Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Blogs

Exploring Best Practices and Modern Trends in CI/CD

Let’s start with statistics: continuous integration, deployment, and delivery is among the top IT investment priorities in 2023 and 2024. To be exact, according to GitLab’s 2024 Global DevSecOps report, it is on the 8th place (and security is the top priority!). However, it shouldn’t be surprising, as CI/CD practice brings a lot of benefits to IT teams – it helps to accelerate software delivery and detect vulnerabilities and bugs earlier.

Building an Identity and Access Management Framework

While identity and access management (IAM) has always been vital to cybersecurity, its prominence has grown as IT networks have become more complex and businesses have embraced cloud computing. Indeed, a robust IAM strategy is imperative for all organizations today to reduce the risk of costly security breaches, compliance penalties, and business disruptions.

JumpCloud's Perspective on July's Global IT Outage

When we look back–in six months, 12 months, or even several years–at the global IT outage that severely disrupted major industries around the world, I don’t think that it will be hyperbole to say that July’s global outage is a watershed moment for IT. Just as the SolarWinds breach was security’s watershed moment, this will end up being IT’s.

Monitor the security of your Snowflake instance with Datadog Cloud SIEM

Snowflake is a fully managed data platform that enables users to store, process, and analyze large volumes of data across their cloud environments. Recently, Datadog’s Security Research Team posted a threat hunting guide to help defenders ensure the security of their Snowflake instances.

How Can Deliberately Flawed APIs Help In Mastering API Security?

In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training tools. In this blog post, we'll present a curated list of such APIs, each with its own unique set of characteristics.

The Whole is Bigger Than the Sum of its Parts. The Channel Experience

“Trust takes years to build, seconds to break, and forever to repair.” The road to becoming a trusted partner to your customers has no shortcuts. As you review your portfolio, filled with various network and IT security solutions you’ve accumulated over the years, you believe each fulfills the needs of your customers. Each solution represents significant investments in resources and efforts to stay competitive and succeed.

Lumma Stealer Packed with CypherIt Distributed Using Falcon Sensor Update Phishing Lure

On July 23, 2024, CrowdStrike Intelligence identified the phishing domain crowdstrike-office365com, which impersonates CrowdStrike and delivers malicious ZIP and RAR files containing a Microsoft Installer (MSI) loader. The loader ultimately executes Lumma Stealer packed with CypherIt.

Once and future code snippets: How AI reignites risk

Code snippets copied from copyleft-licensed open source projects represented the biggest risk in software 15 years ago. The Heartbleed vulnerability, discovered in April 2014, brought to the fore concerns about the security of open source components, and license risk took a bit of a back seat. But the problem never went away. Now, the advent of Generative AI as a tool for writing software is shining a new light on the issue.

Log it like you mean it: Best practices for security

Not every log is equal As solutions architects at Elastic, we receive a lot of questions around how to fine-tune a security environment, such as: The answer is often, "it depends." So, we’d like to explore the parameters behind these questions to provide you with a more comprehensive understanding of how they influence the response.