Data Safety and Information Security

ThreatMapper is an open source platform for scanning runtime environments for supply chain vulnerabilities and contextualizing threats.

Container security best practices include the full component stack used for building, distributing, and specifically executing the container.

Global initiative ‘will definitely prevent some cyber-attacks’, says expert

The hype over NFTs and collectibles is blinding us to their true usefulness as trustworthy persistent data objects. How do they sit in the landscape with verifiable credentials and picos?

Google’s Advanced Protection Program (APP) improves account security for highly visible at-risk groups, such as elected officials, political campaigns, human rights activists and journalists.

If you’re looking to use container-based applications, you may want to keep in mind the security risks that come with this technology.

Regardless of where you deploy, this post will help you get a clearer understanding of your role and your options for securing Kubernetes.

network security has to become cloud native.

A brief guide to the network, infrastructure, data, and application security capabilities AWS, Microsoft Azure, and Google Cloud provide to prevent cyber attacks and protect your cloud-based resources and workloads.

Verifying SHA-512, SHA-256, SHA-1 and MD5 checksum on Mac using Terminal

IPython notebook version of this page: openssl_sign_verify

What tools are available? What are the benefits? Let's find out

I bought someone a digital gift card the other day. That’s generally a bad idea, since there’s so much waste and breakage, but it was the right answer to the problem in the moment. The …

While related, authentication and authorization are two different concepts that need to be separate steps in an access policy and may well be managed by different teams using different tools.

Keep up with the current threat landscape. SOAR refers to a collection of software solutions that streamline security operations in key areas. Learn more.

A Journey About Productizing Security

Passwords are hell. Worse, to make your hundreds of passwords safe as possible, they should be nearly impossible for others to discover—and for you to remember. Unless you’re a wizard, this a…

Want to know how DNS-layer security features on your road to SASE? Click here to learn how this cybersecurity solution complements a SASE security stack.

Fluid multi-pseudonymity perfectly describes the way we live our lives and the reality that identity systems must realize if we are to live authentically in the digital sphere.

Address randomisation not implemented on some, it seems

When you’re accessing services over the WEB – let’s pick GMail as an example – couple of things have to happen upfront: The server you’re connecting to (GMail in our example) has to get to know who you are. Only after getting to know who you are it’s able to decide what resources you are allowed to access (e.g. your own email inbox, your Calendar, Drive etc.). Step 1 above is called authentication.

HYCU has developed a website to allow anyone to calculate their R-Score, a measure of ransomware readiness protection.

Find out what your R-Score is today!

Advanced Persistent Threats and rootkits go hand-in-hand.

Sun Tzu wrote that mastery in the art of war is about subduing one’s enemy without having to fight. As the modern world contends with increasingly sophisticated cyberattacks from both criminal and political adversaries, this 2500-year-old cliché is key to enterprise security strategy. Today, the “bad guys” of the Internet are both professional in their…

What exactly is Steganography?

None of us want to build products that put our users’ safety at risk, but how do you reduce the risk that our products will be weaponized by abusers? In this excerpt from Design for Safety, Eva Pen…

When it comes to implementing access control in your application, the scheme you decide to use can either make authorization easy to manage as your application and user base grows, or it can really paint you into a corner.

The top developer site GitHub has had enough second-rate security. So, as of August 13th, GitHub blocked the use of account passwords when authenticating Git operations.