Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Sponsored Post

Top Events You Should Always Audit & Monitor

Anybody who’s looked for answers on the Internet has likely stumbled across a “TOP X LISTS”: The “10 things famous people do every day”, “Top 10 stocks to by”, the “20 books you have to read” are just some examples of the myriad of lists that are out there offering answers. You may have even stumbled upon a few “Top 10 (or 12) Events To Monitor” articles too.

Colonial Pipeline Incident

In yet another high-impact and high-profile ransomware incident, the 'big game hunter' ransomware group 'DarkSide' accepted responsibility for an attack against the US-based Colonial Pipeline Company, an organization providing fuel pipeline services across multiple states (Figure 1) that transport a reported 100 million US gallons of fuel daily including direct service to airports.

Reducing Enterprise AppSec Risks: Ponemon Report Key Takeaways

Ponemon Institute’s Reducing Enterprise Application Security Risks: More Work Needs to Be Done looks at the reasons why many enterprises consider the application layer to be the highest security risk. Ponemon Institute, in partnership with WhiteSource, surveyed 634 IT and IT security practitioners about their enterprises’ approach to securing applications.

What is Open Policy Agent?

Open Policy Agent, or OPA, is an open source, general purpose policy engine. OPA decouples policy decisions from other responsibilities of an application, like those commonly referred to as business logic. OPA works equally well making decisions for Kubernetes, Microservices, functional application authorization and more, thanks to its single unified policy language. So what’s a policy engine? And what’s policy? A policy can be thought of as a set of rules.

Prevent cloud misconfigurations in HashiCorp Terraform with Snyk IaC

We’re delighted to share new features of Snyk Infrastructure as Code (Snyk IaC) designed to support how Terraform users write, plan, and apply their configurations. With Snyk IaC, you can get immediate guidance on security configurations as you write, and scan your Terraform plans in your deployment pipelines to ensure your changes and complete configuration are safe.

Scaling for DevSecOps with the Norwegian Labour and Welfare Administration

Application development has changed, and development teams have begun supporting a model of rapid and frequent deployments to support the pace of innovation demanded by digital transformation. From an application security perspective, this means scaling through DevSecOps and supporting developer-first security. The unique challenges and solutions for shifting to DevSecOps were the subject of a recent roundtable discussion featuring Aner Mazur, Chief Product Officer at Snyk and Christer Edvartsen, Sr.

Gig Workers are the Most Dangerous Insider Threat We Aren't Talking About

The term “gig economy” refers to the increasingly common use of skilled freelance or otherwise independent workers on a short-term basis—often one project at a time. The availability of these sorts of gig workers has brought massive change to global work culture over the last few years.

New Cybersecurity Executive Order: What You Need to Know

Last night, the Biden administration released an executive order on cybersecurity that includes new security requirements for software vendors selling software to the U.S. government. These requirements include security testing in the development process and a bill of materials for the open source libraries in use, so known vulnerabilities are disclosed and able to be tracked in the future. Without following these standards, companies will not be able to sell software to the federal government.

Ofwat reveals it has received 20,000 spam and phishing emails so far this year

Ofwat, the water services regulator for England and Wales, has revealed that it has received over 20,000 spam and phishing emails so far this year. The Water Services Regulation Authority (better known as Ofwat) which is the government department responsible for regulating the privatised water and sewage industry in England and Wales, said it had received 21,486 malicious emails so far this year – with 5,149 classified as phishing attacks.

Elastic and Swimlane partner to deliver an extensible framework for the modern SOC

Today I’m happy to share more about our partnership with Swimlane, which further reinforces our commitment to empowering security teams everywhere. Today’s security teams rely on the power of Elastic’s high-speed, cloud-scale analytics to solve their most complex and pressing security issues. Swimlane’s security automation platform provides a way for these same teams to accelerate and optimize their workflows for max efficiency and to solve SOAR use cases.