOps environments with canary tokens.
CrowdStrike Expands CNAPP Capabilities to Secure Containers and Help Developers Rapidly Identify and Remediate Cloud Vulnerabilities
Expansion of agent-based and agentless protection provides support for Amazon ECS allowing DevSecOps teams to build even more securely on AWS environments.
Snyk Unveils Snyk Cloud, the Industry's First Developer-Centric Cloud Security Solution
New Product Secures the Cloud from Code Through Runtime, Facilitating DevSecOps Collaboration.
The lifecycle of a software vulnerability
This is the second part of a three-blog series on startup security. Please check out part one too. The anatomy of a software vulnerability is a bit like mercury accumulation in seafood. Trace amounts of naturally occurring mercury in seawater is absorbed by algae and bioaccumulates up the food chain. Large fish at the top of the food chain contain the most mercury and should be consumed in limited quantities.
Cloud Threats Memo: Dropbox: Flexible Cloud Storage Increasingly Exploited by Attackers
Researchers from ESET have shed light on a new macOS backdoor, discovered in April 2022, dubbed CloudMensis. At first glance this is just the latest example of spyware targeting the Apple operating system with the intent of exfiltrating documents, keystrokes, and screen captures. However, as the name suggests, one of the interesting features of this malware is a sophisticated two-stage kill chain that exploits legitimate cloud services in different phases of the attack.
Snyk Demo in 20 Minutes | 2022
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
ML Detection of Risky Command Exploit
As described in Splunk Vulnerability Disclosure SVD-2022-0624, there is a list of SPL (Search Processing Language) commands that are classified as risky. This is because incorrect use of these risky commands may lead to a security breach or data loss. As a precautionary measure, the Splunk Search app pops up a dialog, alerting users before executing these commands whenever these commands are called.
A CISO's Guide to Container Security: Understanding Vulnerabilities & Best Practices
Companies are introducing new apps and services to enable remote work, improve supply chains and handle disruptions caused by the pandemic. Our digital-first world thrives on speed and efficiency, and containers play a huge part in getting applications up and running quickly. Though containers offer many advantages over traditional virtualization, they also introduce significant security risks.