Software delivery lifecycle security predictions from OpsMx
Wednesday, December 20, 2023 by Richard Harris
Heading into 2024, enterprises face mounting security concerns related to data breaches, evolving privacy regulations, and their increasing reliance on the cloud and software service providers. As such, they are under increasing pressure to secure the software delivery lifecycle and better understand where the threats are coming from and what their vulnerabilities are. ...
Generative AI predictions for 2024 from WinWire
Monday, December 18, 2023 by Richard Harris
As much as it's in the news, AI is by no means a new development. It has been more than three decades since Deep Blue beat Garry Kasparov, the Russian chess champion. It has been over a decade since Watson outperformed several Jeopardy champions.
That was all AI. It's not a sudden arrival. It has evolved and gone through several iterations. AI-powered recomme...
API security risks report exposes Netflix and Wordpress
Monday, November 27, 2023 by Richard Harris
Wallarm, the end-to-end API and app security company, announced the release of its Q3-2023 Wallarm API ThreatStats report. The quarterly report details the surge in threats centered around APIs and uncovers critical vulnerabilities, like injections and API data leaks, that have recently impacted leading firms, including Netflix, VMware, and SAP.
The new report i...
Kubernetes optimizations land from PerfectScale
Wednesday, October 25, 2023 by Richard Harris
PerfectScale announced that they have successfully closed $7.1 million in seed funding, led by Blumberg Capital with participation from Upwest, Prelude Ventures, K2 Access Fund, Inner Loop Capital, Triangle Tweener Fund, and Firestreak Ventures. The latest investment brings the company’s total funding to nearly $10 million, since its founding in March, 2022.
Wi...
Detect hard coded secrets with new capabilities from Cycode
Thursday, August 10, 2023 by Freeman Lightner
Cycode announced the expansion of its hard-coded secrets detection in cloud-based workplaces, as well as a collaboration with Azure DevOps pipelines to ensure end-to-end supply chain integrity and a new IDE plug-in for seamless integration with VS Code.
Building upon its existing code-to-cloud coverage, Cycode now extends its secrets scanning capabilities to encompas...
PCI DSS JavaScript compliance tool free from Jscrambler
Thursday, June 29, 2023 by Brittany Hainzinger
Jscrambler announced the launch and immediate availability of its free PCI DSS JavaScript Compliance Tool to ensure granular and flexible capacity to meet the stringent new requirements introduced by version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS v4.0). This free assessment tool provides organizations of all sizes with clarity and si...
Data privacy training kit from CybeReady
Monday, February 6, 2023 by Freeman Lightner
CybeReady published the company’s Data Privacy CISO Toolkit as Data Privacy Week is set to arrive in January. Access to the Data Privacy CISO Toolkit is free of charge and offered to support data privacy training this month.
Data Privacy Week was inaugurated by the National Cybersecurity Alliance (NCA) because of the importance of privacy data. The occasion beg...
Security practices of apps in the Google Play Store
Monday, September 26, 2022 by Brittany Hainzinger
Data removal company Incogni analyzed the top 1,000 paid and unpaid apps available on the Google Play Store to discover the apps’ privacy and security practices.
Key privacy findings:
1 in 2 apps (55.2%) share your data with third parties.
Free apps share, on average, seven times more data points than paid apps.
The worst categ...
Triller calls on US gov to ban TikTok
Tuesday, July 19, 2022 by Freeman Lightner
Triller calls on CFIUS, President Joe Biden, Congress the Department Of Defense to ban TikTok calling it the largest security threat to America today in an open letter by CEO and Chairman of Triller Mahi De Silva.
As the CEO of a global company whose mission is to help creators take control of their destiny in the creator economy, leveraging transformative adaptive t...
Monetary losses from corporate data breaches in the US
Friday, June 17, 2022 by Freeman Lightner
Data breaches in today’s technology-driven world can affect hundreds of millions, if not billions, at once. Companies must ensure that data is adequately protected. However, some of the largest breaches have occurred in the last decade.
But which state in the United States has suffered the most monetary losses as a result of corporate data breaches?
Interest...
Intelligent IoT Network lands from Aeris
Tuesday, February 15, 2022 by Richard Harris
Aeris, the Internet of Things (IoT) solutions provider has announced the next generation of its Intelligent IoT Network, a unique suite of Machine Learning and Artificial Intelligence (AI)-based capabilities that enable superior global IoT connectivity and network performance, increased security performance, and best-in-class IoT network support. The Aeris Intelligent I...
