Code signing certificates are crucial in verifying a software application’s source and assuring users that the code has not been tampered with or maliciously modified. However, like any security measure, code signing is not immune to abuse. Hackers and cybercriminals are constantly finding new ways to exploit vulnerabilities in digital signing processes, making it imperative for developers and organizations to take proactive steps to safeguard their code signing certificates.

Today’s fast-paced digital landscape requires quick actions and top-notch safeguarding. Code signing is crucial in providing that security, but teams must approach the process effectively. Unfortunately, managing digital certificates, a vital component of code signing, often becomes complex and error-prone for organizations, leading to potential risks and vulnerabilities.

Elastic 8.9 introduces the generative AI sidekick, enhanced rule tuning, new lateral detection capabilities, and more! These new features provide security practitioners with advanced detection and analytics, easy to access information, more ways to customize your security investigations, and additional deployment options.

In the modern, cloud-first era, traditional data protection technology approaches struggle to keep up. Data is rapidly growing in volume, variety, and velocity. It is becoming more and more unstructured, and therefore, harder to detect, and consequently, to protect.

Generative AI, the transformative technology causing a stir in the global tech sphere, is akin to an enthralling narrative with its charming allure and consequential dark underbelly. Its most notable impact is forecasted in the realm of identity proofing, creating ripples of change that demand our immediate attention.

For more than two decades, virtual private networks (VPNs) have been the go-to technology for enterprise remote access — and by extension, for enforcing remote access security. Even ubiquitous internet connections are often redirected via VPN to a central data center, where security enforcement occurs through various hardware appliances. From there, the traffic is forwarded onward to the internet. Of course, it must follow the same indirect path back on the response side.

Trustwave has achieved supplier status with Bridgepointe, a tech advisory firm that helps mid-market and enterprise companies transform tech investments into unrivaled business results. The Bridgepointe deals connects Trustwave to Bridgepointe’s expansive network to provide Trustwave security consulting, managed detection and response, threat hunting, co-managed SOC, database security, and email security services to their set of clients.

The National Industrial Security Program (NISP), the authority within the United States for access to classified data by government contractors. Have outlined requirements to ensure continued availability and integrity of classified data, and prevent its unauthorised disclosure. The operating manual (NISPOM) affects all government agencies and commercial contractors who have access to classified data.

Security leaders today are facing a number of challenges, including a rise in the number of breaches, a need to accommodate remote work and networking requirements to replace MPLS networks. In this new blog post, we share insights about this new reality by David Holmes, Senior Analyst at Forrester, as well as an in-depth explanation about the security stack that can help. You can watch the webinar this blog post is based on here.

A new social engineering campaign tracked as “FakeSG” is distributing the NetSupport remote access Trojan (RAT) via phony browser updates, according to researchers at Malwarebytes. The campaign is similar but distinct from the widespread “SocGholish” campaign, which also uses fake browser updates to deliver NetSupport.