Vulnerabilities in Apple products alert
Monday, September 30, 2024 by Richard Harris
CERT-In has recently issued Advisory CIAD-2024-0046, highlighting multiple high-severity vulnerabilities in Apple products. The vulnerabilities affect a wide range of Apple software, including iOS versions prior to 18, iPadOS versions prior to 18, macOS Sonoma versions prior to 14.7, macOS Ventura versions prior to 13.7, and the upcoming macOS Sequoia versions prior to ...
SaaS report from Onymos reveals what tech leaders are worried about
Monday, September 9, 2024 by Brittany Hainzinger
Onymos, developer of solutions transforming Software-as-a-Service (SaaS) for software and application development, today announced the findings of its SaaS Disruption Report: Security & Data. It reveals that over three-quarters (78%) of technology leaders are concerned about security threats in Software-as-a-Service (SaaS) for application and software development.
...
PhishFlagger anti-phishing email solution released
Monday, August 19, 2024 by Austin Harris
PhishFlagger, a human-compatible patented phishing solution, recently announced its new patented anti-phishing email solution. The solution validates emails through a unique identifier protocol, PhishCounter, which adds a sequential number in the subject line that identifies all outgoing and inbound emails. The easily implemented system also allows recipients to identif...
GenAI cybersecurity assistant lands from IBM
Friday, August 16, 2024 by Freeman Lightner
IBM recently announced the introduction of generative AI capabilities to its managed Threat Detection and Response Services utilized by IBM Consulting analysts to advance and streamline security operations for clients. Built on IBM's watsonx data and AI platform, the new IBM Consulting Cybersecurity Assistant is designed to accelerate and improve the identification,...
DevOps threats report released from GitProtect io
Monday, August 12, 2024 by Brittany Hainzinger
Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities,
and, as a result, data loss are the reality that DevSecOps teams have to face...even every
few days.
The State of DevOps threats report - teams affected every few days
GitProtect.io recently presented its studies on the most severe incidents affecting tools like GitHub...
Generative AI in Application Security report from Checkmarx
Monday, August 12, 2024 by Richard Harris
Checkmarx, the in-cloud-native application security provider, has published its Seven Steps to Safely Use Generative AI in Application Security report, which analyzes key concerns, usage patterns, and buying behaviors relating to the use of AI in enterprise application development. The global study exposed the tension between the need to empower both...
Secure software development education report from the Linux Foundation
Wednesday, August 7, 2024 by Richard Harris
Linux Foundation Research and the Open Source Security Foundation (OpenSSF) are pleased to release a new report titled "Secure Software Development Education 2024 Survey: Understanding Current Needs." Based on a survey of nearly 400 software development professionals, the analysis explores the current state of secure software development. It underscores&n...
Geo-Fraud Detection mobile app by Appdome
Friday, August 2, 2024 by Freeman Lightner
Appdome announced it has enhanced its Geo-Fraud Detection service to include two new defenses: Geo-Location Fencing and Geo DeSync Attack Detection. Combined with other Geo-Compliance features available on the Appdome platform, mobile app developers and enterprises can eliminate location-based fraud, ensure geo-compliance and deliver location relevant use...
Rise in cyberattacks is alarming folks
Friday, June 28, 2024 by Freeman Lightner
A recent study has uncovered a startling rise in cyberattacks from 2022 to 2023. Throughout 2023, the United States experienced an alarming 3,205 data breaches, marking a dramatic 78% surge from the 1,801 incidents reported in 2022.
The study conducted by data collection experts SOAX utilized data from the Identity Theft Resource Center on the number of data vi...
Social engineering takeover attacks are on the rise
Thursday, April 18, 2024 by Brittany Hainzinger
OpenSSF and the OpenJS Foundation (home to JavaScript projects used by billions of websites worldwide) are alerting open-source project maintainers of social engineering takeover attacks, following new attack attempts they’ve witnessed similar to the XZ Utils incident.
The OpenJS Cross Project Council received suspicious emails, imploring OpenJS to update one o...
Veracode acquires Longbow Security
Thursday, April 18, 2024 by Freeman Lightner
Veracode announced the acquisition of Longbow Security, a security risk management platform for cloud-native environments. The acquisition marks the next exciting phase of Veracode, underscoring the company’s commitment to help organizations effectively manage and reduce application risk across the growing attack surface.
The integration of Longbow in...
ONCD asks software manufacturers to adopt memory safe languages
Tuesday, March 5, 2024 by Richard Harris
The White House Office of the National Cyber Director (ONCD) has released a new report asking software manufacturers to adopt memory-safe programming languages to help reduce vulnerabilities from entering the supply chain.
