Data Safety and Information Security

At Slim.AI, the cloud-native startup I founded with my longtime colleague and creator of the DockerSlim open-source project Kyle Quest, we believe we must address the problem of WHAT gets shipped to production, not just how fast or how frequently teams can deploy.

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks…

Authenticity and privacy are usually traded off against each other. The tradeoff is a tricky one that can lead to the over collection of data.

Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. The candid messages revealed how Conti evaded law enforcement and intelligence agencies,…

Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang dealt with its own internal breaches. Part II explored what it's like to be an employee of Conti's sprawling organization. Today's…

Earlier this week, a Ukrainian security researcher leaked almost two years’ worth of internal chat logs from Conti, one of the more rapacious and ruthless ransomware gangs in operation today. Tuesday’s story examined how Conti dealt with its own internal…

At the API Security Summit, security leaders will discuss how to increase API security fluency across an organization.

Ukrainian ISP Triolan has been most affected.

Learn how to develop a simple Zip File password cracker, which uses a password list to brute force the encrypted file also known as a…

Developer-first AppSec is the future; here's how organizations can evaluate tools that will help them adopt a developer-first approach.

Researchers have discovered that it was possible to infect a deep learning model with malware, and have it fool anti-malware detectors, all without significantly affecting the model's performance.

SSH (Secure Shell) is a protocol that enables you to create a verified and private connection, securing the channel using cryptographic keys, to launch a remote shell on another machine. Using this connection, you can execute remote commands, initiate secure file transfers, forward sockets and displays and services, and much more.

Powerful privacy engineering tools delivered to you as APIs. Synthesize and transform data in minutes. Get started free with your Google or GitHub account.

Lockfiles: the best investment you can make for supply chain security

Open source tools can be a powerful resource for organization looking to build a secure software dev and delivery process.

In a great many ransomware attacks, the criminals who pillage the victim's network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to…

Show me your access token, and I will tell you who you are, or at least obtain a lot of valuable information. This data must be protected.

Scanning millions of domains and compromising the email supply chain of Australia's most respected institutions.

In this article, we will run you through the risks that affect assets that process, store, and transmit personal data. we will also touch upon how you can reduce and nullify these risks with security controls.

Two-factor authentication is a widely used and trusted security mechanism, but criminals are increasingly using malicious toolkits that can outwit it.

The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea.

Get the big picture of cyber security: first-hand statistical data from 18 global SOCs/CyberSOCs, CSIRT & pentesting-stories, tech-deepdives and more on the hot topics of digital defense.

Metasystems promote network effects because they provide leverage: one infrastructure that not only serves many purposes, but also engenders consistent behavior.

A non-security person's take on using CSPs in the real world.

I hope this post can help reduce confusion around exactly how Sigstore’s trust model works, and how trust flows from the community root…

The modern internet is full of services that want to know who you are. Fingerprinting is the latest way to do this: capturing many small…

Trust and integrity are critical to the internet of things. If a business or consumers can’t trust the data, the IoT fails.

What is the difference between permissions, privileges, and scopes in the authorization context? Let's find out together.