Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

How to decide if a network digital twin is right for your company - Consider these ten questions

Interest in digital twin technology is on the rise, likely driven by the pressure placed on IT teams to ensure that their networks are predictable, agile, and secure. Network and security operations teams are actively investigating how implementing a digital twin can help their teams become more proactive and provide confidence that the network will behave as expected, even in the face of constant change.

The Cloud Expansion Checklist: How to Get IT Decision-Makers and Developers on the Same Page

Cloud-native and open-source technologies are booming. But for a successful cloud expansion, IT decision-makers and developers need to be in agreement despite their unique roles in the process. As more enterprises transition to cloud-native environments, the big question is how aligned are IT decision-makers and developers?

Important Updates on Spring4Shell Vulnerability

In December 2021, the cybersecurity industry was made aware of CVE-2021-44228, known as Log4Shell, a novel vulnerability in a commonly found software component called Java Log4j. Arctic Wolf extensively covered the Log4Shell vulnerability and gave updates as it got involved.

CyRC Vulnerability Analysis: Two distinct Spring vulnerabilities discovered - Spring4Shell and CVE-2022-22963

Two vulnerabilities affecting different Spring projects were identified this week. Here’s what you need to know about Spring4Shell and CVE-2022-22963. The Internet is buzzing with talk about two separate vulnerabilities related to different Spring projects. The two are not related, but have been confused because both vulnerabilities were disclosed at nearly the same time.

Detecting and Mitigating CVE-2022-22963: Spring4Shell RCE Vulnerability

Today, researchers found a new HIGH vulnerability on the famous Spring Cloud Function leading to remote code execution (RCE). The vulnerability CVE-2022-22963 would permit attackers to execute arbitrary code on the machine and compromise the entire host.

Fraud Prevention Strategy: Finding Weak Links in the Payment Transaction Cycle

This blog is a part of our new series 5 Strategies for Building Resilience to Financial Crimes and Cyber Attacks in 2022. In the last few years, we have all observed an increase in the sophistication of cyber-enabled attacks and financial crimes. This coincided with intensified focus on digital banking by financial institutions and increased volumes of online transactions.

Is there such a thing as Spring4Shell?

Very early in the morning on March 30th (for me), my colleague DeveloperSteve posted a “Hey, have you seen this?” message in our slack channel. It was an “advance warning” of a “probable” remote code execution (RCE) in the massively popular Java Spring framework. I would come to find out that even earlier than that, the Snyk Security team started investigation a potential RCE in Spring after seeing a tweet that has since been deleted.

What Is Client-Side Security and Why Is It Important for Your Business?

You can’t open a newspaper today without reading about another cyberattack or data breach—with web applications accounting for a fair share of the reporting. Web application vulnerabilities, poor infrastructure configurations, and inadequate security controls make these web-based targets a prime focus for attackers. That’s why organizations need to make sure they’ve implemented front-end or “client-side security” as well as server-side or back-end security.

What is Data Encryption and Why It's Recommended for Really Safe Online Security

Encryption has come a long, long way over the last few years. Something once reserved only for militaries and governments, encryption has been made super accessible and has become standard practice in the tech industry. Whether it’s texts, photos, or word docs - it can, and should, be encrypted. Put simply, encryption scrambles any file sent or stored online into unreadable nonsense that can only be translated (or decrypted) by a user with a key.