The year 2021 had the dubious distinction of being the most prolific for ransomware on record, and the onslaught didn’t stop in 2022. It’s now estimated that every 14 seconds, a business falls victim to a ransomware attack. Ransomware attacks aren’t just happening more often.

There is an exploitation method that can automatically forward emails CC’d to external addresses via an Outlook Desktop rule, even when this action is prevented on the corporate Exchange server. This can be a serious data exfiltration risk allowing post-exploitation persistence in a previously breached account. The legitimate email account owner is highly likely to be unaware of the creation of this rule.

Organizations face a growing threat from cybercriminals while struggling to find qualified security professionals who can protect their infrastructure and sensitive data. This blog will explore the concept of a Security Operations Center (SOC) and the role of SOC analysts in securing your organization. We will also discuss how your organization can leverage automation to improve SOC effectiveness and fill in the gaps when you cannot support a full staff of security professionals.

Detectify ranks as a Leader in Website Security, a category for tools designed to protect business websites from Internet-based threats. This recognition is awarded after factoring in social, web, employee, and review data that G2 has deemed influential in Detectify’s momentum. Besides ranking #1 on the Website Security podium, Detectify holds the first position in Alerting.

Observed each October, National Cybersecurity Awareness Month (NCSAM) was first launched in a collaborative effort between the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security. Today, it continues to be an important collaboration between government and industry in the months up to and throughout October. Each year focuses on core themes to raise awareness about cybersecurity issues and explain what resources can help.

Sysdig has validated its security, monitoring, and compliance capabilities with multiple Azure-related services. The latest is Microsoft Sentinel, a SIEM(Security Information and Event Management) solution on Azure that works really well with Sysdig’s cloud workload protection capabilities. Sysdig and Microsoft have a common goal of helping customers ship cloud apps faster by helping them see more, secure more, and save time in troubleshooting deployed microservices.

Access control is a key component of security programs, since it regulates who or what can access data and resources within an organization’s systems. Granting access only to authorized users prevents data breaches and malicious attacks and is a good way to practice the security principle of least privilege. This article focuses on RBAC, a type of access control, and its benefits and implementation.

This week, at HashiConf 2022, Snyk was recognized by HashiCorp as the winner of the 2022 Collaboration Technology Partner of the Year award. Carey Stanton, Snyk’s Senior Vice President of Business Development, was in Los Angeles and accepted the award on stage at HashiConf. Snyk is honored to be named HashiCorp’s 2022 Technology Partner of the Year for Collaboration.

Today we’re announcing support for SPNEGO-based Kerberos and NTLM proxy authentication protocol support in Snyk CLI for Windows, with support for other operating systems coming shortly.

Remember Log4j? Arbitrary code execution bugs are more common than you think, even in memory-safe languages, like Java. Learn how to find these vulnerabilities with fuzzing. Arbitrary code execution vulnerabilities represent one of the most dangerous classes of vulnerabilities in Java applications. Incidents such as Log4Shell clearly demonstrate the impact of these security issues, even in memory-safe languages. They also show that fuzzing can be very effective in finding these vulnerabilities.