snyk – Page 5 – WindowsTechs.com

Backdoor vulnerability in open source tool exposes thousands of apps to remote code execution

Posted on April 4, 2019 by Jeff Stone

Roughly 28 million users have downloaded a malicious version of a popular open source framework that masquerades as the real thing, but in fact gives a hackers a back door into applications. A compromised version of the website development tool bootstrap-sass was published to the official RubyGems repository, a hub where programmers can share their application code. The open source security firm Snyk alerted developers to the issue Wednesday, advising users to update their systems away from the infected framework (version 3.2.0.3). “That doesn’t mean there are something like 27 million apps out there using this,” said Chris Wysopal, chief technology officer at app security company Veracode. “[But] when you’re using open source packages to build your applications, you’re inheriting many of the vulnerabilities. … But bootstrap-sass is a popular component used by enterprises and startups so there’s potentially thousands of applications affected by this.” While the vulnerability is serious — hackers […]

The post Backdoor vulnerability in open source tool exposes thousands of apps to remote code execution appeared first on CyberScoop.

Continue reading Backdoor vulnerability in open source tool exposes thousands of apps to remote code execution→

Snyk gets $22 million for platform that tracks security flaws in open source projects

Posted on September 25, 2018 by Zaid Shoorbajee

Snyk, a startup that aims to make the use of open-source code libraries more secure, announced Tuesday that it raised $22 million in its Series B investment round. The company has a security research team that maintains a database of vulnerabilities found in open source libraries, as well as their patches. Customers using Snyk can be alerted to security flaws in the code they’re using and fix them. Snyk says it’s continuously protecting more than 140,000 projects, which account for about 580,000 vulnerabilities every month. Snyk watches code repositories on platforms like GitHub, Bitbucket and GitLab. In June, the company also announced a container vulnerability management service, entering a field where other startups are trying to specialize. With offices in London, Tel Aviv and Boston, Snyk (pronounced “snick”) boasts “over 200 large enterprise customers” and claims that its revenue has grown by a factor of five in nine months. The company says […]

The post Snyk gets $22 million for platform that tracks security flaws in open source projects appeared first on Cyberscoop.

Continue reading Snyk gets $22 million for platform that tracks security flaws in open source projects→

Snyk raises $22M on a $100M valuation to detect security vulnerabilities in open source code

Posted on September 25, 2018 by Ingrid Lunden

Open source software is now a $14 billion+ market and growing fast, in use in one way or another in 95 percent of all enterprises. But that expansion comes with a shadow: open source components can come with vulnerabilities, and so their widespread use in apps become a liability to a company’s cybersecurity. Now, a […] Continue reading Snyk raises $22M on a $100M valuation to detect security vulnerabilities in open source code→

Zip Slip Flaw Affects Thousands of Open-Source Projects

Posted on June 6, 2018 by Tara Seals

An exploit allows attackers to remotely overwrite archive files with their own content, and from there pivot to achieving remote command execution on the machine. Continue reading Zip Slip Flaw Affects Thousands of Open-Source Projects→

Open source security platform Snyk raises $7 million in Series A funding round

Posted on March 6, 2018 by Zaid Shoorbajee

Snyk, a London-based startup that provides security for open source libraries, has raised $7 million in its Series A funding round, the company announced on Tuesday. The company bills itself as a “developer-first security solution that helps you use open source code and stay secure.” Snyk runs a vulnerability database that it uses to protect its customers who use open source code. “Security controls must adapt to the new pace open source and cloud dictate. Failing to do so is what led to the recent breaches at Equifax, Uber, and the Tesla cloud breach. We’re relying on strangers’ code to run the most sensitive aspect of our business, and do so at neck-breaking speed,” said Guy Podjarny, Snyk’s CEO and co-founder. “Traditional security solutions simply cannot keep up.” Snyk says it will use leverage the new funding to “deploy additional product offerings that improve the secure usage of open source for developers.” […]

The post Open source security platform Snyk raises $7 million in Series A funding round appeared first on Cyberscoop.

Continue reading Open source security platform Snyk raises $7 million in Series A funding round→