Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cloud Threats Memo: Manage Your Leaky Public Cloud Misconfigurations

A new day, a new wave of S3 leaks… Cloud misconfigurations continue to be a major concern for organizations and a constant source of data leaks. A recent report by IBM has revealed that misconfigurations are behind two-thirds of cloud security incidents.

Introducing the Security Visionaries Podcast

I am often asked what has changed and what will need to change most about cybersecurity in the next few years, especially as we come out the other side of a global pandemic that upended all kinds of plans. But let’s start by level-setting: the grand strategy for security—protect data—hasn’t changed. It’s the tactics that have changed, and more importantly, must continue to change.

Snyk joins OpenSSF: Tackling open source supply chain security with a developer-first approach

I’m excited to share that Snyk has joined the Linux Foundation’s expanded support of the Open Source Security Foundation (OpenSSF) as a premier member alongside Microsoft, Google, Cisco, Facebook, Intel, VMware, Red Hat, Oracle, and others. As Snyk’s mission is to enable developers to develop fast while staying secure, we believe that this cross-industry collaboration is critical to the future of software development and improving the security of open source.

Securing S3 bucket configuration and access with Snyk & Solvo

Solvo is empowering developers and DevOps engineers by enabling them to run their cloud infrastructure with least privilege access, at speed and scale. In this article, we’ll go through a workflow combining Solvo’s automatic platform with Snyk Infrastructure as Code (Snyk IaC) to create customized and secured access from a Lambda function to an AWS S3 bucket. This blog was originally posted on the Solvo website.

8 Different Ways to Bypass SSL Pinning in iOS application

SSL Pinning is a technique that we use on the client-side to avoid a man-in-the-middle attack by validating the server certificates. The developers embed (or pin) a list of trustful certificates to the client application during development, and use them to compare against the server certificates during runtime. If there is a mismatch between the server and the local copy of certificates, the connection will simply be disrupted, and no further user data will be even sent to that server.

What is Open Source Intelligence?

Open source intelligence (OSINT) is the process of identifying, harvesting, processing, analyzing, and reporting data obtained from publicly available sources for intelligence purposes. Open source intelligence analysts use specialized methods to explore the diverse landscape of open source intelligence and pinpoint any data that meets their objectives. OSINT analysts regularly discover information that is not broadly known to be accessible to the public.

Ask SME Anything: What's the difference between Zero Trust and ZTNA?

Zero Trust and Zero Trust Network Access (ZTNA) are often mixed up. In this Ask SME (Subject Matter Expert) Anything Video, Netskope’s Jin Daikoku walks through how Zero Trust, as a principle, can guide your security strategy, and how a ZTNA solution fits under this principle to help enable your users and secure internal resources.

Embracing Developer-First Practices for the Cloud Era with Snyk Founder and President Guy Podjarny

In this video, Guy Podjarny, Founder of Snyk discussed the importance of embracing developer-first practices for the cloud era. Guy also shared Snyk's unshakeable dedication to developer and security teams as well as its original vision.

Finding Patterns in the Chaos With User and Entity Behavior Analytics (UEBA)

There’s a great scene in the 1997 film “Contact” where the protagonist Dr. Eleanor Arroway, played by Jodie Foster, is informed that her lab’s funding has just been revoked. Arroway’s lab partner explained that the government lost faith in the project due to concerns of her engaging in questionable activities, such as watching static on TV for hours.