The pandemic accelerated a trend that was already gaining increased traction: the preference for shopping online. The last eighteen months have brought a surge to the eCommerce industry, with consumers of all ages learning how to order items online. Competition has never been fiercer for online retailers, which means it’s not just quality products and customer service that companies must focus on.
It takes a crowd to secure the attack surface. Detectify collaborates with the Crowdsource ethical hacker community to power a fully automated external attack surface management solution. This is a guest blog post from Crowdsource hacker Luke “hakluke” Stephens on why he believes crowdsourced security is now a necessity.
SSL/TLS certificates make the internet a safer place, but many companies are unaware that their certificates can become a looking glass into the organisation – potentially leaking confidential information and creating new entry points for attackers.
Elasticsearch is a popular open source search engine. Because of its real-time speeds and robust API, it’s a popular choice among developers that need to add full-text search capabilities in their projects. Aside from being generally popular, it’s also the engine we’re currently moving our Snyk reports functionality for issues! And once we have everything tuned in issues, we’ll start using Elasticsearch in other reporting areas.
Dependency confusion attacks are a form of open source supply chain security attacks in which an attacker exploits how package managers install dependencies. In a prior post, we explored how to detect and prevent dependency confusion attacks on npm to maintain supply chain security. In this article, we will present an extension of the dependency confusion problem utilizing npm’s package aliasing capabilities.
According to the National Vulnerability Database (NVD), the number of new security vulnerabilities increases steadily over the past few years. Image source: NVD The consistent rise in the number of security vulnerabilities along with headline-catching exploits like the SolarWind supply chain attack earlier this year has organizations doubling down on vulnerability management programs to ensure that they are not exposed to malicious attacks.
Forescout is proud to be recognised by Forrester in its inaugural Industrial Control Systems (ICS) Security Solutions Wave, 2021. The ability to cover the most ICS protocols allows us to provide the best visibility compared to any other vendor, making the Forescout platform the solution of choice for any organization struggling with ICS asset visibility.
For a concept that represents absence, zero trust is absolutely everywhere. Companies that have explored how to embark upon zero-trust projects encounter daunting challenges and lose sight of the outcomes a zero-trust approach intends to achieve. Effective zero-trust projects aim to replace implicit trust with explicit, continuously adaptive trust across users, devices, networks, applications, and data to increase confidence across the business.
Over the last few years, the term DevOps and DevSecOps (which stand for Developer Operations and Developer Security Operations respectively) have become synonymous with companies trying to become more agile and less monolithic.
It can take just minutes, if not seconds, for an advanced threat to compromise a company's endpoint devices (laptops, mobile devices, and the like). Legacy security tools that were once adored and worshipped by many no longer cut it. These tools require manual triage and responses that are not only too slow for fast-moving and increasingly sophisticated cyber threats, but they also generate a huge volume of indicators that burden the already overstretched cyber security teams.
