Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

My analysis of this year’s newly-released Verizon Data Breach Investigations Report begins with ransomware findings that point back to users as a big problem. If you only read one report each year to give you an idea of what’s going on with cyber attacks, it’s Verizon’s Data Breach Investigations Report (DBIR). Each year, analysts sort through tens of thousands of data breach incidents (some successful, some not) and identify the attack patterns.

A Chinese-speaking phishing gang has expanded its targeting from the Asia-Pacific region to the Middle East, researchers at Group-IB have found. The gang, which the researchers call “PostalFurious,” impersonated a toll operator and a postal service in the Middle East.

Scattered across the internet are jigsaw puzzle pieces containing your personal information. If reassembled by an attacker, these puzzle pieces could easily compromise your identity. Our returning guest today is Len Noe, CyberArk’s resident transhuman (a.k.a. cyborg), whose official titles these days are Technical Evangelist, White Hat Hacker and Biohacker.

The University of Rochester is a mid-sized school in New York State. It was founded in 1850 and has more than 12,000 students overall. The school maintains over 30,000 staff members overall and manages a large amount of data for all those individuals. Since data is largely digital today, the school is a major target for data breaches and identity theft. With breaches becoming so common today, it's not surprising the school suffered from a recent breach.

Enterprise software applications are sophisticated, incorporating various technologies and featuring complex integrations with third-party software applications and systems. Any security vulnerability in software components can bring severe consequences to the organization. That’s why it is critical to effectively manage application vulnerabilities. This article explores application vulnerability management, discussing its importance and best practices.

Patch management is the centralized control and automation of the patch deployment process — deploying patches — to multiple devices, operating systems, firmware, software and hardware endpoints in the IT network. But vulnerabilities are increasing at unseen rates. Over 65,000 new vulnerabilities in existing IT systems were discovered in 2022, which is a 21% increase from 2021. And that makes patch management all the more important.

We are excited to announce that Snyk Learn, our developer-first cybersecurity education platform, is now aligned with the National Institute of Standards and Technology's (NIST) National Initiative for Cybersecurity Education (NICE) Framework.

Modern applications are built, deployed and, run in increasingly complex and dynamic environments. Assessing and prioritizing the security issues introduced by these applications without taking this context into account inevitably leads to focusing remediation efforts on the wrong set of issues. This not only results in real risk slipping under the radar but also wastes the valuable time of developers, increasing their frustration and eroding their trust in security.

As we approach the second half of 2023, both security and development teams are seeing seismic shifts in the application security world. DevOps practices continue to evolve, meaning that developers are introducing code more and more rapidly, andwith the help of AI, developers of all kinds are able to create code faster than ever. Plus, apps aren’t just made up of first-party code and third-party dependencies anymore.