Image vulnerability scanning is a critical first line of defense for security with containers and Kubernetes. Today, Red Hat recognized Sysdig as a certified Red Hat security partner based on our work to standardize on Red Hat’s published security data with Sysdig Secure.

The Cloud Threats Memo is a weekly series from Paolo Passeri, digging into a recent cloud threat and highlighting how Netskope can best help mitigate it. Just a few months after their debut in November 2020, the new ARM-based Mac M1 Processors have already attracted the unwanted attention of cybercriminals with two adware samples, the details of which have been revealed over the past few days.

Cross-site scripting (XSS) is an attack that allows JavaScript from one site to run on another. XSS is interesting not due to the technical difficulty of the attack but rather because it exploits some of the core security mechanisms of web browsers and because of its sheer pervasiveness. Understanding XSS and its mitigations provides substantial insight into how the web works and how sites are safely (and unsafely) isolated from each other.

The SolarWinds supply chain attack has rocked the business world, stirring a whirlwind of supply chain security evaluations. The pernicious effects of the SolarWinds cyberattack (which is likely to take months to fully comprehend) reveals an uncomfortable truth causing stakeholders globally to reconsider their business model - vendors introduce a significant security risk to an organization.

This is the seventh entry in this blog series on using Java Cryptography securely. Starting from the basics we began diving deeper into various basic cryptographic primitives such as Cryptographically Secure Random Number Generator, symmetric & asymmetric encryption/decryption & hashes. After taking a brief interval, we caught-up with cryptographic updates in the latest Java version. Skip to the TL; DR

Stolen credentials are among the biggest threats to data security across industries, accounting for around 90% of data breaches. The identity and access management market — consisting of expertise, identity access management tools, and software, and training — is predicted to grow from about $10 billion in 2019 to over $22 billion by 2024. Here’s what you need to know about this increasingly important aspect of data security.

SimpleHealth takes their company name to heart. They are a reproductive tele-health company, focused on building thoughtful and impactful services that enable patients to own their reproductive health journey. Today, the core vertical is an online birth control prescription and free home delivery service.

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is designed to prevent bots or spam attacks from accessing a webpage. Traditionally users were tasked with typing text from a simple image, but over time CAPTCHA has evolved into more complex images and voice recognition in response to the increasing sophistication of attacks.

Fuzzing can be dangerous. After all, you’re trying to break things. In fuzzing, you deliver deliberately malformed inputs to software to see if the software fails. If it does, you’ve located a vulnerability and can go back to the code and fix it. It’s an excellent, proactive method for software development organizations to fix security weaknesses. And it should be no surprise that fuzzing is also the preferred method for attackers who want to locate zero-day vulnerabilities.

It is common and intuitive to think that a security manager is responsible for the protection of their own team and organization. Spending the company’s resources on the security of another organization may sound unreasonable. However, recent events in the retail industry teach us otherwise. Today more than ever, as 3rd-party risk is gaining speed, executives are exposed to threats from unexpected directions and involving new weak points.