Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Lessons Learned from the SolarWinds Hack

Supply chain attacks are one of the trickier challenges for organizations to defend against since they undermine our trust in otherwise trusted systems that we depend on for running our software and protecting our data. If an adversary is able to successfully compromise a key component of a popular supply chain product, the impact can be widely felt by many organizations.

Serverless computing: Is it worth the risk?

A new trend for developers is emerging, as many companies shift towards using serverless computing. The name is a bit misleading, as serverless computing still relies on servers for storing data, but those who use serverless computing leave the maintenance of the server to their provider. They pay only for the storage needed to execute the code they develop.

Open Source Licenses in 2021: Trends and Predictions

As this year comes to a close, it is a good time to take a look at the trends of open source license usage in 2020 and compare them to previous years. Our research team has collected information from the WhiteSource database, which includes more than 4 million open source packages and 130 million open source files covering over 200 programming languages, to learn which were the most popular open source licenses in 2020.

iOS App Security: 6 Ways How Apple Protects the User's Data

Apple loves bragging about how secure their devices are. Not without reason: there are lots of security features you probably use daily, including code autofill, password reuse auditing, Safari built-in privacy, and many more. Same for developers. For example, Apple doesn't release their source code to app developers for security reasons. And the owners of iOS devices can't modify the code on their phones themselves.

Identify, prioritize, and fix vulnerabilities with Reachable Vulnerabilities for GitHub

Imagine you are a Java programmer and that you just decided you want to use Snyk Open Source scanning to help you find security problems in your third party libraries. Good call! However, after connecting your repository to the Snyk Open Source scanner, you find out that you have ten or maybe even 50 vulnerabilities in the packages you depend on. The major question is: where do I start?

How to detect sudo's CVE-2021-3156 using Falco

A recent privilege escalation heap overflow vulnerability (CVSS 7.8), CVE-2021-3156, has been found in sudo. sudo is a powerful utility built in almost all Unix-like based OSes. This includes Linux distributions, like Ubuntu 20 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2). This popular tool allows users to run commands with other user privileges.

More Security Tools Doesn't Always Mean More Security. It Might Even Mean Less.

Even before the pandemic, many companies were undergoing significant transformation as they transitioned to cloud or hybrid architectures and grappled with problems caused by tool sprawl due to the quick adoption of many disparate tools. For some, COVID-19 and the rush to remote work fueled and exacerbated these challenges.

The Economics of Data Loss Prevention

In 2017, The Economist announced that the world’s most valuable resource is no longer oil – it’s data. Since the phrase “big data” was coined in the 1990s, data has become increasingly important to virtually every aspect of running a business – not to mention how we conduct our daily lives. It’s no surprise that some of the most valuable companies are also those that capture the most user data. Take Facebook, for instance.

Securing your code: GDPR best practices for application security

GDPR best practices often focus on how to process and manage personal data, but companies should also consider application security to ensure compliance. The standard cliché used to be that you are what you eat. Which remains true, of course. But it’s also incomplete—so last century. Today, you are what you do online, which is almost everything.