Every organization runs at different levels of acceptable risk. When a SIEM rule generates an alert one company might deem it a critical risk while another will shrug it off as business as usual. Knowing how your organization runs and understanding your security posture can bring you improved cyber situational awareness.

New threats arise every day, and malicious actors move faster than ever before. Staying ahead of attacks requires cybersecurity teams to be armed with continuously updated intelligence, and empowered to move at machine speed in response to new threats.

Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.

Easily control who can provision and access your critical AWS resources while improving security and compliance. Watch this webinar as Allen Vailliencourt from Teleport discusses how to.

In this video, we'll look at how to connect Teleport to Microsoft SQL Server with Active Directory authentication. We'll also be exploring Teleport's RBAC system, Audit logs, as well as how to connect a GUI like Azure Data Studio, SSMS, or Datagrip to our database via Teleport. Some of the mentioned resources may already be set up or active in your environment. If so, feel free to utilize the timestamps below to maximize your situation.

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.

The Arctic Wolf Labs team recently investigated a Lorenz ransomware intrusion, which leveraged a Mitel MiVoice VOIP appliance vulnerability (CVE-2022-29499) for initial access and Microsoft’s BitLocker Drive Encryption for data encryption. Lorenz is a ransomware group that has been active since at least February 2021 and like many ransomware groups, performs double-extortion by exfiltrating data before encrypting systems. Over the last quarter, the group has primarily targeted small and medium businesses (SMBs) located in the United States, with outliers in China and Mexico.

Writing riskless code is challenging, and the cost of deploying vulnerable code can be extremely high. But detecting issues before they hit production can reduce costs and user pain. Both Snyk and Codecov work to help developers catch issues in your codebase before they become problems. Join members from Snyk and Codecov going over everything you need to know to understand how to de-risk code.

As globalization takes shape and government regulations defy borders, the issue of compliance risk remains a top-level business issue. Growing concerns over consumer privacy and data security have prompted a rush of legislation intended at holding corporations more accountable for maintaining and sharing the information they collect about consumers.