Snyk and SaS: AI Fireside Chat
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Eight Considerations for Thwarting Malicious Packages
We’re currently seeing a concerted effort from malicious actors to attack the supply chain through intentionally malicious packages. Our recent research shows a 315 percent rise in the publication of malicious packages to open source registries such as npm and RubyGems between 2021 and the end of Q3, 2022; about 85 percent of those packages stole credentials. This trend requires an urgent shift from detection to prevention.
What You Can Do to Stop Software Supply Chain Attacks
In my previous blog post, I looked at how software supply chain attacks work and what you can do to assess and analyze your security posture. Now, let’s figure out how to use the resultant information to harden your software supply chain against threats.
Malicious Packages Special Report Overview
Malicious Packages: A Growing Threat to the Software Supply Chain The global economy runs on software applications, and their function and security are critical to every company’s success. Many applications have exploitable vulnerabilities that modern defenders struggle to effectively detect and remediate. In addition to the growing number of vulnerabilities, today’s security teams face the emerging challenge of malicious packages.
Introducing Infra as Code Security in The GitGuardian Platform
We are proud to introduce Infra as Code Security in The GitGuardian Platform. GitGuardian can now automatically scan connected GitHub or GitLab repositories for IaC template files like Terraform and CloudFormation and alert you about any misconfigurations affecting your AWS, Azure, and GCP deployments, your Kubernetes clusters, and Docker containers.
Protecting your Windows Fleet with Zero Trust
In today's increasingly remote-first business landscape, secure and efficient access to Windows desktops and servers has become more crucial than ever. Join us in this illuminating webinar as we navigate the evolving patterns and practices of remote access, and how to optimally safeguard your Windows Servers. We will spotlight common access patterns, detailing the do's and don'ts for ensuring secure access.
Unveiling Infra as Code Security in the GitGuardian Platform
Discover how GitGuardian's new Infra as Code Security capabilities empower cloud engineers and security professionals to detect, manage, and resolve IaC vulnerabilities precisely.
Kubelet vulnerabilities on Windows nodes: CVE-2023-3676, CVE-2023-3955 and CVE-2023-3893
Recently, the Kubernetes Security Response Committee disclosed three interrelated vulnerabilities affecting the Windows versions of Kubelet and the Kubernetes CSI proxy. These vulnerabilities pose a significant risk, allowing even users with limited permissions to escalate their privileges to administrator level on affected nodes.
Protecting And Recovering Cloud Load Balancers
Unlike other cloud providers that offer their own closed source backup services, AWS EKS simply recommends using open source tool, Velero. However, as one of the first companies to fully integrate with AWS EKS, CloudCasa saw a gap in the market, enabling users to still leverage the power of open source with Velero while offering a SaaS management solution for enterprises that aimed to simplify the backup process.
Securing Kubernetes in multi-cloud environments: challenges and best practices
Kubernetes has become the de facto platform for orchestrating containerized applications at scale in today’s IT landscape. Its ability to run on various platforms including on-premises, public cloud, and hybrid has made it an essential tool for many organizations. This is particularly true for companies following a multi-cloud strategy, relying on more than one vendor for their cloud computing needs.