The latest video in our Snyk Partner Speak Series showcases how Snyk and Dynatrace bring complementary capabilities to different parts of the DevSecOps lifecycle. Check it out and learn how the integration enables organizations to observe, investigate, fix, and govern with a single solution. The Snyk DevSecOps Lifecycle Coverage App is the newest milestone in the Snyk and Dynatrace strategic alliance.
In a climate where companies largely gain attention only when something negative happens, it’s time to celebrate and recognize the companies who are best in class when it comes to cybersecurity. That’s why we applaud Forbes’ decision to produce the industry’s first list of America’s Most Cybersecure Companies. These companies illuminate how cybersecurity is being taken seriously as a core business issue.
While some of the obvious misuse of ChatGPT in the world of cyber security was not unexpected – asking the artificial intelligence to write harder-to-detect malware and easier-to-convince phishing emails – a new threat has emerged that can leverage the very nature of the large language model. Ultimately, ChatGPT is a learning machine, and bases its answers on information it sources from the Internet.
When most people think about social media and cybersecurity, they typically think about hackers taking over Instagram accounts or Facebook Messenger scammers taking private information. It’s for good reason that this is top-of-mind. The Identity Theft Resource Center’s 2022 Consumer Impact Report revealed that social media account takeovers have grown by 1,000% in one year.
Box is a content cloud that helps organizations securely manage their entire content lifecycle from anywhere in the world, powering over 67% of Fortune 500 businesses. As a cloud-first SaaS, the company provides customers with an all-in-one content solution within a highly secure infrastructure, where organizations can work on any content, from projects and contracts to Federal Risk and Authorization Management Program (FedRAMP)-related content.
Contrary to stereotype, today’s cyberattacks aren’t limited to complex tactics such as the use of zero-day exploits or polymorphic malware that flies under the radar of traditional defenses. Instead of going the extra mile to set such schemes in motion, most threat actors take a shortcut and piggyback the human factor.
On June 7th, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory highlighting the recent efforts of threat actors to disseminate CL0P ransomware. The various malicious indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) being leveraged by the threat actors are listed in US-CERT Alert (AA23-158A) – CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.
The GNU General Public License (GPL) is one of the most widely used open source software licenses. It was created by the Free Software Foundation (FSF) to protect the GNU’s software from being made proprietary. The GPL emphasizes the principles of software freedom and promotes the sharing of knowledge and collaboration. It is a copyleft license that requires any modified versions or derivative works to be licensed under the GPL.
NOTE: The MOVEit Transfer vulnerability remains under active exploitation, and Kroll experts are investigating. Expect frequent updates to the Kroll Cyber Risk blog as our team uncovers more details. On June 5, 2023, the Clop ransomware group publicly claimed responsibility for exploitation of a zero-day vulnerability in the MOVEit Transfer secure file transfer web application (CVE-2023-34362).
