Blog

Returning from my vacation abroad, I had to fill out a COVID declaration form on the Israeli Health Ministry website. Something looked weird when I filled it out on my mobile: It was too quick to indicate that I’m vaccinated, and this output came up even with a typo in my passport number. Hence I […]

Last week, a researcher named RyotaK shared a clever supply chain vulnerability in Cloudflare’s highly popular hosted module called cdnjs, which runs on around 12% of all sites on the web. The module helps developers consume other popular packages and integrate them safely into their sites.  The vulnerability was in the cdnjs library update server […]

Infrastructures, threat, and security are all under a quick, constant evolution. Once every few year there comes a tipping point which forces us to rethink our technology posture. 2020 was that tipping point. The cloud surge has peaked during the Pandemic, as remote work became the new normal for most office-based businesses. This has introduced […]

In this article I hope to give the reader a small history lesson as well as some advice on how to build a useful monitoring system for your platform. First, it’s key to understand where we came from. Before cloud computing systems, every company owned its own infrastructure and therefore had a need to monitor […]

In the current IT market, one of the hottest job roles is the Site Reliability Engineer (SRE). In January 2019, according to LinkedIn, being an SRE is the second most promising job in the USA.  These Statistics were cited: Median Base Salary: $200,000 Job Openings (YoY Growth): 1,400+ (72%) Career Advancement Score (out of 10): 9 […]

Open source projects are the embodiment of the core philosophy: ‘free internet and technology for everyone around the globe’. They can be created, changed and distributed to anyone by anyone and for any purpose. Contributing to an open source projects is an endorsement of this philosophy, that promotes digital literacy in technological and non-technological communities. […]

The recent SolarWinds breach highlights a new paradigm in the Software Supply Chain. When compared simply to the code itself without any additional tools, Proprietary Code is no more secure than Open Source. By contrast, many would argue that Open Source Code is more secure due to a faster fix/patch/update cycle and the pervasive access to source […]

While Okta and NS1 support SAML Authentication, Provisioning and de-provisioning users still requires manual work. We hate manual work, so here’s a way to automate the entire process, end-to-end, using Okta Workflows. Still unfamiliar with Workflows? Start here. Setting the Scene On NS1’s portal, Create an API Key for Okta Workflows. 2. On Okta Workflows […]

Have you shifted left yet? That’s the big trend, isn’t it? It’s meant to signal a movement of security responsibilities, moving from central IT teams over to developers, but that’s trickier than it sounds. Simply taking tools that are intended for use by security experts and making them run earlier in the supply chain does not […]

“Working from home 2021″ marks a massive shift away from common workspaces in response to the global pandemic. There is no more working remotely or working from home, there is just working. The axiom, “work is what you do, not where you go” has never before been so true. The possibility for the workforce to be location independent […]

On 14 July, 2020, Oliver Hough, a security researcher from Cyjax, published a report centered on a phishing campaign targeting banking customers in the United Kingdom, which evades two-factor authentication (2FA). On 16 December, 2020, researchers from the Global Threat Intelligence Team at WMC disclosed that they were tracking a threat actor who goes by the alias “Kr3pto”. […]

Overview Phishing continues to be a major attack vector, and it’s surprising just how many security incidents and breaches start with an employee clicking on a link in a carefully crafted phishing email (and sometimes doing the same with a not-so-well crafted phishing email — see this example).  There’s still a general perception that phishing attacks […]