With the outbreak of the pandemic, companies and institutions around the world have fallen prey to cybercriminals who have lured their victims through COVID-19. During the first four months of 2020, INTERPOL detected 907,000 cases of spam emails, 737 malware incidents, and 48,000 malicious URLs, all received by just one company, using coronavirus as bait.
There’s no denying it: ransomware is now big business. Entire supply chains exist where organized criminals specialize in one or more parts of the crime. The growing popularity of Ransomware-as-a-Service significantly lowers the technical bar of entry for cybercriminals. Some specializations include gaining access to credentials, penetrating hosts, identifying data, delivering encryption payloads, and accepting and distributing the ransom money.
In Q4 2021, Kroll observed a 356% increase in common vulnerabilities and exposures (CVEs) or zero-day vulnerabilities being exploited for initial access when compared to Q3 2021. With 2021 being a record year for vulnerabilities, this finding may not be surprising, but it underscores the risk to organizations in the wake of high-profile vulnerability notifications - and the speed with which cybercriminals are able to exploit weaknesses in companies’ defenses.
As part of our ongoing efforts to offer you the most comprehensive and advanced SDLC protection capabilities, JFrog continues to boost the capabilities of our Xray security and compliance product. In this blog, we offer an overview of recent Xray improvements, all aimed at helping you fortify your software, reduce risk, scale security, streamline compliance and accelerate releases with confidence.
According to Business Insider, 80% of people give up on their new year resolutions within the first 30 days. Don’t let your business and IT security goals fall into this trend, too! We’re now in February, but there’s still plenty of time to salvage your new-year goals, both your IT security and personal ones. The secret to falling into that successful 20% is to chart your resolution with clear plans on how to achieve it.
Cloud-based Kubernetes applications have become the standard for modernizing workloads, but their multi-layered design can easily create numerous entry points for unauthorized activity. To protect your applications from these threats, you need security controls at each layer of your Kubernetes infrastructure.
I conducted research based upon existing Python vulnerabilities and identified a common software pattern between them. By utilizing the power of our in-house static analysis engine, which also drives Snyk Code, our static application security testing (SAST) product, I was able to create custom rules and search across a large dataset of open source code, to identify other projects using the same pattern. This led to the discovery of a stored command injection vulnerability in Celery.
A recent survey conducted in 2021, states that approximately 64 percent of respondents listed data leakage or data loss as the most crucial cloud security concern. This makes selecting a cloud security solution an important decision that drives the scalability of the organization. As this may be a tricky business, we have brought to you a few considerations every CTO should take into account while selecting the cloud security solution.
Microservices architecture is a convenient way to silo different software services compared to traditional software architecture and design. However, with multiple microservices communicating amongst each other - the attack surface of the network is greatly increased. The security of such a system depends on the security of all the services. Any deviation in the system’s security ultimately undermines the integrity of the entire network.
