How hard can it be to support custom container image tags? Turns out… quite! I know this because my team has been busy at work on our new custom base image support for Snyk Container, andwe were tasked with the following problem: Given a tag, parse its parts to be able to compare it to other similar tags. It was a fun problem to solve, and we'd love to share how we got to our final solution!

Driving for companies like Uber is always risky, as you never know who you will pick up, where you will have to take them, and if your vehicle could break down. However, drivers should not have to worry about their identities while driving. Uber was just hit by a cyber attack back in December that hurt more than 77,000 employees, and it seems the company is suffering from another serious data loss that could impact some of its drivers, yet again.

Phishing attacks that can evade detection by email scanners are improving their chances of reaching the inbox, thanks to an increase in the use of one specific attachment type. According to new data found in HP Wolf Security’s latest Security Threat Insights Report for Q4 of 2022, 13% of all email threats being sent make their way past layered email security defenses to reach the user’s inbox. This, up from the previously published finding of 11.7% of threats doing so by Acronis.

Over a decade ago, the sketch comedy show Portlandia tried to answer a simple question: why do hipsters put birds on everything? Teapots, tote bags, greeting cards, pillows — even toast. When in doubt, put a bird on it.

With web application exploits the 3rd-most-common cybersecurity threat, overlooking the importance of XSS vulnerabilities puts you at risk. As we move through 2023, many organizations are looking at their cybersecurity programs and considering how to allocate their application security testing resources. While allocating testing resources to OWASP Top 10 vulnerabilities like cross-site scripting (XSS) may not feel innovative, it’s one of the best ways to ensure an organization’s security.

Does your company have secret intel that only a few employees can handle? Do you lose sleep over the thought of sneaky hackers getting their grubby little paws on your precious data? Don't take any chances with your business! Level up your security game with privileged access management and keep those cyber threats at bay. Privileged access refers to the rights of specific users, such as IT administrators or executives, to access files, critical systems, or sensitive data.

Attackers who were previously abusing DigitalOcean to host a tech support scam have expanded the operation, now abusing StackPath CDN to distribute the scam, and are likely to start abusing additional cloud services to deliver the scam in the near future. From February 1 to March 16, Netskope Threat Labs has seen a 10x increase of traffic to tech support scam pages delivered by StackPath CDN.

In the era of increasing focus on cyber-security, using only secure software plays an important role. Whether it’s an organization or an individual end-user, everyone is getting more literate about digital well-being. As a result, everyone read out the warnings displayed by systems to protect themselves from malware. Due to it, an Unknown Publisher Warning is also getting seriously considered. And many of the users don’t prefer the software that encounters such alerts.

Two new sets of regulations introduced by the European Union (EU) indicate that the public sector is taking increased interest in improving cybersecurity and resilience. The EU is introducing the Digital Operational Resilience Act (DORA) for financial institutions and the Cyber Resilience Act (CRA) for software and hardware providers, both designed to enforce software security and secure delivery of services.

Many organizations have multiple IAM schemes that they forget about when it comes to a robust compliance framework such as PCI DSS. There are, at minimum, two schemes that need to be reviewed, but consider if you have more from this potential, and probably incomplete, list: Bottom line, in whatever fashion someone or something validates their authorization to use the device, service, or application, that authorization must be mapped to the role and privileges afforded to that actor.