Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The rise of emerging open-source threats presents a growing risk to organizations as attackers increasingly exploit vulnerabilities in widely used libraries, frameworks, and tools. In fact, most Software Composition Analysis (SCA) tools on the market today are unable to keep up with the volume of new overtly malicious activities in the open-source ecosystem.

On November 12th, 2024, at the Pavilion Hotel in Kuala Lumpur, Snyk’s Field CTO, Pas Apicella, delivered an insightful presentation at the Digital Banking Asia Summit 2024 in Malaysia. Titled, ‘Securing the Digital Future: Best Practices for Application Security in Digital Banking’, his talk focused on actionable strategies to address pressing challenges in the financial services industry.

SAQ A-EP is a key focus of the Payment Card Industry Data Security Standard (PCI DSS) version 4, which introduces changes affecting merchants. Designed for e-commerce merchants who partially outsource their payment processing but have website elements impacting transaction security, SAQ A-EP ensures compliance with these updated requirements. This article clarifies these changes and outlines the top 5 actions SAQ A-EP merchants should take before March 31, 2025.

Credential phishing attacks surged by 703% in the second half of 2024, according to a report by SlashNext. Phishing attacks overall saw a 202% increase during the same period. “Since June, the number of attacks per 1,000 mailboxes each week has increased linearly,” the researchers write. “Currently, we are capturing close to one advanced attack per mailbox each week. As we reach the 1,000 threshold, this translates to nearly one advanced attack for every single mailbox each month.

In today’s rapidly evolving cybersecurity landscape, businesses face an ever-growing number of threats. From sophisticated malware attacks to data breaches, staying ahead of cybercriminals can feel like a daunting task. One essential tool in defending your organization is a Security Information and Event Management (SIEM) system.

In this blog post, we will introduce the concept of behavioral Cloud Application Detection & Response (CADR). In case this is the first time you have heard of CADR, we’ll start by explaining that concept and explain why it’s essential for protecting modern applications. Let’s go.

In August 2022, LastPass suffered a data breach with escalating impact, ultimately resulting in a mass user exodus toward alternative password manager solutions. This post provides an overview of the timeline of events during the LastPass cyber attack and critical lessons to help you avoid suffering a similar fate. Learn how UpGuard streamlines Vendor Risk Management >

It only takes seconds for a normal workday to turn disastrous. No matter what industry you’re in, handling your IT obligations is crucial. A single data breach costs an average of $4.5 million to overcome. Many people choose to outsource these responsibilities, but not everyone knows how to find the right provider. This is especially true when looking for an MSSP vs MSP. Knowing the difference can help you make the best decision for your IT operations and overall business security.

If you thought PCI DSS 4.0.1 was just a minor tweak to the old requirements, think again. 2025 is here, and it’s clear that many SAQ A-EP merchants are still missing critical steps needed to stay compliant. In fact, we noticed that over 90% of SAQ A-EP merchants aren’t aware that they need to implement new technical measures to address Requirements 6.4.3 and 11.6.1.