"For thirty-five years, memory safety vulnerabilities have plagued the digital ecosystem, but it doesn’t have to be this way. This repo...
Tom Brady NFT sale sparks warning to consumers from experts
Wednesday, February 28, 2024 by Freeman Lightner
An expert has warned those considering purchasing an NFT off the back of the Tom Brady $40.7k sale, as NFT marketplaces saw $38 million stolen by scammers last year.
The findings, pulled together by Smart Betting Guide, analyzed a database recording crypto scams and exploits to identify the most vulnerable platforms and blockchains over the last year - with NFT marke...
IT security predictions for 2024 from HYCU
Tuesday, February 13, 2024 by Richard Harris
Subbiah Sundaram shares his 2024 IT predictions, plus why organizations need to make sure they have a way to protect and recover SaaS application data, the impacts LLMs and AI will have on IT security, the rise of ransomware attacks, the frequency of attacks predicted to be at every two seconds by 2030, and that the focus of organizations will shift ...
Warpath 9.0 updates released from Lilith Games
Wednesday, January 3, 2024 by Freeman Lightner
Competitive military RTS Warpath ignites an all-new Theater of Conquest: Rome in its latest 9.0 update, available to play for free on PC and mobile iOS and Android devices. Lilith Games introduced a 26-day campaign with new Rome-specific Air Force units, new officers Everbloom (Infantry) and Rapier (Tank), and the new Operation Hegemon game mode, followed up by War...
Open source AI trends for 2024 according to Eclipse Foundation
Thursday, December 21, 2023 by Richard Harris
Each year I usually like to make a few predictions about where the software industry, open source, and Eclipse Foundation projects are headed. This year is going to be a little broader, as some large trends are going to impact us in ways that should be discussed and understood.
Government regulation will impact the software industry
The first trend is that for the...
Cybersecurity AI trends in 2024 according to Edgio
Thursday, December 21, 2023 by Richard Harris
Looking ahead to 2024 and beyond, it is clear that the cybersecurity skills gap will only continue to widen. However, by leveraging AI tools and investing in the development of skilled cybersecurity professionals who can work effectively with these tools, organizations can better protect their networks and data from cyber threats and ensure they remain resilient in an i...
Software delivery lifecycle security predictions from OpsMx
Wednesday, December 20, 2023 by Richard Harris
Heading into 2024, enterprises face mounting security concerns related to data breaches, evolving privacy regulations, and their increasing reliance on the cloud and software service providers. As such, they are under increasing pressure to secure the software delivery lifecycle and better understand where the threats are coming from and what their vulnerabilities are. ...
AI cybersecurity impacts according to NetLib Security
Monday, December 18, 2023 by Richard Harris
This is an easy call to make: NetLib Security predicts that Artificial Intelligence - Generative AI - will continue to heavily impact the world of cybersecurity, upping the game for defensive players, while giving cybercriminals more tools on the offensive side.
2023 was a year in which AI seemed suddenly to be everywhere. Although AI is not a new field, ChatGPT and ...
ASPM 2024 report from Cycode
Friday, December 15, 2023 by Richard Harris
Cycode announced the release of its inaugural State of ASPM 2024 report. The research found that AppSec chaos reigns, with 78% of CISOs responding that today’s AppSec attack surfaces are unmanageable and 90% of responders confirmed relationships between their security and development teams need to improve. Surprisingly, 77% of CISOs believe software supply ch...
API security risks report exposes Netflix and Wordpress
Monday, November 27, 2023 by Richard Harris
Wallarm, the end-to-end API and app security company, announced the release of its Q3-2023 Wallarm API ThreatStats report. The quarterly report details the surge in threats centered around APIs and uncovers critical vulnerabilities, like injections and API data leaks, that have recently impacted leading firms, including Netflix, VMware, and SAP.
The new report i...
API management capabilities from Traefik Labs
Monday, November 13, 2023 by Richard Harris
Traefik Labs, the creator of Traefik Proxy, the ingress controller with more than 3 billion downloads, announced that they added new capabilities to Traefik Hub, the Kubernetes native and GitOps-driven Application Programming Interface (API) management solution. This latest update modernizes API runtime operations for platform teams that frequently encounter change...
Automated incident management solution updates from PagerDuty
Thursday, November 9, 2023 by Freeman Lightner
PagerDuty, Inc. recently announced it has signed a definitive agreement to acquire Jeli, Inc. to transform operations with an enterprise-grade, all-in-one incident management solution. Adding Jeli’s capabilities to the PagerDuty Operations Cloud will further strengthen its value as a system of action, going beyond response to drive long-la...
