PCI DSS JavaScript compliance tool free from Jscrambler
Thursday, June 29, 2023 by Brittany Hainzinger
Jscrambler announced the launch and immediate availability of its free PCI DSS JavaScript Compliance Tool to ensure granular and flexible capacity to meet the stringent new requirements introduced by version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS v4.0). This free assessment tool provides organizations of all sizes with clarity and si...
Oxeye discovers vulnerability in HashiCorp Vault Project
Tuesday, April 25, 2023 by Freeman Lightner
Oxeye announced the discovery of a new vulnerability in the HashiCorp Vault Project that has now been patched. HashiCorp Vault is a popular identity-based secret and encryption management system used to control access to API encryption keys, passwords, and certificates. The vulnerability was automatically discovered and reported by the Oxeye Platform during a deployment...
How people respond to ransomware attacks
Monday, April 10, 2023 by David Carvalho
Ransomware attackers extorted $456.8 million from victims in 2022, 40% down from the $765.6 million in the previous year. However, before we clink glasses to celebrate victory, there are some significant caveats to consider. The recent hack of Euler Finance where $135 million in staked Ether tokens (stETH), was drained from the protocol, is a case in point. How organiza...
SBOM mandate to improve cybersecurity in the US
Friday, March 17, 2023 by Freeman Lightner
The number of cyberattacks waged against government sectors worldwide increased by 95% in the second half of 2022 compared to the same time period in 2021. (1) The global cost of cyberattacks is expected to grow exponentially from $8.44 trillion in 2022 to $23.84 trillion by 2027. (2) To support the nation’s critical infrastructure and Federal Government networks,...
Identity will hold the keys to the kingdom for cybercriminals
Wednesday, February 8, 2023 by Brittany Hainzinger
In 2023, identity will continue to hold the keys to the kingdom for cybercriminals. This is a continuation from 2022, with the Verizon Data Breach Investigations Report (DBIR) attributing 80% of basic web application attacks to the use of stolen credentials like passwords. Security incidents usually involve a variety of techniques, from social engineering to supply chai...
Data privacy training kit from CybeReady
Monday, February 6, 2023 by Freeman Lightner
CybeReady published the company’s Data Privacy CISO Toolkit as Data Privacy Week is set to arrive in January. Access to the Data Privacy CISO Toolkit is free of charge and offered to support data privacy training this month.
Data Privacy Week was inaugurated by the National Cybersecurity Alliance (NCA) because of the importance of privacy data. The occasion beg...
The beginning of a new age of innovation and creation
Monday, January 23, 2023 by Freeman Lightner
2023 will be the beginning of a new age of innovation and the creation of new products and services as never been seen since the founding of the Internet.
The end of the mobile app distribution monopoly, the convergence of different platforms, and the recovery of power by users and developers will unleash a perfect storm that will mark the next decade.
An earthqua...
Developers and brands must make mobile apps far more secure
Tuesday, January 17, 2023 by Christian Hargrave
The bad guys are still breaking digital windows and kicking down digital doors, so to speak, and will continue well into 2023 and beyond!
Consumers through experience or gut instinct will demand that their mobile app providers deliver key security features including trying to stop the increasingly prevalent "man-in-the-middle" attacks. The latest techn...
Recession fears may cause us to lower our defenses
Friday, January 13, 2023 by Richard Harris
Adam Sandman, CEO and Founder of Inflectra discusses the trends in software quality engineering and cybersecurity for 2023. Mr. Sandman explains why quality engineering, DevOps, and security will no longer be seen as separate disciplines but as part of a larger whole. Finally, he will cover how risk management is critical in addressing this new integrated set of challen...
Ransomware prevention platform ProLion sees large increase in revenue
Monday, October 24, 2022 by Freeman Lightner
ProLion has recorded an 80 percent increase in revenue for FY2022, driven by the addition of over 250 new customers worldwide. The uplift has been driven by demand for its ransomware protection solution CryptoSpike, which has soared as a result of the rise in ransomware and ransomware-as-a-service attacks.
The company also reported a renewal rate of 89...
Decentralized wallets suggested after Solana hack
Wednesday, August 17, 2022 by Freeman Lightner
The recent hack on the Solana cryptocurrency wallet has led to a drain of millions of dollars, which raised concerns about the security of the crypto ecosystem. Against this backdrop, the volume of discussions around 'Solana' among Twitter influencers surged in the first week of August as most of them commended the use of decentralized or open source w...
Hacking phones worry us the most
Thursday, July 14, 2022 by Freeman Lightner
Search results for 'smart appliances' have increased by 300% as people are becoming reliant on devices that promise to make their life easier.
