Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We are excited to announce the availability of Social Trends, adding social media intelligence (SOCMINT) to Snyk’s vulnerability data to help development and security teams prioritize vulnerabilities more effectively. Given the size of vulnerability backlogs facing organizations today, finding and fixing security vulnerabilities in a timely manner is a monumental task. There simply are not enough hands on deck to triage and tackle all the vulnerabilities on the list.

Web applications and hosted software make up the largest attack surface for modern tech organizations. The most common web vulnerabilities being exploited go beyond the OWASP Top 10 list. At Detectify, we work in close collaboration with an invite-only community called Detectify Crowdsource to get the latest vulnerability research into the hands of security defenders. Besides knowing the vulnerabilities, you need the know how on how to mitigate them.

The CVE-2021-33909, named Sequoia, is a new privilege escalation vulnerability that affects Linux’s file system. It was disclosed in July, 2021, and it was introduced in 2014 on many Linux distros; among which we have Ubuntu (20.04, 20.10 and 21.04), Debian 11, Fedora 34 Workstation and some Red Hat products, too. This vulnerability is caused by an out-of-bounds write found in the Linux kernel’s seq_file in the Filesystem layer.

SeriousSAM or CVE-2021-36934 is a Privilege Escalation Vulnerability, which allows overly permissive Access Control Lists (ACLs) that provide low privileged users read access to privileged system files including the Security Accounts Manager (SAM) database. The SAM database stores users' encrypted passwords in a Windows system. According to the Microsoft advisory, this issue affects Windows 10 1809 and above as well as certain versions of Server 2019.

Prototype Pollution is one of the less known vulnerabilities in the security community. Researchers started to discuss it as a potential attack vector around 2017, and the first vulnerabilities were found in the wild at the start of 2018. In this article, we’re going to take a deep dive into what Prototype Pollution vulnerabilities are, and how they can be mitigated.

Far from the days of just phone calls and text messages, mobile apps have captured our attention with efficient experiences that keep us connected to friends, family members, coworkers. It’s all at your fingertips via these amazing apps- anywhere in the world! This blog post takes you through the OWASP mobile top 10 security risks, attack scenarios from OWASP and risk remediations that help cybercriminals get their hands on sensitive data.