App security threat report results from Digital Ai
Thursday, October 19, 2023 by Richard Harris
Digital.ai announced the results of its 1st annual Application Security Threat Report, illuminating and quantifying the risks to applications in the wild. The results reveal that 57% of all monitored apps are under attack, with gaming (63%) and FinServ (62%) the most likely to be attacked. The study found no correlation between an app’s popularity and likelihood o...
PCI DSS JavaScript compliance tool free from Jscrambler
Thursday, June 29, 2023 by Brittany Hainzinger
Jscrambler announced the launch and immediate availability of its free PCI DSS JavaScript Compliance Tool to ensure granular and flexible capacity to meet the stringent new requirements introduced by version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS v4.0). This free assessment tool provides organizations of all sizes with clarity and si...
Oxeye discovers vulnerability in HashiCorp Vault Project
Tuesday, April 25, 2023 by Freeman Lightner
Oxeye announced the discovery of a new vulnerability in the HashiCorp Vault Project that has now been patched. HashiCorp Vault is a popular identity-based secret and encryption management system used to control access to API encryption keys, passwords, and certificates. The vulnerability was automatically discovered and reported by the Oxeye Platform during a deployment...
How people respond to ransomware attacks
Monday, April 10, 2023 by David Carvalho
Ransomware attackers extorted $456.8 million from victims in 2022, 40% down from the $765.6 million in the previous year. However, before we clink glasses to celebrate victory, there are some significant caveats to consider. The recent hack of Euler Finance where $135 million in staked Ether tokens (stETH), was drained from the protocol, is a case in point. How organiza...
SBOM mandate to improve cybersecurity in the US
Friday, March 17, 2023 by Freeman Lightner
The number of cyberattacks waged against government sectors worldwide increased by 95% in the second half of 2022 compared to the same time period in 2021. (1) The global cost of cyberattacks is expected to grow exponentially from $8.44 trillion in 2022 to $23.84 trillion by 2027. (2) To support the nation’s critical infrastructure and Federal Government networks,...
Identity will hold the keys to the kingdom for cybercriminals
Wednesday, February 8, 2023 by Brittany Hainzinger
In 2023, identity will continue to hold the keys to the kingdom for cybercriminals. This is a continuation from 2022, with the Verizon Data Breach Investigations Report (DBIR) attributing 80% of basic web application attacks to the use of stolen credentials like passwords. Security incidents usually involve a variety of techniques, from social engineering to supply chai...
AppSec 2023 predictions from Oxeye Security
Wednesday, February 8, 2023 by Freeman Lightner
Oxeye, the provider of award-winning cloud-native application security, announced five predictions expected to shape enterprise security spending in 2023. The predictions follow industry-wide research which shows the industry is shifting away from legacy software infrastructure and standardizing on cloud-native applications resulting in the need for new and more ef...
Data privacy training kit from CybeReady
Monday, February 6, 2023 by Freeman Lightner
CybeReady published the company’s Data Privacy CISO Toolkit as Data Privacy Week is set to arrive in January. Access to the Data Privacy CISO Toolkit is free of charge and offered to support data privacy training this month.
Data Privacy Week was inaugurated by the National Cybersecurity Alliance (NCA) because of the importance of privacy data. The occasion beg...
The beginning of a new age of innovation and creation
Monday, January 23, 2023 by Freeman Lightner
2023 will be the beginning of a new age of innovation and the creation of new products and services as never been seen since the founding of the Internet.
The end of the mobile app distribution monopoly, the convergence of different platforms, and the recovery of power by users and developers will unleash a perfect storm that will mark the next decade.
An earthqua...
People and technology predictions from DTS
Friday, January 20, 2023 by Brittany Hainzinger
As we start the new year, most organizations have settled their workforce model as either in-person, hybrid, or remote and considered cybersecurity’s role in their operations. By and large, businesses have accepted that they must continually mature their security stance if they want to stay ahead of the next attack ploy. With that in mind, our predictions for the ...
Developers and brands must make mobile apps far more secure
Tuesday, January 17, 2023 by Christian Hargrave
The bad guys are still breaking digital windows and kicking down digital doors, so to speak, and will continue well into 2023 and beyond!
Consumers through experience or gut instinct will demand that their mobile app providers deliver key security features including trying to stop the increasingly prevalent "man-in-the-middle" attacks. The latest techn...
Recession fears may cause us to lower our defenses
Friday, January 13, 2023 by Richard Harris
Adam Sandman, CEO and Founder of Inflectra discusses the trends in software quality engineering and cybersecurity for 2023. Mr. Sandman explains why quality engineering, DevOps, and security will no longer be seen as separate disciplines but as part of a larger whole. Finally, he will cover how risk management is critical in addressing this new integrated set of challen...
