From day one, Snyk’s vision has been to enable development and security teams across the world to develop fast while staying secure. A key component of this vision is ensuring our customers feel confident in using our developer security platform. This is why we place the utmost importance on keeping our customers’ data safe and helping them address their security and compliance requirements.
This past March we posted an analysis of a vulnerability in the Apache HTTP Server mod_sed filter module, CVE-2022-23943, in which a Denial of Service (DoS) can be triggered due to a miscalculation of buffers’ sizes. While analyzing this Apache httpd vulnerability and its patch, we suspected that although the fix resolved the issue, it created a new unwanted behavior. Our suspicion turned out to be true: we discovered that another way to cause a DoS was introduced.
CrowdStrike Services recently investigated a suspected ransomware intrusion attempt. The intrusion was quickly stopped through the customer’s efforts and those of the CrowdStrike Falcon Complete™ managed detection and response (MDR) team, which was supporting this customer’s environment.
For application security, the shift left strategy is something that every enterprise is embracing today, which essentially means putting the security controls in earlier stages of development. This is more like a “nipping the problem in the bud” strategy where the security controls in their respective domains highlight the potential security weaknesses related to vulnerabilities in code, vulnerabilities in third-party packages and code quality issues.
In a recent report by the incident response giant Mandiant, which was purchased by Google in March, their researchers found that 2021 was a record year for the total number of 0-day vulnerabilities disclosed and exploited. According to their findings, their team identified some 80 0-days exploited in the wild. At the same time, Google Project Zero researchers reported the detection and disclosure of 58 0-days.
Snyk Ambassadors are passionate about sharing their security expertise. Become one today by signing up! In the shipping industry, the container format follows ISO 668, a standard format that regulates the safe stacking of containers. Imagine your applications with multiple containers, running different applications, serving different purposes for people all over the world.
It has been 10 years since Project Basecamp, a research project conducted by Digital Bond that investigated how critical operational technology (OT) devices and protocols were, to use the term they coined, “insecure by design.” Since then, we have seen hugely impactful real-world OT malware such as Industroyer, TRITON, Industroyer2 and INCONTROLLER abusing insecure-by-design functionality.
While studying for my master's degree in cyber security, I co-authored a paper regarding the rollout of IoT devices and the security considerations that businesses need to address to ensure these devices are secure. The paper underscored how a large majority of IoT devices used vulnerable components and did not follow basic secure programming principles.
Open source software is a key component in modern applications. It has created a new era in software development, promoting a free exchange of ideas within the developer community and enabling developers to build more functional software, faster than ever. Based on most estimates, 70-90% of any piece of modern software includes open source code.
