Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

What Is a Rainbow Table Attack and How to Prevent It?

Most computer systems and applications use passwords as a common authentication method. The simplest way to implement authentication is to store a list of all valid passwords for each user. The downside of this method is that if the list is compromised, the attacker will know all the user passwords. A more common approach is to store the cryptographic hash value of the password phrase.

How Snyk is prioritizing developer experience

Context switching can be security’s worst enemy. Today’s security practices require developer buy-in, and when security teams require developers to deviate from their established workflows to address issues, adoption becomes far less likely. To truly empower developers to find and fix vulnerabilities within their code, security teams must shift security even further left. It’s not enough to simply provide user-friendly tools and training around them.

Empowering IT: reinforcing security through orchestration and automation

In the ever-evolving landscape of cybersecurity, IT practitioners stand as the first line of defense against an increasingly sophisticated array of threats. Their role in safeguarding critical assets, data, and infrastructure has never been more crucial. But as the complexity and frequency of cyber attacks escalate, these professionals often find themselves overwhelmed by an ever-growing list of responsibilities and tasks.

OpenShift Virtualization Backup and Restore with Trilio in AWS ROSA Baremetal

Virtual machines (VMs) running on cloud-native platforms like OpenShift Virtualization require robust backup and recovery solutions to avoid downtime and data loss. However, many organizations struggle with the complexities of backing up VMs in hybrid and multi-cloud environments, especially when managing infrastructure at scale.

Emerging Security Issue: Fortinet FortiOS CVE-2024-23113

CVE-2024-23113 is a critical (9.8) Fortinet FortiOS vulnerability allowing remote, unauthenticated attackers to execute arbitrary code or commands using specially crafted requests. The flaw uses an externally-controlled format string vulnerability in the FortiOS fgfmd daemon.

Emerging Security Issue: Multiple CUPS Vulnerabilities

On September 26, 2024, four critical vulnerabilities, CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177, were disclosed in the open-source printing system Common Unix Printing System (CUPS) and its components. Attackers can leverage the remote code execution (RCE) and input validation vulnerabilities as part of an attack chain.

Emerging Security Issue: Multiple Palo Alto Networks Expedition PAN-OS Firewalls Vulnerabilities

On October 9th, 2024, five vulnerabilities were disclosed by Palo Alto Networks: These vulnerabilities affect Palo Alto Networks Expedition, a tool that manages configuration migration from supported vendors to Palo Alto Networks systems.

Complete Third-Party Risk Management Guide for 2025

Third-party risk management (TPRM) is the structured process of identifying, assessing, and mitigating risks posed by external vendors, suppliers, and service providers. These risks can include cyber threats, data breaches, regulatory violations, and financial instability, all of which can severely impact your organization’s security and compliance posture.

A Step-by-Step Guide to Performing a Secure Code Review

We’ve all been there—staring at code, hoping no hidden traps are waiting to cause chaos down the line. That’s where secure code reviews come in. Think of them as your last chance to catch those pesky bugs and vulnerabilities before they wreak havoc. And here’s a little reality check—those cutting-edge LLMs? They suggest insecure code 30% of the time. So, even with AI on our side, we still need to stay sharp.