Security spending is losing momentum with a third of CISOs reporting flat or reduced budgets this year. These numbers come from a recent annual survey of 755 cybersecurity decision-makers conducted by IANS Research. Decreased spending in the face of growing cyberattacks put pressure on security leaders to find better ways to optimize their processes. Fortunately, CISOs are discovering solutions for this problem by following the tried-and-true tactics of simplification, consolidation, and innovation.

With organizations continuing to build and enhance their mobile applications and developers embracing new ways of building applications to improve the speed to market and customer experiences, billions of dollars are invested in Appsec tools. However, 85% of these applications still contain known vulnerabilities, and most breaches occur at the application layer. Automated DAST helps in combating such vulnerabilities.

With the recent release of Ubuntu 24.04, we at Snyk Security Labs thought it would be interesting to examine the latest version of this Linux distribution to see if we could find any interesting privilege escalation vulnerabilities. I’ll let the results speak for themselves: During our research, we successfully identified a privilege escalation from the default user on a fresh Ubuntu Desktop installation to root.

In today's complex business landscape, effective executive reporting is not just about sharing information; it's about using the insights to take action and demonstrating the value of your compliance and security efforts. This blog outlines five essential practices to help you refine your reporting skills and ensure your insights resonate with key stakeholders and support informed decision-making. ‍

Flannel shirts, acid-washed jeans, Polaroid cameras, and vinyl records—these items which were once out of style are now emerging as popular must-haves among the younger generation. In the realm of IT, data backup has always been a necessity. Initially, it represented a compelling concept—storing data in an alternate location to ensure redundancy and failover capabilities in preparation for natural disasters.

I worry that a lot of my blog posts reveal that I’m getting older and older as the days go by, but I wanted to talk about teasmades and security automation. For those of you outside of the UK, and even those born in the UK within the past 30 years, there’s a distinct possibility you may read this and consider it to be a made-up word, but there is indeed such a thing as a teasmade – effectively a small machine for making tea that has a timer on it.

Traditional cybersecurity solutions are constantly being supplemented and enhanced by new technology and practices. Industry leaders know that keeping up with digital security advancements is the best way to ensure the success of every company and that customers rely on them. Understanding how experts merge cybersecurity and automation in different industries is an excellent way to embrace this expanding movement.

In the first of our blog series on international data protection, I’m taking a look at how companies can ensure compliance with notice and consent requirements in the USA, China, and Canada. In a world where digital footprints are as common as physical ones, the governance of personal data has become a pressing issue.

You may be asking, “why are they changing the questions?” Well, the threat landscape is always changing, so the way we react to those threats needs to change too. This is the only way to make sure that your business stays secure, in addition to it bringing the scheme up-to-date with current security practices. Cyber Essentials will still continue to focus on the five key technical controls which are the best first line of defence against a potential threat.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide secure communication between web browsers and servers. It is used in almost every app nowadays. Many IP-based protocols such as HTTPS, SMTP, POP3, and FTP support TLS. Disable TLS 1.0 is a critical task for security and compliance.