Most people are fairly good at reading, but not enough are good at reading between the lines. More often than not, there are certain things hidden in plain sight that may not catch your attention. The eyes of a system administrator are often glued to tasks like system maintenance and user administration. When engaged in many tasks at once, it is only human to overlook a few things like patch and antivirus updates, but it can cost an organization dearly in terms of data security.

As organizations have accelerated their plans to better enable dispersed workforces in a post-pandemic reality, many technology decision-makers are broadly rethinking their network architectures. Inevitably their discussions lead to comparisons and debates over both software-defined wide area network (SD-WAN) and secure access service edge (SASE) technologies.

The end is in sight. You’ve decided to leave your job and have already handed in your notice. You’re finishing up some final projects and, before too long, will be saying one last goodbye to your coworkers.

Today, we’re excited to announce a partnership with Sysdig to provide container and Kubernetes security together — from code to cluster. Together, Snyk and Sysdig can help developers secure code and containers in development, protect the runtime Kubernetes environment, and deliver feedback and visibility from production back to developers, eliminating the noise of container vulnerabilities.

Everybody’s talking about securing the DevOps pipeline and shifting security left.. AppSec tools like SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and others that address issues in proprietary software have become staples of the developer’s security toolbox.

Adversaries are moving beyond malware and becoming more sophisticated in their attacks by using legitimate credentials and built-in tools to evade detection by traditional antivirus products. According to the CrowdStrike 2022 Global Threat Report, 62% of detections indexed by the CrowdStrike Security Cloud in Q4 2021 were malware-free.

As developers we all have our morning startup routine: make coffee, check slack/discord/email, read the latest news. One thing I do as part of my daily startup routine is check the Snyk vulnerability database for the latest open source vulnerabilities. It’s been especially interesting to see the types of exploits and vulnerabilities that appear in different ecosystems. For example, since May 2021 I’ve been watching the emergence of vulnerabilities in Tensorflow libraries.

Viruses, worms, ransomware — even the least tech-savvy among us know what these are, and want to avoid them if at all possible. What do they all have in common (besides the fact that they can lock up your devices and attempt to steal your data)? They all fall under the malware umbrella.

Many low-code applications are built for the purpose of moving data from one place to another usually as a result of some external trigger, such as the arrival of a new email message. In the case of an email-triggering low-code application, if low-code security best practices are not strictly followed, attackers may abuse the application to set rogue automated email forwarding rules, which can be used to steal data, impersonate as corporate users and mount phishing campaigns.

It's somehow fitting that Groundhog Day and tax scam season overlap. Much like the 1993 Bill Murray film where he repeatedly experienced the same day, tax season scammers come out of their hole every year at the same time and tend to use the same attack methods against organizations and regular taxpayers. These scammers stick to these tried-and-true methods because they still work.