Given the spate of recent ransomware attacks, the latest of which occurred shortly before Independence Day, this topic is likely at the top of mind for most organizations. Understanding the fundamentals of security, and the most common ways ransomware gets installed, is a must if a company hopes to truly lay the groundwork required to build and operationalize their security program.

The Kubernetes community created a feature in v1.10 called Pod Security Policy (PSP) to control the security-related fields for pods defined in your Kubernetes cluster. Now that PSP is being deprecated in Kubernetes v1.21, what should you do to secure your Kubernetes cluster? In this blog, we’ll learn a bit about PSP, explore why it’s being deprecated and how Open Policy Agent (OPA) can ease the migration from PSP.

As a quick note, I have a personal history with .NET, including time working at Microsoft as a .NET evangelist. And I’ve briefly met Anders Jejlsberg, the designer of C# and Typescript, so this blog is a bit personal for me. We are happy to announce that Snyk Code scans for security vulnerabilities and provides remediation suggestions for yet another language: C#. This adds a major language to our portfolio which includes support for Java, JavaScript, TypeScript, and Python.

Application security remains a top concern for organizations, making the need for skilled cybersecurity professionals as urgent as ever. Nearly half of security practitioners in high-performing enterprises who participated in a recent Ponemon Institute research report about reducing enterprise security risks stated that hacks to insecure applications are their organization’s biggest concern.

People love to talk about zero trust right now, for a number of reasons. It has the word “zero” in there, which has some history in the information security world (e.g., zero-day vulnerabilities). It’s also a simple and eye-catching phrase, so it fits well into product marketing exercises.

Major sporting events, like the World Cup or the Olympics, are usually targets of cybercriminals that take advantage of the event’s popularity. During the 2018 World Cup, for example, an infected document disguised as a “game prediction” delivered malware that stole sensitive data from its victims, including keystrokes and screenshots.

MongoDB is one of the most popular open-source databases. Unfortunately, this also means ubiquity of misconfigured and unsecured MongoDB deployments out in the wild. Just in recent years, we’ve seen several hacks involving thousands of MongoDB databases left exposed online without any protection, making them ripe for the hacker’s picking. It doesn’t have to be this way, though.