Onna Technologies, a data centralization software company, integrates security across every facet of their development process by using Snyk and Sysdig. We recently sat down with Onna’s Brent Neal (Director of Security), Mike Hoffman (Lead Security Engineer), and Andrew Leeb (Senior Software Engineer) to discuss data protection and compliance, cloud security priorities, and the benefits using Snyk and Sysdig for complete end-to-end container security.

The Arctic Wolf Labs team recently investigated a Lorenz ransomware intrusion, which leveraged a Mitel MiVoice VoIP appliance vulnerability (CVE-2022-29499) for initial access and Microsoft’s BitLocker Drive Encryption for data encryption. Lorenz is a ransomware group that has been active since at least February 2021 and like many ransomware groups, performs double-extortion by exfiltrating data before encrypting systems.

Much of online education directed at students focuses on internet safety and privacy – and rightfully so. But it’s important that equal attention be directed towards teaching the next generation how to keep their accounts and identities safe online.

When you’re looking to secure your applications, you need to keep a few things in mind. You want to make sure that your software security vendor is a fully-Saas vendor you access in the cloud. That way you benefit from scalability, peer benchmarking, and more. Here’s what to look for in an application security testing solution that you can access in the cloud while supporting cloud-native development. Plus, you’ll learn why cloud-based trumps on-premises solutions.

Poor secrets management leads to data breaches that can result in compromised credentials, a damaged reputation and millions of dollars in mitigation costs, legal fees and lost revenue. Secrets are non-human privileged credentials that provide access to sensitive information, systems and services. Types of secrets include database passwords, SSH keys, API keys and encryption keys.

A security breach is when an incident occurs that results in unauthorized access to sensitive data, applications, networks or devices. Typically, when a security breach happens the intruder is able to bypass security measures that were put in place to keep them out. As a result of a security breach, a company or organization’s public image suffers, which can lead to the company losing money. The company or organization could also suffer legal consequences.

According to a recent Gartner study, the fast pace of change across technologies, organizational priorities, business opportunities and risks requires identity and access management architectures to be more flexible. As digital business relies on digital trust, security and identity are — more than ever — an essential foundation of an organization’s business ecosystem.

According to the latest IBM Cost of a Data Breach Report, the average breach costs $4.35M per incident, climbing by 12.7% from 3.86 million USD in IBM’s 2020 report. This does not account for lost business opportunities and lingering reputational damage. A cybersecurity tabletop exercise could substantially reduce this amount simply by having a well-thought-out incident response plan and effectively exercising business continuity plans.

At the beginning of August, CREST partnered with OWASP to release the OWASP Verification Standard (OVS), which is designed to formalise and expand on OWASP’s existing work on application security and their own security standards, including their Top 10 Project. OWASP has existed since December 2001 and has been supporting penetration testers and developers alike ever since with tens of thousands of participants.

Cloud-based SIEM, long a forward-looking topic, is here and now. In fact, advanced organizations will spend 27% more on cloud cybersecurity as a percentage of IT spending in 2022 vs. 2021 as they expand their use of cloud providers, services, and integrations with other technologies. There are a myriad of benefits to conducting security operations on a cloud-based platform.