How to Sign Kubernetes using Sigstore #cloudsecurity #cybersecurity #container
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Significant Changes from NIST SP 800-53 rev4 to rev5
The National Institute of Standards and Technology has introduced a new revision of the Special Publication 800-53, revision 5. As with any document change of this scope there are minor and major changes. This paper will provide a high level overview of the significant changes, addressing a redefined focus in control families, accountability, governance, as well as a discussion of new control families, privacy transparency and supply chain risk management.
State of Maine Information Stolen via MOVEit: Nearly All Residents at Risk
Maine hosts over 1.3 million people within a granite and forest landscape. The state government employs under 100,000 individuals but does not contain fewer departments than more populous states like California. Maine’s state departments coordinate with each other by using backend file transfer systems; a globally utilized file transfer tool, Progress Software’s MOVEit application, has put nearly all Maine resident information at risk.
Why the Insurance Industry is a Prime Target for Cybercrime
Insurance companies, like other financial institutions, face a range of unique cybersecurity challenges and considerations. Responsible for safeguarding treasure troves of sensitive data, the industry has long been a prime target for cybercrime — a trend that has endured even as today’s IT landscape, and the threats against it, continue to evolve.
Crack the code a beginners guide to ethical hacking
Embark on an exciting journey into the realm of ethical hacking with our webinar, "Crack the Code: A Beginner's Guide to Ethical Hacking." Join Sonya Moisset of Snyk as we unveil the mysteries of cybersecurity and provide you with the tools to protect your digital assets.
Introducing Private Links: A faster, easier way to gather vendor security information
When it comes to conducting vendor security reviews, the two most time-consuming tasks are gathering the relevant information from your vendor and analyzing it thoroughly. Last month, we announced AI-powered security document analysis to drastically simplify the process of extracting insights from SOC 2 reports, DPAs, and other sources that document a vendor’s security posture.
UK Phishing Report: Attacks Are on the Rise
The data about the rise of phishing attacks against businesses in the United Kingdom is in, and it’s bleak: UK phishing reports indicate that 79 percent of organizations in the UK were targeted by phishing attacks in the past year. Meanwhile, phishing is the initial attack vector in 36 percent of all data breaches globally, according to Verizon’s 2023 Data Breach Investigations Report. And 80,000 new phishing sites appear every month, according to Cyberint research.
The 443 Podcast - Episode 268 - Combined Cyber and Kinetic Warfare
This week on the podcast, we cover an analysis from Mandiant on an attack lead by the Russian state-sponsored threat actor Sandworm that came alongside missiles strikes against Ukraine. Before that, we review Okta's post mortum from their recent cyber incident. We end the episode by discussing udpated research from Jamf on a North Korean threat actor targeting the financial sector. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.
Getting to Know DCRat
DCRat, also known as Dark Crystal Rat has been around since 2018. It operates as a modular remote access trojan (RAT) offered as a Malware-as-a-Service (MaaS) and has garnered attention due to its cost-effectiveness and adaptability. The malware is purpose-built to provide threat actors unauthorized access to systems by circumventing security measures.
How CISO's Should Approach Security Vulnerability Risk
Patrick Garrity, Security Researcher at Nucleus Security, interviews Aleksandr Yompolski, CEO of Security Scorecard, about the evolving cybersecurity landscape and the role of security ratings and risk assessments. They discuss the challenges organizations face in defending against exploitation attacks, the need for collaboration and communication in the industry, and the importance of balancing security and business agility.