In October of 2022, a critical flaw was found in the SnakeYAML package, which allowed an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Finally, in February 2023, the SnakeYAML 2.0 release was pushed that resolves this flaw, also referred to as CVE-2022-1471. Let’s break down how this version can help you resolve this critical flaw.
Threat actors continue to exploit cloud services for cyber espionage, and a new campaign by a threat cluster named WIP26, discovered recently by researchers at Sentinel One in collaboration with QGroup, targeting telecommunication providers in the Middle East, confirms this trend.
Amazon Web Services (AWS) is the world’s largest cloud provider, with well over a million active users. The popularity of AWS makes it one of the biggest targets for cybercriminals — and one of the leading contributors to breaches is incorrectly configured Amazon S3 buckets. For example, an insecure bucket led to the unauthorized access of 23 million documents and 6.5 TB of data belonging to Pegasus Airlines.
Data lifecycle management (DLM) is the process of safeguarding data appropriately throughout its existence. The basic data lifecycle stages are creation, storage, data usage, sharing and destruction: Figure 1. The 6 basic data lifecycle management stages The goal of DLM is to ensure data security and regulatory compliance during all stages without throttling business productivity. Achieving this goal requires different processes and policies at various times during the data lifecycle.
On March 1, 2023, the US White House released the long-awaited National Cybersecurity Strategy. As a product manager, I am often the voice of the customer, and our customer’s should be excited about this strategy. Throughout the strategy it is clear that the needs of the end users have been prioritized compared to other stakeholders. After reading this cover to cover, here are some nuggets of insight that our customers should be aware of.
You can protect your online privacy by being aware of and cleaning your digital footprint; using strong, unique passwords for each of your accounts; not oversharing on social media; reading privacy policies carefully and more. Continue reading to learn more about online privacy and the steps you can take to protect yours.
Businesses looking for serious compliance street cred often turn first to ISO 27001. ISO 27001 is a globally recognized framework that outlines and defines information security management system (ISMS) requirements. Because being ISO 27001 certified demonstrates an organization meets best practices for information security, ISO certification can give businesses a significant competitive advantage. If you’re weighing ISO 27001 vs.
Salt has long benefited from the unique support that comes from being part of the Y Combinator accelerator program (Salt was in the Winter 2016 batch), and all these years later, we’re thrilled to have been named to not one but two of YC’s Top Company lists – the Top Private YC companies 2023 and the YC Breakthrough Companies 2023. For the Top Private list, it’s deja vu all over again, since we made that list last year as well.