Security compliance predictions for 2022
Tuesday, January 18, 2022 by Freeman Lightner
Edward Tuorinsky is the Managing Principal of DTS, a Service-Disabled Veteran-Owned Small Business, that provides information technology and management consulting services in the areas of program management, governance, strategic planning, organization advancement, business process efficiency, software development, system integration, and learning enhancement solutions....
Data privacy predictions from Ground Labs
Monday, January 17, 2022 by Freeman Lightner
As Ground Labs Co-Founder, Stephen Cavey leads a global team empowering enterprise partners to discover, manage and secure sensitive data across their organizations.
Stephen has deep security domain expertise with a focus on electronic payments and data security compliance. He is a frequent speaker at industry events such as PrivSec Global, and his expert analy...
Security analytics platform selects Pulumi Cloud
Monday, January 3, 2022 by Freeman Lightner
Pulumi announced Panther Labs, a security analytics platform company that helps teams detect and respond to breaches at cloud scale, has selected the Pulumi Cloud Engineering Platform to manage and scale its cloud infrastructure. With Pulumi, Panther has been able to speed its deployments by up to 10X, reduce the size of its legacy infrastructure codebase by more than 5...
Low code platform Zenity lands $5M in funding
Wednesday, December 8, 2021 by Christian Hargrave
Zenity exited stealth mode with a $5 million seed funding round, led by Vertex Ventures and UpWest, and backed by top executives such as the former CISO of Google, Gerhard Eschelbeck, and former CIO of SuccessFactors, Tom Fisher. With Zenity, businesses can promote citizen development and adopt Low-Code/No-Code platforms while avoiding critical data exfiltration or disr...
Open source services from Rafay Systems
Tuesday, October 19, 2021 by Christian Hargrave
Rafay Systems announced its plans to open-source its Zero-Trust Access and GitOps services. Developers will be able to take advantage of and contribute to, these battle-tested services that significantly reduce the complexities associated with securing access to and automating the ongoing operations of Kubernetes infrastructure and modern applications. These two service...
SnykCon 2021 event lineup
Friday, September 24, 2021 by Randall Degges
We're only a few weeks away from SnykCon 2021, Snyk's free annual developer conference that helps you learn how to build applications securely running October 5-7. We have a packed agenda full of expert talks, hands-on workshops, helpful demos, product roadmaps, opportunities to interact with some of the smartest speakers and leaders of developer security i...
Vanta launches Automated ISO 27001 Certification and HIPAA Compliance
Tuesday, July 13, 2021 by Brittany Hainzinger
Vanta announced public availability for two new certification standards that help secure the internet and protect consumer data. Vanta provides automated compliance audits and continuous security monitoring through a robust SaaS platform, enabling companies to achieve industry standardization in weeks instead of months.
The rise of data leaks and privacy concerns hav...
Cyvatar raises 9 million for cybersecurity as a service model
Monday, June 21, 2021 by Brittany Hainzinger
Cyvatar announced that it has raised $9 million as part of its Series A financing to help scale and serve its rapidly growing customer base and continue to drive the adoption of its innovative cybersecurity-as-a-service (CSaaS) model.
Cyvatar raises 9 million for cybersecurity as a service model
Escalating cybersecurity breaches and the need to addr...
Not all security vulnerabilities are created equal
Tuesday, May 25, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function, value and, unfortunately, they also provide one of the easiest openings for cybercriminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the concept o...
Six areas of focus for continuous security
Friday, April 16, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function and value and, unfortunately, they also provide one of the easiest openings for cyber criminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the conce...
NEM Group has launched Symbol
Tuesday, March 16, 2021 by Brittany Hainzinger
NEM Group announced the launch of Symbol, its next-generation Proof-of-Stake+ (PoS+) Public Blockchain. Boasting enterprise-grade programmability and security, Symbol from NEM brings cutting edge technical features which can be leveraged by innovative projects building fintech, healthcare and supply chain products at the heart of the new economy. With the launch co...
Improving security posture with static application security testing
Friday, February 12, 2021 by Tim Jarrett
Amid the worldwide pursuit of digital transformation, the software has seen a meteoric rise, and application security has become paramount. As more companies become software-centric, they publish more applications, increasing the risk vulnerable code will be released. To help reduce this risk, static application security testing (SAST) can help dev teams find and fix we...
