The telecom industry is continuously evolving as laws governing the industry change, providers join new markets, and the expansion of cellular connections continues to grow. And since the global pandemic of COVID-19, millions of people around the world have relied on the availability of network services to work in addition to keeping in contact with their loved ones.

Third parties are an inevitable and essential part of your business ecosystem. They’re your vendors, partners, and contractors. They improve efficiency, extend your reach, and make it possible to deliver the best possible products and services. From a security perspective, however, they also bring a significant amount of risk. Misconfigurations of a third-party’s cloud can lead to supply chain data breach risks.

Many acquirers perform interview-based due diligence, but adding a software audit can provide an in-depth assessment of software risks in a target’s code. When deciding between an interview-based due diligence or software audit, the short answer is both.

Leadership and teamwork personally and professionally have long been a passion of mine, while we all interpret and digest the concepts differently, I usually find the strongest parallels in team sports. Over the last couple of months there has been no shortage of sport available to watch – tennis, cricket tests, state of origin, rugby (mostly look forward to the seeing the Springboks play) and I guess AFL requires an obligatory mention.

On Wednesday, July 20, 2022, Atlassian released patches to remediate two critical vulnerabilities (CVE-2022-26136 and CVE-2022-26137) that impact how Atlassian products implement Servlet Filters and could lead to unauthenticated authentication bypass, cross-site scripting (XSS), or cross-origin resource sharing (CORS) bypass depending on the filters used by each impacted product.

Over the past couple of months, a new group has emerged named the Atlas Intelligence Group (A.I.G), aka Atlantis Cyber-Army. What makes this group unique compared to all the other groups we’ve seen lately, is its recruitment of cyber-mercenaries to do specific jobs as a part of bigger campaigns known only to the admins. In the early days, the group appeared to be yet another data leakage group.

The Federal Risk and Authorization Management Program (FedRAMP) is a program run by the U.S. federal government to help cloud service providers bid on government contracts. Simply put, FedRAMP helps such providers achieve minimum standards of cybersecurity, so they can sell their cloud service offerings to federal government agencies more efficiently. All cloud service providers (CSPs) must achieve FedRAMP authorization to be able to contract with federal agencies.

When it comes to protecting your business, there is no such thing as being too cautious. In today's increasingly connected world, cyberattacks are becoming more and more common, and the stakes are higher than ever before. That's why many businesses are turning to 24/7 SOC through a managed security services provider (MSSP) to protect their business.

Shifting security left means preventing developers from using unacceptably vulnerable software supply chain components as early as possible: before their first build. By helping assure that no build is ever created using packages with known vulnerabilities, this saves substantial remediation costs in advance. Some JFrog customers restrict the use of open source software (OSS) packages to only those that have been screened and approved by their security team.

Enterprises are embracing the cloud native paradigm for agility, scalability, composability, and portability. Kubernetes, the open source container orchestration engine, is the foundation of modern, cloud native workloads. AWS customers can leverage managed Kubernetes available in the form of Amazon Elastic Kubernetes Service (EKS) or deploy a cluster based on upstream Kubernetes distribution running in a set of Amazon EC2 instances.