Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

5 Cybersecurity Tools to Safeguard your Business

With the exponential rise in cybercrimes in the last decade, cybersecurity for businesses is no longer an option — it’s a necessity. Fuelled by the forced shift to remote working due to the pandemic, US businesses saw an alarming 50% rise in reported cyber attacks per week from 2020 to 2021. Many companies still use outdated technologies, unclear policies, and understaffed cybersecurity teams to target digital attacks.

Using Centralized Log Management for ISO 27000 and ISO 27001

As you’re settling in with your Monday morning coffee, your email pings. The subject line reads, “Documentation Request.” With the internal sigh that only happens on a Monday morning when compliance is about to change your entire to-do list, you remember it’s that time of the year again. You need to pull together the documentation for your external auditor as part of your annual ISO 27000 and ISO 27001 audit.

What is Malware & How to Protect Ourselves From Computer Viruses

Do you remember when viruses used to be funny and not such a big deal? Maybe a cat would constantly pop up on your desktop or you’d get spammed with hundreds of ads for male enhancement pills? Well, the early 2000s are over (yes, it’s depressing) and malware has advanced far beyond its somewhat quirky origins. Today, viruses have become extremely sophisticated and it’s difficult to know for sure if your files have been infected or not. So what is malware exactly?

ISO 27002 2013 to 2022 mapping

On February 15th, the International Organization for Standardization (ISO), published the latest update to “ISO/IEC 27002 Information security, cybersecurity and privacy protection — Information security controls”. This latest standard is available for personal use from their site on ISO.org for CHF 198 (Swiss Francs) or, if you prefer, US dollars, $200, at the ANSI.org webstore. I’ll also simply refer to it as ISO 27002 as most people do.

Entitlements: Architecting Authorization

By its general purpose nature, Open Policy Agent (OPA) allows for a unified way of dealing with policy across a wide range of use cases. One particularly interesting use case for OPA, and one which will be the focus of this series of blogs, is that of application authorization (or entitlements, or simply, authorization).

Welcoming TopCoat to Snyk

We’re excited to announce that Snyk and TopCoat are joining forces. TopCoat and its founders — Seth and Josh Rosen — are well established and respected in the data analytics space. They’ve built a powerful data analytics platform that simplifies building data applications through an integration with dbt, allowing data analysts and engineers to quickly create highly customized data reporting and visualizations.

Meet the Hacker: Goonjeta Malhotra a.k.a BattleAngel - "Hacking has always felt like a superpower"

Hacking has always felt like a superpower to me. It is a skill that I have worked on and learned with time. I was introduced to this field by my brother, he is my role model and I have always followed in his footsteps. Once I stepped into this field, there was no turning back. I knew this is what I want to excel at and be known for.

The Easy Solution for Stopping Modern Attacks

Modern cyberattacks are multifaceted, leveraging different tools and techniques and targeting multiple entry points. As noted in the CrowdStrike 2022 Global Threat Report, 62% of modern attacks do not use traditional malware and 80% of attacks use identity-based techniques, meaning that attacks target not only endpoints, but also cloud and identity layers with techniques that many legacy solutions have no visibility of or means of stopping.

PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell

At the start of 2022, CrowdStrike Intelligence and CrowdStrike Services investigated an incident in which PROPHET SPIDER exploited CVE-2021-22941 — a remote code execution (RCE) vulnerability impacting Citrix ShareFile Storage Zones Controller — to compromise a Microsoft Internet Information Services (IIS) web server. The adversary exploited the vulnerability to deploy a webshell that enabled the downloading of additional tools.