Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We are excited to announce that Nightfall DLP for GitHub now has two plans available: Pro and Enterprise. Both plans allow you to discover, classify and protect sensitive information in any GitHub organization by actively scanning your codebase for secrets, credentials, PII, and other business-critical data to notify you of data policy violations. The Enterprise plan provides the additional ability to scan the commit history of any repo within your GitHub org.

As you may have heard, a massive breach of Microsoft Exchange servers was revealed in the last several weeks. The attack is not over yet. We can always wait for another attack and blame another vendor, but when it comes to Microsoft, well, who can we rely on after that? SolarWinds, Centreon and now Microsoft Exchange… With almost 80% enterprise market share, the Exchange holds the biggest secrets of our times, and now nobody knows where they went.

Cyber-attacks are commonly viewed as one of the most severe risks to worldwide security. Cyber-attacks are not the same as they were five years back in aspects of availability and efficiency. Improved technology and more efficient offensive techniques provide the opportunity for cybercriminals to initiate attacks on a vast scale with a higher effect. Intruders employ new methods and launch more comprehensive strategies based on AI to compromise systems.

The Cyber kill chain, also called CKC, is a phase based cybersecurity model developed by Lockheed Martin. It is co-opted from the military term ‘kill-chain’ used to break down the structure of an attack. The team developed the model to help security teams understand with break down of an externally originated attack into seven different steps. It helps teams to learn how cyber attacks work and help prepare the defensive controls of an organisation.

We’re pleased to announce support for viewing all of your Snyk Infrastructure as Code (Snyk IaC) configuration issues in the reporting functionality of the Snyk platform.

A managed cloud service handles the complexity of cloud-based IT infrastructure so that in-house teams can continue working towards their business goals. Businesses looking to scale their operations need increasingly sophisticated IT environments. Cloud computing allows teams to do exactly that, yet a decision still needs to be made over who manages the cloud environment; managed cloud service providers fill this gap.

The personal information of over 500 million Facebook users has been published on a hacker forum on the dark web. To put the impact into perspective, in 2019, the population of the entire United States was 328.2 million. This data was stolen in 2019 after a vulnerability in Facebook’s ‘Add Friend” function was exploited.

Asset management is a tricky subject. In many cases, organizations have no idea about how many assets they have, let alone where they are all located. Fortunately, there are tools that can assist with reaching your asset management goals. While Tripwire Enterprise (TE) is great for detecting unauthorized changes on your system and also for ensuring your systems are hardened (as well as stay hardened), you must first get a handle on managing the assets that you’re monitoring.

Since the release of CVE-2020-8554 on GitHub this past December, the vulnerability has received widespread attention from industry media and the cloud security community. This man-in-the-middle (MITM) vulnerability affects Kubernetes pods and underlying hosts, and all Kubernetes versions—including future releases—are vulnerable. Despite this, there is currently no patch for the issue.