Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Splunk Threat Research Team has assessed several samples of Trickbot, a popular crimeware carrier that allows malicious actors to deliver multiple types of payloads.

The recent pandemic pushed medical facilities and staff to the brink, taxing resources, exhausting employees, and disrupting decades of norms and protocols. It also accelerated technological trends that were quickly becoming popular, namely the centrality of technology and data in patient care. Today, many medical practices are digital-first operations, embracing telehealth and remote work at far greater levels than before the pandemic.

The right-to-left override attack may be unassuming but incredibly malicious. Most people have heard about phishing attacks, but they think that opening a file with the ".txt" extension is harmless.

On May 12, 2021, President Biden signed an executive order calling on federal agencies to improve their cybersecurity practices. Following the recent SolarWinds and Colonial Pipeline attacks, it is clear that security incidents can severely impact the economy and civilians' day-to-day lives and that cybersecurity needs to be a high-priority issue. We encourage you to read the full executive order.

Our current global landscape is testing resiliency. As organizations continue to shift to a remote work business model, the rush to digitally transform has created new and heightened cyber risk concerns. Protecting these digital connections needs to stay top of mind for leaders looking to help their organizations adapt to these changes while continuing to innovate. In this blog, we will look to set the cyberscene and focus on a security first mindset.

Snyk supports multiple authentication (authN) strategies on its APIs. Historically, API keys have been the primary form of authN, but more recently we introduced support for authN using signed JWTs produced as a result of an OAuth integration. This is currently in use by both our AWS CodePipeline and Bitbucket integrations. In the beginning, Snyk began with a hub and spoke architecture with a central monolith making authN decisions.

Incidents of ransomware have been increasing and evolving steadily for years as financially motivated adversaries shift tactics when one is no longer profitable. Unfortunately, many organizations haven’t been able to adapt their security operations to keep up. Back in 2019, 60% of organizations told ESG that they experienced a ransomware attack that year, with 29% reporting that attacks happened at least on a weekly basis.

The Data Protection Act 2018 is the legislation enforced by the Information Commissioner’s Office (ICO), UK, to protect personal data processing and data stored on the computer, digital media, or paper filing systems.

Far from the days of just phone calls and text messages, mobile apps have captured our attention with efficient experiences that keep us connected to friends, family members, coworkers. It’s all at your fingertips via these amazing apps- anywhere in the world! This blog post takes you through the OWASP mobile top 10 security risks, attack scenarios from OWASP and risk remediations that help cybercriminals get their hands on sensitive data.

Today, we announced that Sysdig is acquiring Apolicy to enable our customers to secure their infrastructure as code. I could not be more excited because the innovation that Apolicy brings to bear is unique and highly differentiated, allowing customers to strengthen their Kubernetes and cloud security and compliance by leveraging policy as code and automated remediation workflows that close the gap from source to production.