New Zenbleed Vulnerability: What It Is, How to Fix It
Zenbleed (CVE-2023-20593) was announced today. This is a vulnerability affecting AMD processors based on the Zen2 microarchitecture (certain EPYC CPUs used in datacenter servers and Ryzen/Threadripper CPUs used in desktop/laptop computers). The ...
Digging Into An Interesting New CVE
CVE-2023-38408, discovered by the Qualys Threat Research Unit (TRU), describes an RCE (remote code execution) vulnerability made possible by an unwanted interaction between OpenSSH’s ssh-agent executable, the dlopen() and dlclose() functions used ...
SBOM Executive Order: Ready for the June 11th deadline?
In preparation for the June 11th deadline of President Biden’s Executive Order (EO) on Improving the Nation’s Cybersecurity, Deepfactor has focused on educating customers about the importance of accurately and systematically documenting ...
SBOM Security in 2023: Top 5 things you must know as a cybersecurity professional
Modern applications rely on open source and third-party software for a majority of their code base. Many of those software building blocks come with vulnerabilities and license risks that organizations must manage ...
Deepfactor 3.2 Adds SBOM and Runtime Correlation for SCA To Help Customers Improve Supply Chain Security
With the June 2023 Supply Chain Security executive order looming, Deepfactor 3.2 introduces important SCA, SBOM, and runtime security enhancements designed to help customers reduce risk, improve supply chain security, and comply ...
Recognizing Patterns in Cloud Native Application Security
From Kubernetes Security to Cloud Native Application Security Recently, we partnered with DZone and Yitaek Hwang to publish the Kubernetes Security Essentials Refcard. Our objective was to help engineering teams understand how ...
5 Ways to Help Engineering Teams Integrate Security into Development Pipelines
In the past couple of years in my technical product role here at Deepfactor, I have had several meetings with VPs and directors of security from large, global organizations in retail, healthcare, ...
Learn How to Evaluate Developer Security Platforms
When Deepfactor was launched in September 2020, the market was [being] upended by technical innovations in containerization (i.e. K8s), software delivery (i.e. CI/CD), and security (i.e. more on that below). These trends ...
OpenSSL 3.0.x Vulnerability: Remote Code Execution (CVE-2022-3602, CVE-2022-3786)
By Guest Author Teja Myneedu, Director—Product Security Engineering and Research, TripActions OpenSSL is a commonly used cryptographic toolkit widely used for SSL/TLS across web-based applications. The OpenSSL project routinely releases bug fixes and ...
How to Protect Yourself Against the Text4Shell Security Vulnerability
By Guest Author Teja Myneedu, Director—Product Security Engineering and Research, TripActions Following the Log4Shell exploit discovered in Java logging library Log4j in December 2021, it is the latest trend to sensationalize all ...
