In a strong shortlist of seven finalists, Redscan took home a High Commendation in the Best Managed Security Service category for the second consecutive year. We were also a finalist in the Best Customer Service and Best SME Solution categories. The SC Awards recognises the people, products and services that exemplify the best solutions for customers in the security industry.

Get practical steps for MISRA and AUTOSAR compliance to improve code quality, safety, and security in automotive software. Recent advancements in the automotive industry include the development of autonomous driving systems, connectivity units, and digital cockpits and infotainment systems that improve the user experience.

The Splunk Threat Research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing password spraying attacks against Active Directory environments. In this blog, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PurpleSharp, collect and analyze the Windows event logs, and highlight a few detections from the May 2021 releases.

As you go about the work of managing your IT environment, it’s likely that you already apply the Principle of Least Privilege (POLP, also known as “least privilege access”) — probably without giving this important concept a second thought. After all, not every employee in your company has admin rights on your website, or access to your financial accounts.

As our digital world turns toward advances in automated technology to increase efficiency and productivity, cybercriminals are also learning how to execute mass automated cyber-attacks. According to the 2021 AT&T Cybersecurity Insights Report, most people are concerned about the security of various applications and 52% believe that these threats challenge the integrity of networks.

A data breach is defined as the unauthorized access to sensitive information about a person – whether it's their personal, financial information, passwords, credit card numbers, social security number, and other sensitive information. It is one of the most costly and damaging issues that can plague any person and company. Unfortunately, it has become a far too common occurrence these days as hackers constantly find ways to break even the most complicated security measures.

Commencing just before 1000hrs UTC on June 8, 2021, widespread reports of high-profile websites being unavailable began to surface with visitors to these sites receiving ominous looking error messages (Figure 1). Figure 1 - Example outage message 'gov.uk' Initially, many of these error messages returned a HTTP error '503', advising the user that the service is unavailable, and these originated from a 'Varnish cache server' HTTP accelerator that was attempting to serve the intended content.

While both data warehouses and lakes are big data storage solutions, they are useful in distinctly different situations. Data warehouses store structured data that can be accessed and interpreted by anyone with permission to do so, whereas a data lake is an unstructured storage space for large quantities of raw data. Data lakes store big data in its raw form, with minimal structure and few controls over what data is included or excluded from the storage space.

Today, if you’re running Kubernetes, you know that security is not “built-in.” To secure your clusters, you have to configure, add or build in additional controls. Some are part of Kubernetes, like role-based access control (RBAC), but other best practices include specifying trusted repositories for known-good containers and then layering in runtime scanning tools as well.

We’re pleased to announce our new extension for Visual Studio, making it easier for developers to stay both secure and compliant as they code within their favorite IDE. The extension supports Visual Studio 2015, 2017, and 2019. Snyk’s new free extension for Visual Studio enables developers to easily find and fix both known vulnerabilities and license issues in their open source dependencies, helping them address security early on and ship secure code faster.