Snyk recently discovered overt 200 malicious packages in the npm registry. While we acknowledge that vulnerability fatigue is an issue for developers, this article is not about the typical case of typosquatting or random malicious package. This article shares the findings of targeted attacks aimed at businesses and corporations that Snyk was able to detect and share the insights.

As the attack surface expands and cyber threats continue to evolve, most organizations make security awareness training a key part of their cybersecurity programs. Especially now with growing evidence that social engineering tactics reap big rewards for bad actors and cataclysmic outcomes for enterprises of every size. To wit, a study has found that 88% of all data breaches involve mistakes by employees.

Today’s escalating threat landscape means that security operations teams face a multitude of challenges. This can make it challenging for them to keep pace with the sheer scale of threats, tactics and techniques that bad actors frequently use. When you consider recent ransomware attack statistics, it is easy to see that cybercrime has intensified, with a record-breaking number of threats of increasing severity taking place year-on-year.

Learn how you can improve your application security posture by adopting best practices from the BIND 9 team. All application development teams face the same fundamental questions, from the selection of third-party components to the processes and tools that ensure resilience and security. This article describes how the ISC development team addresses security in the BIND 9 application, one of the foundational applications of the modern internet.

ThoughtLab’s newly released cybersecurity benchmark study revealed that cybersecurity is at a critical inflection point across industries.

Calico Open Source is an industry standard for container security and networking that offers high-performance cloud-native scalability and supports Kubernetes workloads, non-Kubernetes workloads, and legacy workloads. Created and maintained by Tigera, Calico Open Source offers a wide range of support for your choice of data plane whether it’s Windows, eBPF, Linux, or VPP. We’re excited to announce our new certification course for Azure, Certified Calico Operator: Azure Expert!

When relying on a 3rd-party package from a non-commercial entity, there is always the risk of lack of support, especially when it comes to outdated packages and versions. If the package stops being maintained, nobody will implement a new feature we might need or fix a newly-discovered security vulnerability. Consider, for example, CVE-2019-17571. A critical remote code vulnerability which was never fixed in Log4j 1.x, since it was not supported anymore, and only fixed in Log4j 2.x.

Many modern businesses in almost every sector of the economy are adopting the latest technologies for greater connectivity and efficiency. However, while many of these technologies offer myriad benefits, they can also create new cybersecurity vulnerabilities. While much of the focus has remained on manufacturers and how they can bolster their cybersecurity efforts, another group of businesses also needs to improve their cybersecurity.

Whether you view a data breach as your worst nightmare, or simply an inevitable occurrence for the average organisation, knowing what to do and how to respond when it happens to your organisation is critical. A well-executed response contains a crisis and stops it from snowballing, as well as helping you navigate your organisation—and your suppliers and customers—through any follow-on analysis or potential post-incident investigations.

Most companies are unconcerned about credit card theft until it happens to them. If you sell online or by e-mail, your company is more likely to go bankrupt owing to fraudulent credit card orders. Given the increased reliance on plastic money, credit card theft is extremely damaging. Even consumers, fail to take basic precautions to avoid credit card theft.