Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The landscape of cloud computing has evolved significantly over the years, transforming how businesses operate and innovate. This transformation has brought new challenges, especially in security. The growing adoption of cloud services, microservices architecture, and the shared responsibility model of cloud vendors has ushered in a need for robust security solutions that consolidate risk and threat data across cloud environments.

For some, Black Friday conjures images of parasite-infected shoppers running amok in a mall. (Rotten Tomatoes gives the movie a 65% rating). For bargain hunters, it is a whirlwind of unbeatable deals and frenzied shopping sprees. Thanksgiving Day, Black Friday and Cyber Monday are the year’s biggest days for American merchants. The hype has crossed borders.

An overview of a fuzzing project targeting the Hyper-V VSPs using Intel Processor Trace (IPT) for code coverage guided fuzzing, built upon WinAFL, winipt, HAFL1, and Microsoft’s IPT.sys.

Many of us took ChatGPT for a first-time spin just 12 months ago. Then someone hit the speed multiplier button, and just like that, we’re exiting 2023 with whiplash. Generative artificial intelligence’s (GenAI) breakout year was both exciting and unnerving for cybersecurity professionals who understand that technological change and cyber risk are inextricable.

Snyk's security researchers have conducted some research to better understand the risks of WebExtensions, both well-known (i.e. XSS, code injection) and those more specific to WebExtensions themselves. From our research we identified and disclosed some vulnerabilities within some popular browser extensions: React Developer Tools and Vue.js devtools. In this post, we will explore the WebExtension technology and look into the vulnerabilities identified.

Gift cards have become a go-to Christmas present for many people, but their dramatic rise in popularity has also unfortunately made them a prime target for hackers. The reason why gift cards are such a popular present is because of how practical they are to use. When you’re not sure what to buy someone, gift cards present an easy and accessible way to show someone how much you appreciate them.

In late September 2023, the US-based National Institute of Standards and Technology (NIST) published its Cybersecurity Framework Profile for Hybrid Satellite Networks, otherwise known as NIST IR 8441. This blog will explore the reasons behind NIST developing the framework, outline its intentions, and summarize its key points.

Tripwire recently held its annual Energy and NERC Compliance Working Group. This year's attendees included more than 200 Tripwire customer utility personnel representing over 80 different registered entities from all across the US and Canada. The company sizes ranged from public utility districts and city municipalities to medium and larger-sized investor-owned utilities, including many of the Fortune 500 and 1000 power entities.

Forming partnerships with new vendors can be a complicated and risk-intensive process for any organization. The best way to manage the risks associated with new partnerships and establish successful vendor management practices is to create an effective vendor onboarding policy. Organizations create vendor onboarding policies to standardize the onboarding process, streamline vendor evaluation, and manage vendor risk and vendor compliance.

LDAP, which stands for Lightweight Directory Access Protocol, provides an open-source, vendor-neutral application protocol for distributed directory services and user authentication. This article provides a brief overview of LDAP uses, followed by a description of LDAP exposure risks and cybersecurity protection strategies.