Open Policy Agent, or OPA, has emerged as an industry standard for cloud-native authorization and policy as code. From 2018 to now, it has grown from being a Cloud Native Computing Foundation (CNCF) sandbox project into a fully mature, graduated CNCF project, deployed by many of the largest organizations in the world. (For just the tip of the iceberg, here is a list of users who have made their adoption of OPA public).

This is the first Feature Byte in the AIOps series. The idea of the Feature Byte series is to talk about key operational tasks and processes in AIOps, and how CloudFabrix Data-Centric AIOps platform features help implement such tasks. Look for more such feature bytes over the next few weeks.

Snyk security researchers continually monitor open source ecosystems for malicious packages, utilizing static analysis techniques to identify and flag suspicious packages. Each malicious package is identified upon publication to the package manager and swiftly added to the Snyk Vulnerability Database. During recent research, the team found 12 unique pieces of malware belonging to the same actor.

Let us start by defining Penetration Testing as a Service (also known as PTaaS) because there are several different definitions and variations being used throughout the industry. Some of the similarities include: This is where AT&T starts to differentiate itself from competitors. This next part we believe to be critical: There is a misconception about Penetration Testing as a Service, that it devalues the quality of testing.

CrowdStrike is proud to receive Frost & Sullivan’s 2022 Global Technology Innovation Leadership Award in the endpoint security sector. This recognition reflects CrowdStrike’s continued investment to drive innovation and deliver more value to its customers through its industry-leading Falcon platform.

Security researchers at Feroot are warning application security professionals of the client-side security risk associated with unprotected cookie structures. Because cookies are so ubiquitous with all website types—from e-commerce and banking to social networks and SaaS applications—organizations need to be aware of the privacy and data exploitation risks associated with poor cookie security.

Malware attacks are escalating. For example, there were 57 million IoT malware attacks in the first half of 2022, a staggering 77% increase year to date. Unfortunately, traditional signature-based antivirus and sand-boxing technologies are insufficient against today’s sophisticated attacks. In particular, advanced persistent threat (APT) viruses, Trojan malware and zero-day malware often evade these defenses.

A port can be defined as a communication channel between two devices in computer networking. So, are there any security risks connected to them? An unwanted open port can be unsafe for your network. Open ports can provide threat actors access to your information technology (IT) environment if not sufficiently protected or configured correctly. Case in point: in 2017, cybercriminals exploited port 445 to spread WannaCry ransomware.

There’s a glimmer of good news amid the ever-evolving IT threat landscape – although it’s come about as a result of worrying illegal activity. Even though recent changes to data privacy laws have placed consumers in control of their personal information, the Federal Trade Commission (FTC) has found that some apps are, in fact, collecting data they don’t need.

Deploying security automation is hard if the criteria for success is beyond the scope of ticketing workflow. But the barrier of automation deployment has never been lower with the advent of so many Security Orchestration, Automation, and Response (SOAR) platforms now available to select from in the market and how attractive purchasing automation in a box (or in the cloud) is.