Alarmingly, a recent report by Which revealed that a home with smart gadgets could be vulnerable to 12,000 hacking attacks in a single week.
Intrigued by this, BespokeSoftwareSolutions utilized the online analy...
ImmuniWeb Neuron web security scanning
Friday, June 10, 2022 by Richard Harris
ImmuniWeb has announced the launch of ImmuniWeb Neuron, a web application and API web security scanning solution that is based on the award-winning ImmuniWeb AI Platform available.
ImmuniWeb Neuron is designed to rapidly scan tens, hundreds, or even thousands of web applications and APIs for vulnerabilities, weaknesses, and misconfigurations. It c...
Security compliance predictions for 2022
Tuesday, January 18, 2022 by Freeman Lightner
Edward Tuorinsky is the Managing Principal of DTS, a Service-Disabled Veteran-Owned Small Business, that provides information technology and management consulting services in the areas of program management, governance, strategic planning, organization advancement, business process efficiency, software development, system integration, and learning enhancement solutions....
Increase developer productivity in 2022
Sunday, January 9, 2022 by Freeman Lightner
Patrick Jean is the CTO at OutSystems, where he's focused on building a great engineering culture where motivated people are free to unleash their passion doing meaningful work. With more than 20 years of engineering leadership experience, he has led multiple high-stakes, cloud transformation initiatives at SaaS providers, blending customer focus, inspired developme...
Mitigating API attacks in 2022
Wednesday, January 5, 2022 by Richard Harris
Nathanael Coffing, co-founder and CSO of Cloudentity, is also a board member. Nathanael has over 20 years of management and architecture experience across identity, security, microservices, and IT domains. Prior to founding Cloudentity, he founded OrchIS.io and helped build numerous technology startups leveraging his experience at Sun, Oracle, Imperva, Washington Mutual...
Software cyberattack predictions for 2022
Tuesday, January 4, 2022 by Richard Harris
Nigel Thorpe hails from a software development background and moved to the IT security industry with Entrust Technologies during the early days of PKI. His knowledge has benefited a number of security companies in the UK, Canada, and the USA, and he now serves as Technical Director at SecureAge Technology. With a wide range of experience in different business environmen...
Low code platform Zenity lands $5M in funding
Wednesday, December 8, 2021 by Christian Hargrave
Zenity exited stealth mode with a $5 million seed funding round, led by Vertex Ventures and UpWest, and backed by top executives such as the former CISO of Google, Gerhard Eschelbeck, and former CIO of SuccessFactors, Tom Fisher. With Zenity, businesses can promote citizen development and adopt Low-Code/No-Code platforms while avoiding critical data exfiltration or disr...
StorONE launches backup storage
Friday, November 19, 2021 by Brittany Hainzinger
The latest ransomware variants perform what is known as sleeper attacks, which avoid discovery by slowly infecting data. By the time an organization realizes it is dealing with a ransomware attack, a high percentage of data is encrypted. Modern backup storage needs to not only provide immutability of backup data it must do so, without impacting performance for pote...
Promon partners with F5 to simplify mobile SDK integration
Wednesday, October 27, 2021 by Christian Hargrave
Promon, the Oslo-based app security company announced its partnership with F5, the multi-cloud application security and delivery company. This partnership now enables F5's customers to seamlessly implement the F5 Bot Defense Mobile SDK. The solution provides developers with the necessary tools to protect their applications from bot attacks utilizing Promon'...
Protecting source code
Wednesday, October 6, 2021 by Nigel Thorpe
Earlier this year, EA (Electronic Arts), reported a cyberattack and the theft of some 780GB of source code for games such as FIFA 21 and the proprietary Frostbite game engine used for many other high-profile games such as Battlefield. The threat actors responsible for the EA data breach put the stolen data up for sale on an underground hacking forum for $28 million, pro...
SnykCon 2021 event lineup
Friday, September 24, 2021 by Randall Degges
We're only a few weeks away from SnykCon 2021, Snyk's free annual developer conference that helps you learn how to build applications securely running October 5-7. We have a packed agenda full of expert talks, hands-on workshops, helpful demos, product roadmaps, opportunities to interact with some of the smartest speakers and leaders of developer security i...
Blockchain protocol AllianceBlock wants to be your Defi ecosystem
Tuesday, August 17, 2021 by Richard Harris
On a mission to build the world’s first globally compliant decentralized capital market, since its launch in late 2020, the DeFi powerhouse AllianceBlock recently announced partnerships with Chainlink, Ocean Protocol, Injective Protocol, Orion Protocol, CertiK, the London Stock Exchange Group’s Partner Platform and many more.
