With the outbreak of the pandemic, companies and institutions around the world have fallen prey to cybercriminals who have lured their victims through COVID-19. During the first four months of 2020, INTERPOL detected 907,000 cases of spam emails, 737 malware incidents, and 48,000 malicious URLs, all received by just one company, using coronavirus as bait.
There’s no denying it: ransomware is now big business. Entire supply chains exist where organized criminals specialize in one or more parts of the crime. The growing popularity of Ransomware-as-a-Service significantly lowers the technical bar of entry for cybercriminals. Some specializations include gaining access to credentials, penetrating hosts, identifying data, delivering encryption payloads, and accepting and distributing the ransom money.
In Q4 2021, Kroll observed a 356% increase in common vulnerabilities and exposures (CVEs) or zero-day vulnerabilities being exploited for initial access when compared to Q3 2021. With 2021 being a record year for vulnerabilities, this finding may not be surprising, but it underscores the risk to organizations in the wake of high-profile vulnerability notifications - and the speed with which cybercriminals are able to exploit weaknesses in companies’ defenses.
As part of our ongoing efforts to offer you the most comprehensive and advanced SDLC protection capabilities, JFrog continues to boost the capabilities of our Xray security and compliance product. In this blog, we offer an overview of recent Xray improvements, all aimed at helping you fortify your software, reduce risk, scale security, streamline compliance and accelerate releases with confidence.
According to Business Insider, 80% of people give up on their new year resolutions within the first 30 days. Don’t let your business and IT security goals fall into this trend, too! We’re now in February, but there’s still plenty of time to salvage your new-year goals, both your IT security and personal ones. The secret to falling into that successful 20% is to chart your resolution with clear plans on how to achieve it.
Cloud-based Kubernetes applications have become the standard for modernizing workloads, but their multi-layered design can easily create numerous entry points for unauthorized activity. To protect your applications from these threats, you need security controls at each layer of your Kubernetes infrastructure.
Last week saw the European ports were hit by a cyberattack, authorities disclosed that this was a targeted attack against Belgium, Germany, and the Netherlands. These threat actors have hit multiple oil facilities in Belgium's ports, including Antwerp, which is the second biggest port in Europe after Rotterdam. Among the impacted port infrastructure, there is the Amsterdam-Rotterdam-Antwerp oil trading hub, along with the SEA-Tank Terminal in Antwerp.
I conducted research based upon existing Python vulnerabilities and identified a common software pattern between them. By utilizing the power of our in-house static analysis engine, which also drives Snyk Code, our static application security testing (SAST) product, I was able to create custom rules and search across a large dataset of open source code, to identify other projects using the same pattern. This led to the discovery of a stored command injection vulnerability in Celery.
