Third-party monitoring is a critical aspect of Third-Party Risk Management as it keeps security teams informed of the organization's evolving third-party risk exposure. To learn the importance of third-party monitoring and why it should be emphasized in your TPRM program, read on.

During the long-awaited Snyk Launch 2024, we announced the exciting general availability of Snyk Code's auto-fixing feature, DeepCode AI Fix, powered by our AI machine, DeepCode AI! To celebrate this milestone, let’s explore how Snyk’s AI-powered features differentiate our approach to application security. AI is on everyone's minds, along with its countless applications that offer a wide variety of solutions (and issues).

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Woes continue at the Internet Archive.

Cloud native applications are dominating the tech landscape for modern enterprises. A garden-variety cloud native application consists of microservices deployed in containers orchestrated with Kubernetes, and these microservices interact together via APIs. Netflix, Salesforce, and Atlassian products like Jira and Confluence are all common examples of cloud native applications.

Over the past few decades, securing remote access has become monumentally more complex. Remote work, with all of its benefits, has also furthered the threats of shadow IT and unauthorized remote access.

Historically, Mac users haven't had to worry about malware as much as their Windows-using cousins. Although malware targeting Apple devices actually predates viruses written for PCs, and there have been some families of malware that have presented a significant threat for both operating systems (for instance, the Word macro viruses that hit computers hard from 1995 onwards), it is generally the case that you're simply a lot less likely to encounter malware on your Mac than you are on your Windows PC.

When it comes to building a comprehensive data security strategy, everything hinges on finding and accurately classifying all your sensitive data. It seems security professionals have finally given up on legacy solutions that require extensive labeling and manual data mapping — and not a moment too soon. We're confident no one will mourn the passing of legacy solutions.

AI is growing in power and scope and many organizations have moved on from “simply” training models. In this blog, we will cover a common system of LLM use called Retrieval-Augmented Generation (RAG). RAG adds some extra steps to typical use of a large language model (LLM) so that instead of working off just the prompt and its training data, the LLM has additional, usually more up-to-date, data “fresh in mind”.

Application security has transformed from being an afterthought to a central focus as threats have evolved. What was once about securing code has expanded to protecting the entire application lifecycle. The rise of cloud-native architectures, microservices, and APIs has broadened the attack surface, requiring security teams to rethink their approaches.

As networks become increasingly distributed, user identities are becoming a top adversary target. CrowdStrike’s 2024 Threat Hunting Report and 2024 Global Threat Report state 5 of the top 10 MITRE tactics we observed in 2023 were identity-based, and the CrowdStrike 2023 Threat Hunting Report noted a 583% year-over-year increase in Kerberoasting attacks. These findings illustrate how modern adversaries aren’t breaking in — they’re logging in.