Breaking News

Crossword Cybersecurity supports techUK's SME Membership with Cyber Essentials certification and access to Rizikon Assurance

Crossword Cybersecurity Plc is today announcing that its online software assurance platform, Rizikon Assurance, is being made freely available to members of UK technology trade association, techUK for a single-use cyber security assessment to support them towards Cyber Essentials certification.

How Lunar shifted security left while building a cloud native bank

At SnykCon 2021, there were a number of insightful talks from companies that were able to build successful AppSec programs. As the Lead Platform Architect at Lunar and a Cloud Native Computing Foundation (CNCF) ambassador, Kasper Nissen’s presentation was no exception. In this post, we’ll recap Nissen’s talk about how his security team at Lunar was able to shift security left while building a cloud native bank.

You Didn't Ask? Well, the SOC Evolution Answered Anyway

Let me begin by stating the obvious: The cyberattack surface is growing exponentially and diversely. Essentially, it’s a bigger shark and we’ve got the same small boat. The environments, platforms, services, regions and time zones that constitute modern enterprise operations and drive digital transformation for business continue to require increasing specialization and expertise beyond current in-house capabilities.

DevSecOps tool examples that will alleviate your workload

Nowhere is this more apparent than in DevSecOps where developers and releases outnumber security experts by thousands to one. It’s simply not feasible for the security teams to manually tackle flagged issues with any kind of accuracy—and have any time left in the day to - you know - eat and sleep!

Application Security in 2022 Misses the Big Picture

I recently ran an unofficial poll on LinkedIn asking how people found every instance of Log4J in their application portfolio. The options I gave were CMDB (Configuration Management Database), SBOM (Software Bill of Materials), SCA (Software Composition Analysis), and internal detective work. The overwhelming majority, 54% to be exact, said internal detective work. These results got me thinking as organizations spend millions of dollars a year on CMDB, SBOM, and SCA technologies.

DevSecOps in an Agile Environment

At first glance, DevSecOps and Agile can seem like different things. In reality, the methodologies often complement each other. Let’s see how. Agile is a methodology that aims to give teams flexibility during software development. DevSecOps is about adding automated security to an existing automated software development process. Both are methodologies that require high levels of communication between different stakeholders and continuous improvement as part of the process.

Key Criteria for Choosing Mobile App Security Solution Vendor

Mobile phone apps are more popular than ever with a rapidly expanding user base each year. They have literally made everything come to the fingertips of the users and there’s a significant demand for mobile apps for just about everything, generating great competition and pressure among app developers around the world.

NFTs - Protecting the investment

This blog was written by an independent guest blogger. Non-fungible tokens (NFTs) are the new player in the financial investment market. They’ve seen tremendous interest from a wide range of parties, whether that be institutional investors or retail hobbyists looking to find an angle. As with anything involving money, malicious actors are already starting to take hold; Insider magazine recently highlighted the 265 Ethereum (roughly $1.1 million) theft due to a fraudulent NFT scheme.

Threat intelligence outlook 2022: what we can learn from the past year

In this blog post, we discuss the key security issues of the last year and explore what this could mean for 2022. With the continuous exploitation of vulnerabilities which took place in 2021 likely to continue in 2022 and beyond, organisations can benefit from conducting tabletop exercises using some of the scenarios presented below.

CrowdStrike Powers MXDR by Deloitte, Offering Customers Risk Mitigation with Powerful Customized and Managed Security Services

Deloitte, a leader in managed security services, has launched MXDR by Deloitte — a Managed Extended Detection and Response suite of offerings — within which the CrowdStrike Falcon® platform will power a number of solutions. MXDR by Deloitte combines an integrated, composable and modular managed detection and response SaaS platform with managed security services in a unified offering of advanced, military-grade threat hunting, detection, response and remediation capabilities.