In today’s cloud-native, app-first and remote-first world, it has become a considerably more complicated task to verify the identity of a user or a service, and determine policies that say what they are and aren’t allowed to do. Yet, the first half of that problem, authentication, for the most part, is already solved because of standards like Security Assertion Markup Language (SAML), OAuth and Secure Production Identity Framework for Everyone (SPIFFE).

Detectify is driving the future of internet security with automation and crowdsourcing hacker research. It’s focused on helping companies detect anomalies in their web attack surface at scale, and creative automated hacks in the web app layer in time.

John Laban is the Founder & CEO at OpsLevel. This blog post originally appeared on the OpsLevel blog. Snyk is rapidly becoming the de facto standard for businesses that want to build security into their continuous software development processes. And with their developer-first tooling and best-in-class security intelligence, it’s no surprise.

In December 2020, I wrote the article Serialization and deserialization in Java: explaining the Java deserialize vulnerability about the problems Java has with its custom serialization implementation. The serialization framework is so deeply embedded inside Java that knowing how dangerous some implementation can be is important. Insecure deserialization can lead to arbitrary code executions if a gadget chain is created from your classpath classes.

There’s a shift in the world of DevOps. It is no longer enough to create applications and just launch them into the cloud. In a world where entire businesses can exist online, securing your digital assets is as important as creating them. This is where DevSecOps comes in. It is the natural progression of DevOps — with security being a focus as much as the process of creating and launching applications.

67% of the malware downloads Netskope blocks come from popular cloud applications being abused by attackers. One of the services commonly abused by threat actors is Discord, which is abused to host malware such as TroubleGrabber using public attachment URLs. In this blog post, we will analyze a recent DBatLoader (a.k.a. ModiLoader) sample that uses this technique on Discord to deliver a malware known as Warzone (a.k.a. Ave Maria), a Remote Access Trojan created in 2018.