As businesses and health organizations seek to strengthen cybersecurity, they’re turning frequently to compliance frameworks to help prioritize, guide, and improve decision-making and implementation. Two of the more popular compliance frameworks are the NIST CSF and the ISO 27001. For IT teams seeking to better understand the difference between these frameworks, as well as which is the ideal tool for their business, here’s what to know.
There’s no denying it: ransomware is now big business. Entire supply chains exist where organized criminals specialize in one or more parts of the crime. The growing popularity of Ransomware-as-a-Service significantly lowers the technical bar of entry for cybercriminals. Some specializations include gaining access to credentials, penetrating hosts, identifying data, delivering encryption payloads, and accepting and distributing the ransom money.
It's somehow fitting that Groundhog Day and tax scam season overlap. Much like the 1993 Bill Murray film where he repeatedly experienced the same day, tax season scammers come out of their hole every year at the same time and tend to use the same attack methods against organizations and regular taxpayers. These scammers stick to these tried-and-true methods because they still work.
Today, we’re excited to announce a partnership with Sysdig to provide container and Kubernetes security together — from code to cluster. Together, Snyk and Sysdig can help developers secure code and containers in development, protect the runtime Kubernetes environment, and deliver feedback and visibility from production back to developers, eliminating the noise of container vulnerabilities.
With the outbreak of the pandemic, companies and institutions around the world have fallen prey to cybercriminals who have lured their victims through COVID-19. During the first four months of 2020, INTERPOL detected 907,000 cases of spam emails, 737 malware incidents, and 48,000 malicious URLs, all received by just one company, using coronavirus as bait.
In Q4 2021, Kroll observed a 356% increase in common vulnerabilities and exposures (CVEs) or zero-day vulnerabilities being exploited for initial access when compared to Q3 2021. With 2021 being a record year for vulnerabilities, this finding may not be surprising, but it underscores the risk to organizations in the wake of high-profile vulnerability notifications - and the speed with which cybercriminals are able to exploit weaknesses in companies’ defenses.
Everybody’s talking about securing the DevOps pipeline and shifting security left.. AppSec tools like SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and others that address issues in proprietary software have become staples of the developer’s security toolbox.
