Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A list of 18 procedures (reduced from 20), or “controls,” recommended by the Center for Internet Security (CIS), must be followed to build an IT infrastructure resistant to cyberattacks. The CIS 4th Control advises to establish and maintain a secure configuration process for enterprise assets (end-user devices, including portable and mobile; non-computing/IoT devices; and servers) and software (operating systems and applications) (4.1).

Small business owners often have to wear many hats to keep their businesses up and running. As these businesses move forward and grow in size, not only do the responsibilities build up, but so does the risk of cybercrime. For small businesses, a password manager is essential as it guarantees secure password sharing, simplifies onboarding and offboarding employees and more.

With over 90 thousand different state and local governments across the U.S., creating a unified approach to cybersecurity and defending all of these counties, cities, territories, states, and commonwealths is not only in each of their interests, but the national interest as well.

Cyberattacks consistently hit the headlines throughout the year, and they aren’t expected to slow down any time soon. While the intensity and impact change from one attack to the other, there are always a few that rank the highest in terms of size. We looked at the five biggest cyberattacks of 2022 and how they influenced users around the globe.

The customer experience at the world’s biggest banks and fintech firms is undergoing a significant change. Because of technological advancements, account users may now not only transfer money online but also log in using Identity Verification using face match technology and do a variety of operations using simply their smartphone and its front camera. Technology in this area has made things faster, easier, and safer during the last decade.

The popularity of serverless architectures continues to grow as organizations seek ease of scalability and to eliminate the need to provision and manage infrastructure. In fact, in our most recent State of Serverless report, we found that more than half of our customers have adopted serverless technologies offered by Azure, Google Cloud, and AWS.

At this year’s AWS re:Invent conference, Snyk’s VP of Product Marketing, Ravi Maira, spoke with Omar Peerzada, Cyber Security Architect at Neiman Marcus, about how his team transitioned from older security practices to a developer-first security strategy. Watch the full talk now, or keep reading for the highlights.

That’s an excerpt from the fact sheet accompanying the May 2021 Executive Order on Improving the Nation’s Cybersecurity (EO). It refers to one of seven ambitious measures in the EO: shoring up security of that notorious playground for hackers, the software supply chain. Knowing that organizations lack visibility into the components that comprise their connected assets, bad actors can have a field day exploiting vulnerabilities to penetrate networks and take control.

On the 12th of December 2022, Fortinet published an advisory regarding an actively exploited remote code execution vulnerability affecting FortiOS through the SSL VPN service. Fortinet has stated that they are aware of at least one instance where this vulnerability was successfully exploited in the wild, though other undocumented cases may exist. The threat actors leveraged the vulnerability to deploy malicious files on the filesystem of affected devices.

In recent times it has become clear to organizations that the handling of data is a very important matter, as the exposure or misuse of data are both a serious threat to an organization's financial standing and reputation, and must be accounted for in each organization's risk posture. In terms of high-profile data breaches, this year has been no different than previous years, seeing its fair share of ransomware attacks and data exposure.