The cyberworld has witnessed and defended against several forms of attacks. Some of the most common ones known to disrupt a network include credential stealing, malware installations, worms and viruses, and insider threats. In order to execute these attacks successfully, attackers often use different tools and techniques. For instance, in a ransomware attack, an attacker may install malicious software to encrypt all the files and folders in your network and demand a ransom to recover the files.

The FBI recently published a warning stating that ransomware gang OnePercent Group has been attacking companies in the US since November 2020. This gang of cybercriminals targets individuals within an organization with social engineering tactics designed to fool them into opening a document from a ZIP file attached to an email. Ransomware is then downloaded and the breach is underway.

SSL Pinning is a technique that we use on the client-side to avoid a man-in-the-middle attack by validating the server certificates. The developers embed (or pin) a list of trustful certificates to the client application during development, and use them to compare against the server certificates during runtime. If there is a mismatch between the server and the local copy of certificates, the connection will simply be disrupted, and no further user data will be even sent to that server.

DevOps has transformed the software development industry. The merging of development (Dev) and operations (Ops) teams has largely contributed to quick and effective software releases. The continuous evolution of the application security threat landscape requires organizations to integrate security into the DevOps culture. Thus, DevSecOps has emerged to extend the capabilities of DevOps and enable enterprises to release secure software faster.

Securing investors is always a challenge for startups. But for open-source companies, it’s even harder. Open-source companies need the right investors to innovate and enter new markets. But when you deal with a specific subset like open source, it can be difficult to find VCs with the required experience and knowledge. Those of us in the open-source community know it’s not just about the money — it’s also about continuing to grow the community.

Over the last several months we’ve seen a tremendous uptick in cyberattacks. Nearly every day, news of another ransomware, supply chain or zero-day attack makes headline news. So, what can organizations do to mitigate risk? One major step forward to improve security operations is to effectively share curated threat intelligence.

Snyk Code was launched at the beginning of 2021, and since then it has come a long way in a short time. As a developer-first security tool, it offers an intuitive UI and CLI, embeds in popular IDEs, provides actionable fix recommendations, and scans with industry-leading, real-time speeds and high accuracy. On top of that, it’s all backed by ML-driven algorithms that learn from the global developer community, growing its robust knowledge base exponentially.

It’s well known that we just don’t put services or devices on the edge of the Internet without strong purpose justification. Services, whether maintained by end-users or administrators, have a ton of security challenges. Databases belong to a group that often needs direct access to the Internet - no doubt that security requirements are a priority here.