Passwords are everywhere. Sometimes they are obvious — hardcoded in the code or laying flat in the file. Other times, they take the form of API keys, tokens, cookies or even second factors. Devs pass them in environment variables, vaults mount them on disk, teams share them over links, copy to CI/CD systems and code linters. Eventually someone leaks, intercepts or steals them. Because they pose a security risk, there is no other way to say it: passwords in our infrastructure have to go.

The rules set forth by PCI-DSS can seem complicated. Four levels, 12 requirements, multiple credit card brands: it’s easy to get lost in the details of PCI-DSS requirements. However, merchants who fail to meet the PCI compliance standard face heavy consequences. Not only do these companies put their customer data at risk, they also may face hefty fines that can range from $5,000 to $100,000 per month.

In this tutorial, we’ll demonstrate how easy it is to redact sensitive data and give you a more in-depth look at various redaction techniques, how Nightfall works, and touch upon use cases for redaction techniques. Before we get started, let’s set our Nightfall API key as an environment variable and install our dependencies for our code samples in Python.

Previously described as “the world’s most dangerous malware” before being shut down by law enforcement and judicial authorities in January 2021, the Emotet botnet has now returned. In this blog post, we outline its current attack methods and the key questions organisations should ask to protect themselves.

Most cyberattacks originate outside the organization. Numerous articles, vulnerability reports, and analytical materials prove this fact. External attacks are usually carried out based on the following scenario: Obviously, it is impossible to provide protection at all stages of an attack using only one type of protection. It is tough to do without a dedicated team and security solutions like firewalls, intrusion detection, antiviruses and more.

Before the pandemic, most millennials didn’t have a will, let alone a plan for handing over their digital accounts.

In the early days of Styra when we were creating Open Policy Agent (OPA), we had a singular goal in mind: help engineers enforce any policy over any piece of software. We wanted people to be able to write any policy they’d like, whether it be about complex resources managed by Kubernetes or public cloud, APIs routed through gateways or service meshes, data stored in relational or document databases, application deployments controlled by CICD pipelines, and so on.

Cybersecurity threats are on the rise. Over the past year, we’ve observed a 148% increase in ransomware attacks and an 85% increase in phishing attacks targeting remote users. Worse still, these attacks are growing increasingly sophisticated, with threat actors using eight or more vectors in the same attack, often deploying multiple vectors within minutes of one another.

In an increasingly cloud native world, infrastructure as code (IaC) is often the first point of entry into an application. And with technologies such as Kubernetes and Terraform becoming increasingly popular, most app developers will update at least one Kubernetes or Terraform resource at one point in their career.