Zero trust framework no longer optional 2021 predictions
Tuesday, January 12, 2021 by Brittany Hainzinger
There’s no doubt that COVID-19 and the shift to remote work have accelerated Zero Trust adoption in the enterprise. In 2021 and the following years, implementing a Zero Trust approach will become essential to protecting every enterprise, regardless of industry. This is due to the increasing volume of cyberthreats that organizations and individuals face on a regula...
Quantum computing in 2021
Monday, January 11, 2021 by Brittany Hainzinger
Quantum computing is likely to become practical soon, with the capability to break many encryption algorithms. Organizations should plan to upgrade to TLS 1.3 and quantum-safe cryptographic ciphers soon. Big Tech vendors Google and Microsoft will make updates to web browsers, but the server-side is for your organization to review and change. Kick off a Y2 K-li...
Zero trust security will prevail in 2021
Wednesday, January 6, 2021 by Brittany Hainzinger
Zero-trust security (when organizations stop trusting their people and services in an IT environment) will become the prevailing model for organizations in 2021. With more companies moving to distributed architectures, technology teams need a scalable way to make security foolproof while managing a growing number of microservices and greater complexity. Companies s...
5 mistakes businesses make in application development
Friday, October 23, 2020 by Mayur S Shah
5 Mistakes Businesses Make While Prioritizing Speed Over Security in Application Development
Earlier this year, the Democratic party in Iowa announced its plans to use a smartphone app to calculate and transmit their caucus results. One would think that by using technology to improve the speed of governance, what could possibly go wrong? A lot, apparently. The a...
HackNotice announces threat intelligence platform
Friday, September 18, 2020 by Brittany Hainzinger
HackNotice announced the launch of HackNotice Teams, a cybersecurity management platform powered by actionable threat intelligence and an industry solution to foster a company-wide culture of security. Built on HackNotice Premium’s technology, HackNotice Teams scours the dark web to alert employees of vulnerabilities, compromised information, and data breaches in ...
GDPR and data security
Friday, September 18, 2020 by Jonathan Weicher
How has the General Data Protection Regulation (GDPR) affected your firm during the past two years? It has been nearly that long since GDPR went into effect across Europe, applicable for any organizations handling the personal information of European citizens. Since that time, it appears to be performing well up to expectations. Firms of all kinds find themse...
Being careful about 3rd party APIs
Monday, August 24, 2020 by Ameya Talwalkar
Over the past couple of years, we’ve seen a marked shift in the nature of API traffic from being largely driven by human actions to be increasingly machine-driven. While it used to take a human to click something on a website to trigger an API call and response, there are now sites and apps where upwards of 98% of total traffic is the result of bots -- some legiti...
New version of Terrascan from Accurics
Thursday, August 20, 2020 by Brittany Hainzinger
Accurics unveiled a major upgrade to Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code (IaC). The new release ensures Terraform templates avoid common security pitfalls in popular cloud providers such as AWS, Azure, and Google Cloud Platform. Built-in extensibility will enable support for other popular technol...
3 Steps to manage work-from-home assets as we get back to the office
Friday, April 24, 2020 by Brittany Hainzinger
Just over the horizon for American businesses and government agencies is the return to the traditional office work environment. But what will companies and agencies do with the new laptops and other devices they put into employee homes in order to keep things going during state-imposed stay-at-home orders? The International Association of IT Asset Managers (IAITAM) ...
DevSecOps 7th annual Community Survey results
Wednesday, April 15, 2020 by Brittany Hainzinger
Sonatype published findings from its seventh annual DevSecOps Community Survey, based on responses from 5,045 software engineering professionals. The survey, developed and conducted in partnership with Carnegie Mellon’s Software Engineering Institute, CloudBees, DevOps Institute, DevOps.com, DevSecOps Days, NowSecure, Security Boulevard, Verica, and All Day DevOps...
2020 Cloud Misconfigurations Report released by DivvyCloud
Wednesday, February 19, 2020 by Brittany Hainzinger
DivvyCloud released its 2020 Cloud Misconfigurations Report, which substantiates the growing trend of data breaches caused by cloud misconfigurations and quantifies their impact on companies and consumers around the world. DivvyCloud research found that nearly 33.4 billion records were exposed in breaches due to cloud misconfigurations in 2018 and 2019, amounting to nea...
Data Privacy Day 2020 is here
Tuesday, January 28, 2020 by Richard Harris
Data Privacy Day is here, and with the recent implementation of the California Consumer Privacy Act, the timing could not be better to discuss the importance of taking steps to protect sensitive data while also keeping personal data private and secure.
Similar to GDPR, CCPA will have a profound impact on data privacy and protection, making this year’s Data Priv...