Microsoft misconfigurations expose millions of records globally
Monday, November 18, 2024 by Freeman Lightner
In September 2024, significant data exposure was discovered within Microsoft Power Pages, a low-code SaaS platform, due to misconfigured access controls. The exposure, which potentially affected millions of individuals, highlights the risks associated with excessive permissions granted to the platform's "Anonymous" and "Authenticated" user roles....
Emerging features to consider for mobile app development
Wednesday, November 13, 2024 by Richard Harris
In an era where mobile applications are ubiquitous, with a staggering 8.93 million apps vying for attention across various app stores, distinguishing your app from the competition is paramount. While aesthetics undoubtedly play a role in user attraction, it is the functionality and features of an app that truly captivate and retain users. Whether you are embarking on yo...
AI regulations in software development
Tuesday, August 27, 2024 by Richard Harris
AI is rapidly changing the software development field, making clear regulations essential to prevent risks like data breaches and ensure ethical practices. These regulations are also key to reshaping developer roles while preserving the need for human expertise.
AI regulations in software development
The implementation of formal AI policies within companies is cri...
PhishFlagger anti-phishing email solution released
Monday, August 19, 2024 by Austin Harris
PhishFlagger, a human-compatible patented phishing solution, recently announced its new patented anti-phishing email solution. The solution validates emails through a unique identifier protocol, PhishCounter, which adds a sequential number in the subject line that identifies all outgoing and inbound emails. The easily implemented system also allows recipients to identif...
DevOps threats report released from GitProtect io
Monday, August 12, 2024 by Brittany Hainzinger
Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities,
and, as a result, data loss are the reality that DevSecOps teams have to face...even every
few days.
The State of DevOps threats report - teams affected every few days
GitProtect.io recently presented its studies on the most severe incidents affecting tools like GitHub...
Geo-Fraud Detection mobile app by Appdome
Friday, August 2, 2024 by Freeman Lightner
Appdome announced it has enhanced its Geo-Fraud Detection service to include two new defenses: Geo-Location Fencing and Geo DeSync Attack Detection. Combined with other Geo-Compliance features available on the Appdome platform, mobile app developers and enterprises can eliminate location-based fraud, ensure geo-compliance and deliver location relevant use...
Rise in cyberattacks is alarming folks
Friday, June 28, 2024 by Freeman Lightner
A recent study has uncovered a startling rise in cyberattacks from 2022 to 2023. Throughout 2023, the United States experienced an alarming 3,205 data breaches, marking a dramatic 78% surge from the 1,801 incidents reported in 2022.
The study conducted by data collection experts SOAX utilized data from the Identity Theft Resource Center on the number of data vi...
Software delivery lifecycle security predictions from OpsMx
Wednesday, December 20, 2023 by Richard Harris
Heading into 2024, enterprises face mounting security concerns related to data breaches, evolving privacy regulations, and their increasing reliance on the cloud and software service providers. As such, they are under increasing pressure to secure the software delivery lifecycle and better understand where the threats are coming from and what their vulnerabilities are. ...
Generative AI predictions for 2024 from WinWire
Monday, December 18, 2023 by Richard Harris
As much as it's in the news, AI is by no means a new development. It has been more than three decades since Deep Blue beat Garry Kasparov, the Russian chess champion. It has been over a decade since Watson outperformed several Jeopardy champions.
That was all AI. It's not a sudden arrival. It has evolved and gone through several iterations. AI-powered recomme...
API security risks report exposes Netflix and Wordpress
Monday, November 27, 2023 by Richard Harris
Wallarm, the end-to-end API and app security company, announced the release of its Q3-2023 Wallarm API ThreatStats report. The quarterly report details the surge in threats centered around APIs and uncovers critical vulnerabilities, like injections and API data leaks, that have recently impacted leading firms, including Netflix, VMware, and SAP.
The new report i...
Kubernetes optimizations land from PerfectScale
Wednesday, October 25, 2023 by Richard Harris
PerfectScale announced that they have successfully closed $7.1 million in seed funding, led by Blumberg Capital with participation from Upwest, Prelude Ventures, K2 Access Fund, Inner Loop Capital, Triangle Tweener Fund, and Firestreak Ventures. The latest investment brings the company’s total funding to nearly $10 million, since its founding in March, 2022.
Wi...
Detect hard coded secrets with new capabilities from Cycode
Thursday, August 10, 2023 by Freeman Lightner
Cycode announced the expansion of its hard-coded secrets detection in cloud-based workplaces, as well as a collaboration with Azure DevOps pipelines to ensure end-to-end supply chain integrity and a new IDE plug-in for seamless integration with VS Code.
Building upon its existing code-to-cloud coverage, Cycode now extends its secrets scanning capabilities to encompas...
PCI DSS JavaScript compliance tool free from Jscrambler
Thursday, June 29, 2023 by Brittany Hainzinger
Jscrambler announced the launch and immediate availability of its free PCI DSS JavaScript Compliance Tool to ensure granular and flexible capacity to meet the stringent new requirements introduced by version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS v4.0). This free assessment tool provides organizations of all sizes with clarity and si...
Data privacy training kit from CybeReady
Monday, February 6, 2023 by Freeman Lightner
CybeReady published the company’s Data Privacy CISO Toolkit as Data Privacy Week is set to arrive in January. Access to the Data Privacy CISO Toolkit is free of charge and offered to support data privacy training this month.
Data Privacy Week was inaugurated by the National Cybersecurity Alliance (NCA) because of the importance of privacy data. The occasion beg...
Security practices of apps in the Google Play Store
Monday, September 26, 2022 by Brittany Hainzinger
Data removal company Incogni analyzed the top 1,000 paid and unpaid apps available on the Google Play Store to discover the apps’ privacy and security practices.
Key privacy findings:
1 in 2 apps (55.2%) share your data with third parties.
Free apps share, on average, seven times more data points than paid apps.
The worst categ...
Triller calls on US gov to ban TikTok
Tuesday, July 19, 2022 by Freeman Lightner
Triller calls on CFIUS, President Joe Biden, Congress the Department Of Defense to ban TikTok calling it the largest security threat to America today in an open letter by CEO and Chairman of Triller Mahi De Silva.
As the CEO of a global company whose mission is to help creators take control of their destiny in the creator economy, leveraging transformative adaptive t...
Monetary losses from corporate data breaches in the US
Friday, June 17, 2022 by Freeman Lightner
Data breaches in today’s technology-driven world can affect hundreds of millions, if not billions, at once. Companies must ensure that data is adequately protected. However, some of the largest breaches have occurred in the last decade.
But which state in the United States has suffered the most monetary losses as a result of corporate data breaches?
Interest...
Intelligent IoT Network lands from Aeris
Tuesday, February 15, 2022 by Richard Harris
Aeris, the Internet of Things (IoT) solutions provider has announced the next generation of its Intelligent IoT Network, a unique suite of Machine Learning and Artificial Intelligence (AI)-based capabilities that enable superior global IoT connectivity and network performance, increased security performance, and best-in-class IoT network support. The Aeris Intelligent I...
Security compliance predictions for 2022
Tuesday, January 18, 2022 by Freeman Lightner
Edward Tuorinsky is the Managing Principal of DTS, a Service-Disabled Veteran-Owned Small Business, that provides information technology and management consulting services in the areas of program management, governance, strategic planning, organization advancement, business process efficiency, software development, system integration, and learning enhancement solutions....
Data privacy predictions from Ground Labs
Monday, January 17, 2022 by Freeman Lightner
As Ground Labs Co-Founder, Stephen Cavey leads a global team empowering enterprise partners to discover, manage and secure sensitive data across their organizations.
Stephen has deep security domain expertise with a focus on electronic payments and data security compliance. He is a frequent speaker at industry events such as PrivSec Global, and his expert analy...
Security analytics platform selects Pulumi Cloud
Monday, January 3, 2022 by Freeman Lightner
Pulumi announced Panther Labs, a security analytics platform company that helps teams detect and respond to breaches at cloud scale, has selected the Pulumi Cloud Engineering Platform to manage and scale its cloud infrastructure. With Pulumi, Panther has been able to speed its deployments by up to 10X, reduce the size of its legacy infrastructure codebase by more than 5...
Low code platform Zenity lands $5M in funding
Wednesday, December 8, 2021 by Austin Harris
Zenity exited stealth mode with a $5 million seed funding round, led by Vertex Ventures and UpWest, and backed by top executives such as the former CISO of Google, Gerhard Eschelbeck, and former CIO of SuccessFactors, Tom Fisher. With Zenity, businesses can promote citizen development and adopt Low-Code/No-Code platforms while avoiding critical data exfiltration or disr...
