Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Have you ever built software without encountering a single vulnerability? Unlikely. Vulnerabilities are an unavoidable fact of DevSecOps life, and the stakes are higher than before. Cybercrime expenditures are expected to exceed $9.5 trillion globally. Cyber risk quantification has become the need of the hour, not just for security teams and executives but also for developers.

A lot goes into deciding what to buy during the holiday shopping season – shipping times, sale prices, and finding the perfect gift for your niece (who is impossible to shop for) are likely to be at the top of your mind. Unfortunately, attackers are counting on that. An attacker’s best friend is urgency and Black Friday kicks off a perfect season for them.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Oh look, wondered when this lot would end up in the news again …

Read Post

Black Friday may be the pinnacle of the holiday shopping season, a day when online retailers experience unprecedented traffic and revenue opportunities as consumers kick off the Christmas season. For many retailers, it’s a make-or-break event. Yet, with increased traffic comes increased risk, particularly as it relates to cybersecurity and keeping shoppers safe from fraud stemming from a cyberattack on their favorite digital store.

When the title of chief information officer (CIO) first emerged in the early 1980s, it was very different from what it is today. Technology evolution, emerging threats and new realities have shifted the role from simply “keeping the lights on” to strategically “enabling the business” in every way.

In this episode of Trust Issues, host David Puner interviews James Imanian, Senior Director of the U.S. Federal Technology Office at CyberArk. They discuss the critical topic of election security, focusing on the recent 2024 U.S. presidential election. Drawing from his extensive background in cybersecurity including a career in the Navy and a stint at the U.S.

Read also: Bitfinex hacker sentenced to 5 years in prison for the largest crypto heist in history, five Scattered Spider members indicted in the US, and more.

In the early days of cloud security, like in the early days of endpoint, the focus was on prevention. This makes sense: preventative measures are an essential way to reduce risk. Blocking known threats and attack paths makes sense as a way to harden an organization’s cloud estate. For many organizations, a prevention-only strategy in the cloud might seem completely sufficient for reducing risk – and it is to an extent. But prevention alone can only go so far.

Learn how Tanium's innovations and automation capabilities are empowering customers to build confidence and resiliency.

Advanced Persistent Threat (APT) actors have become a significant concern for organizations worldwide, as they pose a substantial threat to sensitive information and critical infrastructure. One such APT actor is the Lazarus Group, also known as Hidden Cobra, which has been active since at least 2009. In this blog, we will delve into the motivation and recent activity of the Lazarus Group, highlighting their tactics, techniques, and procedures (TTPs) and the MITRE ATT&CK techniques they employ.