Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cloud

Devo Joins AWS ISV Workload Migration Program

Devo’s strong relationship with Amazon Web Services (AWS) recently expanded to include our participation in the AWS ISV Workload Migration Program. This is important to cloud developers, DevOps engineers, solution architects (particularly cloud SAs), and cybersecurity architects working at organizations ready to transition their data to the cloud.

New Phishing Attacks Exploiting OAuth Authentication Flows (Part 3)

This blog series expands upon a presentation given at DEF CON 29 on August 7, 2021. In Part 1 of this series, we provided an overview of OAuth 2.0 and two of its authorization flows, the authorization code grant and the device authorization grant. In Part 2 of this series, we described how a phishing attack could be carried out by exploiting the device authorization grant flow.

Netskope Threat Coverage: LockBit

LockBit Ransomware(a.k.a. ABCD) is yet another ransomware group operating in the RaaS(Ransomware-as-a-Service) model, following the same architecture as other major threat groups, like REvil. This threat emerged in September 2019 and is still being improved by its creators. In June 2021, the LockBit group announced the release of LockBit 2.0, which included a new website hosted on the deep web, as well as a new feature to encrypt Windows domains using group policy.

Snyk named #39 on 2021 Forbes Cloud 100 list

We’re honored to share that, for the second consecutive year, Snyk has been named to the prestigious Forbes Cloud 100 List, coming in at #39! The full list, unveiled yesterday, is Forbes’ “definitive ranking of the best, brightest, and most valuable private companies in the cloud.” We’re up 47 spots from our ranking last year — a testament to our incredible team, growth, and maturation as a company in 2021 thus far. And it’s only August!

New Phishing Attacks Exploiting OAuth Authorization Flows (Part 1)

This blog series expands upon a presentation given at DEF CON 29 on August 7, 2021. Phishing attacks are starting to evolve from the old-school faking of login pages that harvest passwords to attacks that abuse widely-used identity systems such as Microsoft Azure Active Directory or Google Identity, both of which utilize the OAuth authorization protocol for granting permissions to third-party applications using your Microsoft or Google identity.

Achieving SOC2 Compliance for Teleport Cloud with Teleport On-Prem

Teleport has been instrumental in helping our clients achieve difficult security and compliance requirements, and today we are proud to announce that our Cloud offering is now SOC2 Type II compliant. Last year our on-premises product was SOC2 Type II certified, and we published an overview on our blog helping explain what SOC2 is and why it has become table stakes for B2B SaaS companies.