Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Serverless functions such as AWS Lambda, Google Cloud Functions and Azure Functions are increasingly popular among DevOps teams, as these cloud-based systems allow developers to build and run applications without managing the underlying infrastructure. But for all their benefits, serverless functions can also raise cybersecurity risk.

At CrowdStrike, we’ve long known how difficult it is to detect attacks that involve stolen credentials. We themed the CrowdStrike 2024 Global Threat Report “the year of stealth” to highlight how attackers are moving away from malware and malicious attachments and toward more subtle and effective methods such as credential phishing, password spraying and social engineering to accomplish their objectives. Source: CrowdStrike 2024 Global Threat Report.

In a world where cybersecurity threats are ever evolving and increasingly sophisticated, businesses of all sizes need robust solutions to protect their networks. However, these solutions have traditionally been costly and complex. WatchGuard is changing that tradition with the launch of its new ThreatSync+ Network Detection and Response (NDR) solution.

Over 100,000 websites using a popular JavaScript service (polyfill.io) are now victims of a web supply chain attack. A web supply chain attack is a cyberattack is a type of software supply chain attack that targets a third-party web software component to gain access to an organization’s systems or data. These attacks can be difficult to prevent because they can be hard to detect, take advantage of trust, and have long-lasting effects.

Whether organizations are looking to prevent data exposure, meet leading compliance standards, or simply earn customer trust, Data Leak Prevention (DLP) policies are effective tools for pinpointing and protecting sensitive data across the cloud and beyond. DLP policies are especially useful in the following top use cases.

This month’s Vanta updates: ‍ ‍

When you hear “cookies,” you may initially think of the delicious chocolate chip ones. However, web cookies function quite differently than their crumbly-baked counterparts. Website cookies are small data chunks, usually saved in a database, that websites transfer onto your computer or mobile device to save data and information about you. They enable sites to identify users and remember helpful information to enhance their experience.

The SWIFT Customer Security Controls Framework (CSCF) is a key global cybersecurity framework that provides recommended and mandatory security controls for banking institutions that use the SWIFT banking system. The framework is designed to help financial institutions improve their cyber resilience and ensure that participants within the SWIFT network adhere to a stringent set of security compliance standards. Find out how UpGuard helps the financial services industry meet compliance standards >

Security misconfigurations can open the door to potential cyberattacks, leading to data breaches, system compromises, and other severe consequences for organizations. In modern IT environments, including cloud infrastructure and other digital platforms, these misconfiguration vulnerabilities are becoming increasingly common and complex. Preventing and addressing security misconfigurations requires a collaborative effort across DevOps, DevSecOps, and security teams.

Before end-to-end (E2E) testing frameworks, the software development industry struggled with fragmented and inefficient testing methods. Testing was manual, labor-intensive, and prone to human error, which limited testing coverage and left many critical issues undetected until later stages of development. This manual approach relied heavily on developers and testers executing test cases by hand, leading to substantial inefficiencies and incomplete test coverage.