Tal Mozes

Checkmarx is delighted to provide four new reasons for devs to adopt security: https://lnkd.in/dmgxp77r * Secrets Detection Pre-commit * ASPM in the IDE * Artifact Integration * Engineering Dashboard Find out more about our latest releases and how they can help you get closer to DevSecOps.

59

Trend Zero Day Initiative™ (ZDI) exposed the tactics of Russian cybercriminals targeting Ukrainian organizations. From spear-phishing to advanced homoglyph attacks, understand the full spectrum of these threats and how to fortify your business against them: https://spr.ly/6047Ir4aF

94

1 Comment

🚨 Cato CTRL recently observed that while many were out enjoying the summer, the threat actors behind Oyster were busy launching a new malvertising campaign. Disguised as a trusted admin tool, Oyster used spoofed domains to deliver a trojanized installer via a compromised real estate broker website. No zero-days. Just smart timing, social engineering, and AV evasion techniques designed to blend into normal traffic. Cato customers? Already protected. Real-time network-based detection and prevention from the Cato #SASE Cloud Platform stops Oyster before the payload can execute. 🐚 Read more 👉 https://bit.ly/4mJJiCN

53

💸 Uncover the real cost of #DevSecOps! Security shouldn’t slow down your developers—but it often does... Join Batel Zohar, Moran Ashkenazi, and Chen Shiri on the 19th of February at 10 AM CET to uncover how #security tasks are affecting developers’ time + costing you money. Catch these actionable insights & reduce your cost - register now: https://jfrog.co/40zTPIu

48

XXE vulnerabilities are getting harder to detect... 😓 Yet they still remain an impactful vulnerability class worth testing for! In our latest article, we've outlined 8 different XXE exploitation cases. 😎 Read the article today! 👇 https://lnkd.in/dDJ45xd5

45

🚨 The kernel-level security revolution you can't ignore, a must-listen with Liz Rice! Eden Naftali and Amitai Cohen sit down with Liz Rice, Chief Open Source Officer at Isovalent (Cisco), and a global expert in eBPF, containers, and Kubernetes security.  In this episode:  • How eBPF is reshaping cloud security from the ground up  • Practical strategies to tackle open source supply chain attacks (a hot topic given today’s events) A must-listen for anyone building or securing cloud infrastructure in an era of AI coding and supply chain attacks. 🎙️ Listen now to our NEW Crying Out Cloud episode: 🍏 https://lnkd.in/eBD8VChH 🎧 https://lnkd.in/eP2YsxwG 📺 https://lnkd.in/egKT2Eka

52

Argo CD has had a productive year improving platform security! Key updates include: 🔒 13 security patches (2 critical, 3 high, 8 medium) 📋 28 vulnerability reports reviewed and resolved Learn more about the key fixes and their impact in Pavlo Kostogrys's blog post: 👉 https://lnkd.in/gVd5Vsk4 #ArgoCD #DevOps #Kubernetes

26

🌟 Introducing AI-Powered Software Graph Visualization from Apiiro 🌟 Continuous, accurate threat modeling is now a reality Tired of looking at static diagrams and basing security decisions on outdated assumptions? Apiiro’s new Software Graph provides a real-time, interactive map of your application architecture, from code to runtime. https://lnkd.in/dh8a7xxT Automatically generated using Deep Code Analysis (DCA) and runtime context, the graph enables teams to: 🔍 Visualize relationships between APIs, services, data models, secrets, and dependencies 🚨 Identify critical risks like sensitive data exposure, internet-exposed APIs, and blast radius of vulnerable components ⚡ Get visual, context-rich answers to targeted security questions in seconds 📊 Prioritize and remediate based on actual business impact, not generic scoring Software Graph gives security teams a live, queryable risk model, fully integrated with your existing security workflows. Say goodbye to manual reviews and hello to real-time, risk-aware visibility. 👉 See it in action – Watch our demo video, and get a live demo tailored to your environment: https://lnkd.in/gDihbKTb #AppSec #ASPM #ThreatModeling #SoftwareArchitecture #Apiiro

52

1 Comment

NTDS.DIT extraction provides a stealthy way for bad actors to access AD. How can you cut them off before they do damage? Senior Identity and Security Architect Huy Kha explains that detecting NTDS.DIT extraction requires attention to command-line activities and domain controller Application logs. Learn how maintaining this level of vigilance is made easier by using automation in tools such as endpoint detection and response (EDR) solutions. 🔗 https://lnkd.in/grnZuztm

30

Most teams only become aware of CVEs when they’re public. By then, attackers are already steps ahead. Our latest research shows how early signals from threat actors can help predict vulnerabilities before disclosure. 👉 Read the full blog: https://lnkd.in/dXsaJ2gC __ #CVE #ThreatIntelligence

28

Security used to mean snapshots and silos. Now it means: 🔍 Always-on runtime assessment across your apps 🎯 High confidence, curated findings that cut out noise 🔗 Security + compliance, finally in one place This is continuous runtime protection without the overhead. 👉 Explore Scrut DAST: https://lnkd.in/g9JRyyYB #DAST #CyberSecurity #AppSec #PenTesting #VulnerabilityManagement

36

As companies seek new methods to secure their operations, the rise of cyberattacks and digital threats serves as a critical call to action for all security experts to develop countermeasures against various potential attacks and security vulnerabilities. Software Delivery Director Wojciech Kozak's latest article highlights the solutions, strategies and tools that companies can implement to ensure both digital and structural security. Click the link below to read more. 👉 https://lnkd.in/dFjvwfzV    #SecurityTools #DevSecOps #KubernetesSecurity #CyberArk #SoftwareMind 

31