Access control systems are the physical form of the layers of data, credential and identity controls underpinning the systems relied on every day. Yet, they can be an afterthought; even the most high-profile breaches of physical security systems can take years to rectify. Security Week highlights the vulnerabilities affecting Nice Linear, a widely used proprietary system in the world of smart homes. Over 2,500 individual vulnerabilities flagged in 2019 alone.

The rapid expansion of the digital landscape adds increasing complexity to cybersecurity, especially for enterprises that could have up to 100,000 vendors in their supply chain. Addressing these challenges requires implementing an Attack Surface Management (ASM) strategy tailored to enterprise businesses' unique risk profiles. This post outlines the importance of ASM for enterprises and offers a strategy for ensuring its effective implementation.

Each year, we revisit our risk rating system to ensure it best reflects the needs of security practitioners safeguarding their organizations and supply chains. For our 2024 update, we’ve made two closely related changes: we’ve recategorized some of our existing findings to make an organization’s risk profile more understandable and recalibrated our scoring algorithm to more clearly illustrate the impact of specific risks.

A recently addressed Windows MSHTML spoofing vulnerability, tracked as CVE-2024-43461, has been revealed to have been actively exploited in zero-day attacks by the Advanced Persistent Threat (APT) group, Void Banshee. Initially unmarked as exploited, Microsoft later updated its advisory to confirm that the vulnerability had been abused in attacks prior to its fix.

The Snyk team is excited to announce that our FedRAMP sponsor, the Center for Medicare and Medicaid (CMS), has granted authorization (ATO), enabling their teams to leverage our public sector offering, Snyk for Government (SFG). This stage signifies that we are almost at the finish line of the FedRAMP process and points to our continued investment and support of public sector organizations in their application security efforts.

The UK government’s Cyber Essentials certification aims to get the UK up to speed with consistent cybersecurity controls, establishing a higher level of cybersecurity and resilience across the UK.

There’s no ‘good’ time for a data breach, but accidentally leaking sensitive information during closed periods leads to heavier financial and reputational costs than at other parts of the year. As SAP holds public companies' most sensitive financial and HR data, executives must guarantee the security of thousands of SAP downloads or face non-compliance fines and legal repercussions.

If you run an online image search for “cyber hacker,” you’ll likely find countless pictures of shadowy, hooded figures hunched over a laptop. There’s just one problem with those search But here’s the catch: The image of a human hacker is in the minority these days.