Social engineering is a type of cyber attack that targets people to gain access to buildings, systems, or data. Social engineering attacks exploit human vulnerabilities to get inside a company’s IT system, for instance, and access its valuable information. Social engineering is one of the most common— and successful— forms of cyber attack. Social engineering attacks are constantly evolving, but they generally follow five main approaches.

Indicators of compromise are the red flags of the information security world. These helpful warnings allow trained professionals to recognize when a system may be under attack or if the attack has already taken place, providing a way to respond to protect information from extraction. There are many indicators of compromise, depending on the type of threat.

Thousands of secrets leak daily on public git repositories, including over two million corporate secrets in 2020 alone. This can happen to anyone! For example, in January 2021, an Amazon cloud engineer accidentally committed almost a gigabyte worth of sensitive data that included their own personal documents, as well as passwords and cryptographic keys to various AWS environments on his personal GitHub repository.

2020 was the year of the DDoS attack. Distributed Denial of Service (DDoS) attacks spiked over the last year, driven by the pandemic and the fact that so many people were locked down, working from home, and using online services to get through the pandemic. According to a report from NETSCOUT, more than 10 million DDoS attacks were launched last year, targeting many of the remote and essential services people were using to make it through the lockdown.

Every day, billions of emails are sent out, some legitimate, while others are used to target unsuspecting users. According to the FBI, phishing attacks were the most common type of cybercrime in 2020. The reason these are so commonly used is because phishing tools are easy to get a hold of and attackers are taking advantage of the weakest link when it comes to security – the employees.

Snyk has been long invested in promoting application security awareness and practices through many of our initiatives, including actively participating in communities and foundations. Some examples include: Today, we’re proud to further engage with the community by announcing the Snyk Ambassadors program.

It used to be that technological innovations such as the internet made the world smaller and bought us all closer together. Sadly, that augmented ability to reach others brought with it a new avenue for unwanted and unpleasant interactions. In 2021, a study by Sapio Research on behalf of Respect in Security, showed around one third of cybersecurity professionals claimed to have personal experience of harassment, either online or in the workplace.

If you’re a developer who lives and breathes code all day, you probably don’t mind having to write complex configuration files to set up an automation tool or configure a management policy. But the fact is that many of the stakeholders who stand to benefit from security automation are not developers.

The move to modernize security operations to keep up with the proliferation of complex, highly ephemeral apps and infrastructure has become more daunting than ever with the added explosion of remote work and the resulting acceleration of lift-and-shift and hybrid-cloud initiatives.