ASPM Zen
A biweekly newsletter powered by Cycode.

ASPM Zen

Volume 1, Issue 12

SECURITY ALERT: OpenSSH Vulnerability CVE-2024-6387

Just a few days ago, a critical security vulnerability was discovered in OpenSSH server. Identified as CVE-2024-6387, this vulnerability is estimated to affect 1 in 3 OpenSSH servers. Dubbed “RegreSSHion,” this vulnerability enables remote unauthenticated code execution, potentially allowing attackers to gain unauthorized access and control over affected systems.

Because the vulnerability is so widespread, it poses a significant threat to millions of systems globally. Organizations need to act quickly to ensure that all vulnerable instances of this library are updated to a secure version. 

We recommend the following mitigation measures to protect against CVE-2024-6387:

  1. Monitor Systems: Implement ASPM processes for robust monitoring and detection of used OpenSSH servers in the organization. As we show below, this is done through extensive SBOM capabilities and code analysis capabilities from code to cloud.
  2. Update OpenSSH: The OpenSSH development team has released a patch addressing this issue. Users and administrators are strongly urged to update their OpenSSH server to version 9.8p1 or later. For more information, see OpenSSH security.
  3. Set LoginGraceTime to 0: If the OpenSSH server can’t be updated, an alternative mitigation is to set the “LoginGraceTime” configuration value to “0” in the OpenSSH config file and restart the “sshd” service. Setting this value can expose the server to denial of service but prevents the risk of remote code execution.
  4. Network Segmentation: Limit SSH access to trusted networks and users to reduce exposure.

To learn more about CVE-2024-6387, including steps you can take to eliminate this risk and how Cycode can automate this process, read our blog now.

Cycode Named in the Gartner® Hype Cycle™ for Platform Engineering, 2024 Report

We are excited to announce that Cycode has been recognized as a Sample Vendor for Software Supply Chain Security in the Gartner Hype Cycle for Platform Engineering, 2024 report. 

Gartner defines software supply chain security as, “the set of processes and tools used to curate, create and consume software in ways that mitigate attacks against software or its use as an attack vector. Curation focuses on assessing risks of third-party software and assessing its acceptability. Creation focuses on secure development and the protection of software through verification, provenance and traceability.”

We are grateful for this recognition from Gartner. We believe it acknowledges our contribution to innovating and advancing software supply chain security as part of our complete ASPM platform. To learn more about the report and this announcement, please read our blog now.

Code Resilience in the Age of ASPM Book and Virtual Event

Code Resilience in the Age of ASPM


Two weeks ago we launched our very own book, Code Resilience in the Age of ASPM. The book was conceptualized and developed in response to the rapid technological advances that are shifting how organizations approach cybersecurity: AI, pipeline hygiene, cloud-native development, open-source software, and much more. It is a great resource for any security professional looking to make a meaningful impact on organizations risk. 

This book contains interviews from 20 leading CISOs, security professionals, and DevSecOps practitioners. Our expert contributors are industry leaders from global enterprise companies like  Cisco Meraki, TikTok, Atlassian, HPE, the NFL, and more.

The book was such a success that we decided to host a virtual event with some of our key contributors.

On July 18, 2024 at 11AM ET | 8AM PT, we are hosting a virtual extravaganza: A Discussion on the Future of Code Resilience with the World’s Top CISOs.

This must-attend event has an all-star lineup and will pack the punches when it comes to AppSec insights. Our experts will discuss:

  • CISO-tested frameworks on code security from some of the world’s most complex organizations 
  • Unfiltered insights and advice on balancing speed, innovation, developer productivity and compliance with application security
  • Their personal view of the future, including predictions for how code security is evolving and strategies for the threats of tomorrow

Note: We do have a very limited stash of hard cover editions of our book available to the first 30 registrants, but you must register now to request your copy.

Black Hat USA

We’re midway through July, which means that Black Hat USA is almost here! We love meeting up in person and we’d love to show you how our Complete ASPM can bring you Peace of Mind.

Here are all the ways you can meet up with us in real life!

  • Stop by booth #3008 for a cool, refreshing treat that you can enjoy it in our Zen Zone
  • See a demo of Cycode's Complete ASPM with one of our experts
  • Meet with our executives Lior Levy, Ronen Slavin, Seth Robbins, and Ronen Shetelboim in our private suite
  • Join our ASPM Book & Breakfast: Coffee Talk with Authors and receive a free copy of our "Code Resilience in the Age of ASPM" book
  • Schedule meetups with the team outside of the exhibit hall

Click here for more information!

Gartner Peer Insights: A Great ASPM Tool

Gartner Peer Insights is a great resource when shopping for new software solutions like a Complete ASPM platform. Gartner Peer Insights allows users to give their unfiltered opinion on the software they use every day. It is an great resource for anyone who wants to get the inside scoop on different tech from the people who know them best. 

Did you know that Cycode is the leading ASPM vendor on Gartner Peer Insights

Our customers have said we deliver “an impressive array of different features for DevSecOps and security scanning.” We also get top marks for responsiveness. “Compared to other vendors I've found Cycode to be honest and quick to respond, which is refreshing.” We are proud to “close gaps and improve our [customers’] security posture.” Finally, if you’re looking for complete solution, Cycode is a “intuitive, easy to use, single source of truth ASPM platform.”

Gartner Peer Insights Review of Cycode.

 

AppSec Secrets Webinar Series on Demand

AppSec Secrets Webinar Series.

Did you miss our latest webinar, “CISOs Guide to Cyber Resiliency: Security, Speed & Innovation with ASPM”? Never fear. You can watch all our our webinars on demand! 

From the State of ASPM to pipeline security to secrets in code, we are here to keep you informed on the latest advancements in AppSec. Wath our full video series here at AppSec Secrets.

Additional Resources

Interested in learning more? We have a lot of ASPM related resources. Check them out: 

Subscribe Today

Subscribe to our newsletter today and follow us on LinkedIn to be the first to receive ASPM-related insights and upcoming research straight to your inbox. By subscribing, you’ll gain insider knowledge on ASPM and the latest developer security trends to ensure you are always up to date on how to effectively reduce your organization’s AppSec risk. 

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics