Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Single sign-on (SSO) used to be enough. It’s not anymore.

You’re confident in your development chops—confident enough to know the apps you’ve built aren’t completely free of security and configuration flaws. You’ve also researched the deep ecosystem of scanning tools available and perhaps got overwhelmed by the sheer volume of choice. What’s the right “portfolio” of open-source app security tools to identify vulnerabilities in your dependencies, Infrastructure as Code (IaC) configurations, containers, and more?

With AI finding adoption throughout all stages of the development process, the SDLC as we know it is becoming a thing of the past. Naturally, this has many implications for the field of software testing. This article will discuss how the SDLC has evolved over time, going into detail on the impact that AI adoption is having on both software development and software testing.

With the alarming number of data breaches and vulnerabilities today, security is now a primary concern for organizations and their customers, but knowing how to efficiently develop and scale secure applications is still a problem. Tackling this challenge requires considering the potential security risks of a new feature or service much earlier in the development cycle, an idea that is foundational to the Secure by Design approach.

Over the past month, the Vanta team launched new product capabilities.

As cybersecurity threats become more sophisticated, organizations have to continually find new solutions to resist bad actors. Enter MITRE D3FEND, a framework designed to complement the MITRE ATT&CK framework by focusing on defensive cybersecurity techniques.

The recent cyberattack on Ascension Medical, Change Healthcare and several UK hospitals is a stark reminder of the vulnerabilities within the healthcare sector. The May 8, 2024, attack disrupted access to Electronic Health Records (EHR) for two weeks across Ascension's 140-hospital system, forced some hospitals to divert ambulances and rely on manual record-keeping, and has led to patient class-action lawsuits regarding potential data exposure.

Trustwave SpiderLabs has detected a sophisticated malware campaign that leverages the Windows search functionality embedded in HTML code to deploy malware. We found the threat actors utilizing a sophisticated understanding of system vulnerabilities and user behaviors. Let’s break down the HTML and the Windows search code to better understand their roles in the attack chain.

Turning off Google Password Manager in Chrome will vary based on the Operating System (OS) you’re using. Here’s how you can turn off Google Password Manager in Chrome on Mac, Windows, iOS and Android.

The Cyber Essentials scheme has started to become a victim of its own success, with some organisations thinking it’s all they need to operate securely. Now I need to start by saying that Cyber Essentials is a great security baseline and I strongly recommend that every single organisation gets Cyber Essentials certification. It provides a valuable framework for establishing fundamental cyber security practices. But is that always enough?