OWASP Top 10 in 2021: Software and Data Integrity Failures Practical Overview
Software and Data Integrity Failures is #8 in the current OWASP Top Ten Most Critical Web Application Security Risks.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
An Introduction to the Snyk Team pricing plan
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
WhiteSource Cure: Automated Remediation for Developers
Keeping up with today’s rapidly evolving threat landscape is an ongoing battle for software development organizations, as many struggle to keep their assets and customers secure while keeping up with the competitive pace of software delivery.
CIS Control 07: Continuous Vulnerability Management
When it comes to cybersecurity, vulnerability management is one of the older technologies that still play a critical role in securing our assets. It is often overlooked, disregarded, or considered only for checkbox compliance needs, but a proper vulnerability management program can play a critical role in avoiding a series data breach. CIS Control 07 provides the minimum requirements, table stakes if you will, for establishing a successful vulnerability management program.
23andMe's Yamale Python code injection, and properly sanitizing eval()
JFrog security research team (formerly Vdoo) has recently disclosed a code injection issue in Yamale, a popular schema validator for YAML that’s used by over 200 repositories. The issue has been assigned to CVE-2021-38305.
How to better secure user authentication protocols
In March 2021, cybersecurity researcher Le Xuan Tuyen discovered a security bug in Microsoft Exchange Server. The vulnerability, dubbed ProxyToken, lets attackers bypass the authentication process to access victims’ emails and configure their mailboxes.
The Vulnerability Conundrum: Improving the Disclosure Process
The vulnerability disclosure process involves reporting security flaws in software or hardware, and can be complex. Cooperation between the organization responsible for the software or hardware, and the security researcher who discovers the vulnerability can be complicated. In this blog we’ll look at the vulnerability disclosure process, the parties involved and how they can collaborate productively.
Alice in Windowsland: 3 ways to escalate privileges and steal credentials
Read how our red team used different attack techniques to hack AppLocker restrictions by implementing escalated privileges and reusing the Credentials Manager to extract stored data and Azure information.
Cloud Threats Memo: Adding to the List of Exploited Cloud Services
Hosting phishing pages or malicious payloads on legitimate cloud services is now a consolidated modus operandi for bad actors.
How to mitigate kubelet's CVE-2021-25741: Symlink exchange can allow host filesystem access
CVE-2021-25741 is a new vulnerability discovered in Kubernetes that allows users to create a container with subpath volume mounts to access files & directories outside of the volume, including the host filesystem. It was disclosed in September 2021 and affects kubelet, which is the node agent that runs on each Kubernetes node. In particular CVE-2021-25741 affects kubelet in these Kubernetes versions.