Cloud-based Kubernetes applications have become the standard for modernizing workloads, but their multi-layered design can easily create numerous entry points for unauthorized activity. To protect your applications from these threats, you need security controls at each layer of your Kubernetes infrastructure.
Last week saw the European ports were hit by a cyberattack, authorities disclosed that this was a targeted attack against Belgium, Germany, and the Netherlands. These threat actors have hit multiple oil facilities in Belgium's ports, including Antwerp, which is the second biggest port in Europe after Rotterdam. Among the impacted port infrastructure, there is the Amsterdam-Rotterdam-Antwerp oil trading hub, along with the SEA-Tank Terminal in Antwerp.
I conducted research based upon existing Python vulnerabilities and identified a common software pattern between them. By utilizing the power of our in-house static analysis engine, which also drives Snyk Code, our static application security testing (SAST) product, I was able to create custom rules and search across a large dataset of open source code, to identify other projects using the same pattern. This led to the discovery of a stored command injection vulnerability in Celery.
A recent survey conducted in 2021, states that approximately 64 percent of respondents listed data leakage or data loss as the most crucial cloud security concern. This makes selecting a cloud security solution an important decision that drives the scalability of the organization. As this may be a tricky business, we have brought to you a few considerations every CTO should take into account while selecting the cloud security solution.
Microservices architecture is a convenient way to silo different software services compared to traditional software architecture and design. However, with multiple microservices communicating amongst each other - the attack surface of the network is greatly increased. The security of such a system depends on the security of all the services. Any deviation in the system’s security ultimately undermines the integrity of the entire network.
For security teams on the front lines and those of us in the business of stopping cyberattacks and breaches, 2021 provided no rest for the weary. In the face of massive disruption brought about by the COVID-driven social, economic and technological shifts of 2020, adversaries refined their tradecraft to become even more sophisticated and brazen. The result was a series of high-profile attacks that rocked many organizations and, on their own, represented watershed moments in cybersecurity.
You power on your computer and open your inbox, ready for another day at work. But instead of some unread emails, you see a login screen with an all-too-familiar message: it’s time to update your password. And it can’t just be any password. It needs to be one you haven’t used before, and it must include a number… and a special character… and be 8 characters long…
Ransomware attacks on Colonial Pipeline, JBS Foods and Kronos are just a few recent examples in the rise of cyber-physical attacks that disrupt lives of individuals and have the potential to cause physical harm. This concerning trend is capturing the attention of organizations worldwide, with Gartner predicting that 75% of CEOs will be personally liable for cyber-physical security incidents by 2024.
More than 90% of applications will be cloud-native by 2023. As organizations transition from monolithic, on-premise environments to dynamic cloud-based ones, ensuring access control becomes more critical — and complex. That’s why I co-created Open Policy Agent, also known as OPA. OPA unifies policy enforcement across the cloud-native stack.
