What’s your role in the vulnerability management process?

As microtransactions in gaming increase and more money is exchanged online, it’s become more important than ever to secure your financial and personal information.

In our mission to make Terraform Cloud workflows more streamlined and secure, we’re excited to announce our new native integration into HashiCorp Terraform Cloud. This integration embeds the security expertise and developer-friendly fixes of Snyk Infrastructure as Code (Snyk IaC) directly into Terraform Cloud, making the Terraform Cloud workflow one of the safest ways to provision and manage public cloud infrastructure.

Over the years, as a developer, I’ve built and deployed many applications through digital agencies, side projects, startups, and freelance work. With time-sensitive deadlines, client expectations, and delivery dates to consider, security wasn’t usually top of mind when npm installing an open source package. This often led to reworking and cleanup on deployments that had let in known vulnerabilities, adding to compounding timelines and client disappointment.

The AWS RDS service itself falls on the AWS side of the Shared Responsibility model, but the day-to-day management of the RDS security instances falls on your side. When it comes to shared responsibility, your obligation depends on the AWS services that you deploy, and also other factors including (but not limited to) the sensitivity of your data, your company’s requirements, and applicable laws and regulations.

‍Cybersecurity is one of the fastest-growing and most in-demand fields in the tech world. As technology continues to evolve, the demands of cybersecurity (and job opportunities) also grow along with it. Choosing a cybersecurity career can be difficult and challenging, but there are many different career paths to choose from that can make your experience rewarding and well worth the investment.

The attacks came from all corners in the past month, as cybercriminals used administrative access codes, stolen internal data, laser-focused programming tools, and even humble job applications to worm their way into organizations' inner workings. Let's look at some of the strange and sinister innovations that shaped the world of cybercrime this April.

In 2002 I sat in a local bookstore in Jackson Hole, WY that offered a few Internet-connected computers for hourly use. After chatting with the owner and petting the resident store dog, I took a few guesses at the password protecting these computers. It took me maybe 10 attempts. It was, of course, some variation of the dog’s name. While this is a very dated story, it’s this kind of story that still drives many people’s perception of why a strong password is necessary.

Business email compromise (BEC) occurs when cybercriminals scam organizations by compromising sensitive data through email accounts for financial gain. FBI research shows that BEC is currently the most costly digital crime, far surpassing ransomware to account for US$49.2 million in victim losses in 2021. BEC is also known as email account compromise (EAC) or 'man-in-the-email' scamming.

The Federal Bureau of Investigation (FBI) recently released a Flash Report regarding BlackCat Ransomware breaches. This ransomware as a service (RaaS) has compromised at least 60 entities worldwide and is the first ransomware group to do so successfully using RUST, considered to be a more secure programming language that offers improved performance and reliable concurrent processing.