Encryption is the process of converting plaintext data into an alternative form known as ciphertext. However, only authorised users can decipher the ciphertext back into clear-text to access the information. There are two types of encryption in widespread use, i.e. symmetric and asymmetric encryption. These names symbolise whether the same key can be used for encryption and decryption processes. These two terms: Encryption and cryptography, are often used interchangeably.

Recently I wrote about Infrastructure as Code (IaC) and how Snyk’s IaC scanning can help catch issues in your templates before they make it to provisioning. Our engineering team continues to expand the breadth of our IaC scanning policies to better protect your platforms from vulnerabilities and issues.

In recent years, threat hunting has become much more widely adopted, but today the definition of threat hunting is still quite a controversial topic. Threat hunting is the art of finding the unknown in your environment, going beyond traditional detection technologies, with active cyber defence activity, proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.

Image vulnerability scanning is a critical first line of defense for security with containers and Kubernetes. Today, Red Hat recognized Sysdig as a certified Red Hat security partner based on our work to standardize on Red Hat’s published security data with Sysdig Secure.

The Cloud Threats Memo is a weekly series from Paolo Passeri, digging into a recent cloud threat and highlighting how Netskope can best help mitigate it. Just a few months after their debut in November 2020, the new ARM-based Mac M1 Processors have already attracted the unwanted attention of cybercriminals with two adware samples, the details of which have been revealed over the past few days.

Cross-site scripting (XSS) is an attack that allows JavaScript from one site to run on another. XSS is interesting not due to the technical difficulty of the attack but rather because it exploits some of the core security mechanisms of web browsers and because of its sheer pervasiveness. Understanding XSS and its mitigations provides substantial insight into how the web works and how sites are safely (and unsafely) isolated from each other.

The SolarWinds supply chain attack has rocked the business world, stirring a whirlwind of supply chain security evaluations. The pernicious effects of the SolarWinds cyberattack (which is likely to take months to fully comprehend) reveals an uncomfortable truth causing stakeholders globally to reconsider their business model - vendors introduce a significant security risk to an organization.

This is the seventh entry in this blog series on using Java Cryptography securely. Starting from the basics we began diving deeper into various basic cryptographic primitives such as Cryptographically Secure Random Number Generator, symmetric & asymmetric encryption/decryption & hashes. After taking a brief interval, we caught-up with cryptographic updates in the latest Java version. Skip to the TL; DR

Stolen credentials are among the biggest threats to data security across industries, accounting for around 90% of data breaches. The identity and access management market — consisting of expertise, identity access management tools, and software, and training — is predicted to grow from about $10 billion in 2019 to over $22 billion by 2024. Here’s what you need to know about this increasingly important aspect of data security.

SimpleHealth takes their company name to heart. They are a reproductive tele-health company, focused on building thoughtful and impactful services that enable patients to own their reproductive health journey. Today, the core vertical is an online birth control prescription and free home delivery service.