Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Center for Internet Security (CIS) publishes Critical Security Controls that help organization improve cybersecurity. CIS Control 9 covers protections for email and web browsers.

As more and more businesses move towards cloud-based operations and embrace digital transformation, security is increasingly becoming an important question. As an enterprise migrates to the cloud, its assets and data resources need to be migrated as well, and that might expose the sensitive information.

The technical infrastructure of video games requires a significant level of access to private data, whether through client-server side interactions or financial data. This has led to what Computer Weekly describes as a ‘relentless’ attack on the video game industry, with attacks against game hosts and customer credentials rising 224% in 2021.

In this blog post we're excited to announce Machine ID, an easy way for developers to secure machine-to-machine communications based on X.509 and SSH certificates. But before we go deeper, let’s step back and think about what’s happening during a hacking attempt. Every security breach has two things in common. Addressing cybersecurity challenges requires a solution to both.

We are all too familiar with the ongoing war between Russia and Ukraine. Amidst this crisis, the deputy chief of Ukraine’s state service of special communications and information protection Victor Zhora quoted that his department was planning for a contingency to be ready for any Russian threat to seize sensitive government documents.

Every employee is hired to do a job, but every employee also represents potential risk to their company. In the past year, 68% of employers have noted an increase in insider attacks. The top attacks include fraud, monetary gain and IP theft and cost companies millions of dollars. One major reason for an increase in insider risk in the past year is remote work. Not only are people outside of their manager’s physical view, they are often working outside of their company’s network.

Ransomware has dominated the headlines the last couple of years. But it might surprise you to hear that another scourge—business email compromise (BEC)—accounted for 49 times more in losses in 2021. As reported in the FBI’s latest Internet Crime Report, BEC cost organizations and individuals $2.4 billion versus $49.2 million for ransomware. In fact, more than a third of total cybercrime last year can be attributed to BEC.

A new cloud phishing campaign is abusing Microsoft Azure’s Static Web Apps service to steal credentials from multiple services including Microsoft 365, Outlook, and Yahoo Mail.

We’re happy to announce the general availability of C/C++ security scanning in Snyk Open Source, enabling development and security teams to find and fix known security vulnerabilities in their C/C++ open source library dependencies. 2:21

With more than 38 percent of our customers impacted by the recently discovered Spring4 Shell zero-day vulnerability and more than 33 percent of impacted organizations having already remediated (removed) some or all their vulnerable libraries, I have been involved in many conversations over this incident.