We had a chat ...
Kubernetes for the enterprise as Canonical sees it
Tuesday, August 10, 2021 by Richard Harris
Nearly five years ago, throngs of people in cities across America started roaming streets, parks, and other places to hunt down creatures on their cell phones. The launch of Pokémon GO on July 5, 2016, created a craze, peaking at 45 million daily users and smashing previous estimates of player traffic.
Behind the scenes, a new open-source technology played a p...
Vanta launches Automated ISO 27001 Certification and HIPAA Compliance
Tuesday, July 13, 2021 by Brittany Hainzinger
Vanta announced public availability for two new certification standards that help secure the internet and protect consumer data. Vanta provides automated compliance audits and continuous security monitoring through a robust SaaS platform, enabling companies to achieve industry standardization in weeks instead of months.
The rise of data leaks and privacy concerns hav...
Cyvatar raises 9 million for cybersecurity as a service model
Monday, June 21, 2021 by Brittany Hainzinger
Cyvatar announced that it has raised $9 million as part of its Series A financing to help scale and serve its rapidly growing customer base and continue to drive the adoption of its innovative cybersecurity-as-a-service (CSaaS) model.
Cyvatar raises 9 million for cybersecurity as a service model
Escalating cybersecurity breaches and the need to addr...
Not all security vulnerabilities are created equal
Tuesday, May 25, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function, value and, unfortunately, they also provide one of the easiest openings for cybercriminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the concept o...
Six areas of focus for continuous security
Friday, April 16, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function and value and, unfortunately, they also provide one of the easiest openings for cyber criminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the conce...
DevSecOps will go mainstream this year
Tuesday, January 26, 2021 by Richard Harris
Cybercriminals love Shadow Code exploits because hacking a commonly used library or service can place the malicious code on hundreds or thousands of websites. For example, the widely used jQuery JavaScript library has been breached multiple times, leading to digital skimming attacks broadly across the e-commerce sector. Adding jQuery to an application without ...
Zero trust framework no longer optional 2021 predictions
Tuesday, January 12, 2021 by Brittany Hainzinger
There’s no doubt that COVID-19 and the shift to remote work have accelerated Zero Trust adoption in the enterprise. In 2021 and the following years, implementing a Zero Trust approach will become essential to protecting every enterprise, regardless of industry. This is due to the increasing volume of cyberthreats that organizations and individuals face on a regula...
Security concerns will be front and center in 2021
Saturday, January 9, 2021 by Brittany Hainzinger
Security concerns, especially when it comes to cloud native applications, will be even more front and center in 2021 than they have been recently, said Linux Foundation SVP & General Manager of Training & Certification Clyde Seepersad.
Recent research by The Linux Foundation and Harvard found that open source developers are not prioritizing security issu...
5 mistakes businesses make in application development
Friday, October 23, 2020 by Mayur S Shah
5 Mistakes Businesses Make While Prioritizing Speed Over Security in Application Development
Earlier this year, the Democratic party in Iowa announced its plans to use a smartphone app to calculate and transmit their caucus results. One would think that by using technology to improve the speed of governance, what could possibly go wrong? A lot, apparently. The a...
Beta support for Kubernetes announced by Druva Inc.
Wednesday, September 23, 2020 by Brittany Hainzinger
Druva, Inc. announced beta support for Kubernetes workloads which delivers complete application protection that is accessible by all teams, including the central IT team and DevOps. Offered through Druva Cloud Platform, users can quickly recover, migrate, or clone Kubernetes workloads, alongside existing data center, and cloud workloads from a unified interface. Combini...
Being careful about 3rd party APIs
Monday, August 24, 2020 by Ameya Talwalkar
Over the past couple of years, we’ve seen a marked shift in the nature of API traffic from being largely driven by human actions to be increasingly machine-driven. While it used to take a human to click something on a website to trigger an API call and response, there are now sites and apps where upwards of 98% of total traffic is the result of bots -- some legiti...
One Identity Safeguard now supports Microsoft SQL Server
Friday, May 1, 2020 by Brittany Hainzinger
One Identity announced that its One Identity Safeguard solution now supports Microsoft SQL Server 2017 and SQL Server 2019 database environments. Microsoft was positioned as a Leader in the 2019 Gartner Magic Quadrant for Operational Database Management Systems*. With One Identity Safeguard, organizations can for the first time securely manage, monitor, record and audit...