Open source services from Rafay Systems
Tuesday, October 19, 2021 by Austin Harris
Rafay Systems announced its plans to open-source its Zero-Trust Access and GitOps services. Developers will be able to take advantage of and contribute to, these battle-tested services that significantly reduce the complexities associated with securing access to and automating the ongoing operations of Kubernetes infrastructure and modern applications. These two service...
SnykCon 2021 event lineup
Friday, September 24, 2021 by Randall Degges
We're only a few weeks away from SnykCon 2021, Snyk's free annual developer conference that helps you learn how to build applications securely running October 5-7. We have a packed agenda full of expert talks, hands-on workshops, helpful demos, product roadmaps, opportunities to interact with some of the smartest speakers and leaders of developer security i...
Vanta launches Automated ISO 27001 Certification and HIPAA Compliance
Tuesday, July 13, 2021 by Brittany Hainzinger
Vanta announced public availability for two new certification standards that help secure the internet and protect consumer data. Vanta provides automated compliance audits and continuous security monitoring through a robust SaaS platform, enabling companies to achieve industry standardization in weeks instead of months.
The rise of data leaks and privacy concerns hav...
Cyvatar raises 9 million for cybersecurity as a service model
Monday, June 21, 2021 by Brittany Hainzinger
Cyvatar announced that it has raised $9 million as part of its Series A financing to help scale and serve its rapidly growing customer base and continue to drive the adoption of its innovative cybersecurity-as-a-service (CSaaS) model.
Cyvatar raises 9 million for cybersecurity as a service model
Escalating cybersecurity breaches and the need to addr...
Not all security vulnerabilities are created equal
Tuesday, May 25, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function, value and, unfortunately, they also provide one of the easiest openings for cybercriminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the concept o...
Six areas of focus for continuous security
Friday, April 16, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function and value and, unfortunately, they also provide one of the easiest openings for cyber criminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the conce...
NEM Group has launched Symbol
Tuesday, March 16, 2021 by Brittany Hainzinger
NEM Group announced the launch of Symbol, its next-generation Proof-of-Stake+ (PoS+) Public Blockchain. Boasting enterprise-grade programmability and security, Symbol from NEM brings cutting edge technical features which can be leveraged by innovative projects building fintech, healthcare and supply chain products at the heart of the new economy. With the launch co...
Improving security posture with static application security testing
Friday, February 12, 2021 by Tim Jarrett
Amid the worldwide pursuit of digital transformation, the software has seen a meteoric rise, and application security has become paramount. As more companies become software-centric, they publish more applications, increasing the risk vulnerable code will be released. To help reduce this risk, static application security testing (SAST) can help dev teams find and fix we...
Zero trust framework no longer optional 2021 predictions
Tuesday, January 12, 2021 by Brittany Hainzinger
There’s no doubt that COVID-19 and the shift to remote work have accelerated Zero Trust adoption in the enterprise. In 2021 and the following years, implementing a Zero Trust approach will become essential to protecting every enterprise, regardless of industry. This is due to the increasing volume of cyberthreats that organizations and individuals face on a regula...
Quantum computing in 2021
Monday, January 11, 2021 by Brittany Hainzinger
Quantum computing is likely to become practical soon, with the capability to break many encryption algorithms. Organizations should plan to upgrade to TLS 1.3 and quantum-safe cryptographic ciphers soon. Big Tech vendors Google and Microsoft will make updates to web browsers, but the server-side is for your organization to review and change. Kick off a Y2 K-li...
Zero trust security will prevail in 2021
Wednesday, January 6, 2021 by Brittany Hainzinger
Zero-trust security (when organizations stop trusting their people and services in an IT environment) will become the prevailing model for organizations in 2021. With more companies moving to distributed architectures, technology teams need a scalable way to make security foolproof while managing a growing number of microservices and greater complexity. Companies s...
5 mistakes businesses make in application development
Friday, October 23, 2020 by Mayur S Shah
5 Mistakes Businesses Make While Prioritizing Speed Over Security in Application Development
Earlier this year, the Democratic party in Iowa announced its plans to use a smartphone app to calculate and transmit their caucus results. One would think that by using technology to improve the speed of governance, what could possibly go wrong? A lot, apparently. The a...
HackNotice announces threat intelligence platform
Friday, September 18, 2020 by Brittany Hainzinger
HackNotice announced the launch of HackNotice Teams, a cybersecurity management platform powered by actionable threat intelligence and an industry solution to foster a company-wide culture of security. Built on HackNotice Premium’s technology, HackNotice Teams scours the dark web to alert employees of vulnerabilities, compromised information, and data breaches in ...
