There’s no denying it: ransomware is now big business. Entire supply chains exist where organized criminals specialize in one or more parts of the crime. The growing popularity of Ransomware-as-a-Service significantly lowers the technical bar of entry for cybercriminals. Some specializations include gaining access to credentials, penetrating hosts, identifying data, delivering encryption payloads, and accepting and distributing the ransom money.
In Q4 2021, Kroll observed a 356% increase in common vulnerabilities and exposures (CVEs) or zero-day vulnerabilities being exploited for initial access when compared to Q3 2021. With 2021 being a record year for vulnerabilities, this finding may not be surprising, but it underscores the risk to organizations in the wake of high-profile vulnerability notifications - and the speed with which cybercriminals are able to exploit weaknesses in companies’ defenses.
As part of our ongoing efforts to offer you the most comprehensive and advanced SDLC protection capabilities, JFrog continues to boost the capabilities of our Xray security and compliance product. In this blog, we offer an overview of recent Xray improvements, all aimed at helping you fortify your software, reduce risk, scale security, streamline compliance and accelerate releases with confidence.
According to Business Insider, 80% of people give up on their new year resolutions within the first 30 days. Don’t let your business and IT security goals fall into this trend, too! We’re now in February, but there’s still plenty of time to salvage your new-year goals, both your IT security and personal ones. The secret to falling into that successful 20% is to chart your resolution with clear plans on how to achieve it.
Cloud-based Kubernetes applications have become the standard for modernizing workloads, but their multi-layered design can easily create numerous entry points for unauthorized activity. To protect your applications from these threats, you need security controls at each layer of your Kubernetes infrastructure.
Last week saw the European ports were hit by a cyberattack, authorities disclosed that this was a targeted attack against Belgium, Germany, and the Netherlands. These threat actors have hit multiple oil facilities in Belgium's ports, including Antwerp, which is the second biggest port in Europe after Rotterdam. Among the impacted port infrastructure, there is the Amsterdam-Rotterdam-Antwerp oil trading hub, along with the SEA-Tank Terminal in Antwerp.
I conducted research based upon existing Python vulnerabilities and identified a common software pattern between them. By utilizing the power of our in-house static analysis engine, which also drives Snyk Code, our static application security testing (SAST) product, I was able to create custom rules and search across a large dataset of open source code, to identify other projects using the same pattern. This led to the discovery of a stored command injection vulnerability in Celery.
A recent survey conducted in 2021, states that approximately 64 percent of respondents listed data leakage or data loss as the most crucial cloud security concern. This makes selecting a cloud security solution an important decision that drives the scalability of the organization. As this may be a tricky business, we have brought to you a few considerations every CTO should take into account while selecting the cloud security solution.
Microservices architecture is a convenient way to silo different software services compared to traditional software architecture and design. However, with multiple microservices communicating amongst each other - the attack surface of the network is greatly increased. The security of such a system depends on the security of all the services. Any deviation in the system’s security ultimately undermines the integrity of the entire network.
For security teams on the front lines and those of us in the business of stopping cyberattacks and breaches, 2021 provided no rest for the weary. In the face of massive disruption brought about by the COVID-driven social, economic and technological shifts of 2020, adversaries refined their tradecraft to become even more sophisticated and brazen. The result was a series of high-profile attacks that rocked many organizations and, on their own, represented watershed moments in cybersecurity.
