Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The open-source world narrowly escaped a sophisticated supply-chain attack that could have compromised countless systems. A stark reminder of the necessity of vigilant monitoring and rigorous vetting within the open-source ecosystem to maintain trust and security.

In this week’s episode of The Future of Security Operations podcast, I'm joined by Matt Johansen. Matt is a security veteran who has helped defend startups, the biggest financial companies in the world, and everything in between. Alongside his day job as Head of Software Security at Reddit, he teaches companies how to protect against cyber attacks, and coaches entrepreneurs and CISOs that need help with infrastructure, application, cloud, and security policies.

As the digital landscape continues to evolve, new cyber threats continue to emerge. It’s imperative to have safeguards in place early on in the product development process. That’s where Secure by Design comes in.

The intricate world of cybercrime continues to evolve, and with it emerges a disturbing trend known as "digital arrests." In this scam, fraudsters manipulate technology to instil fear, isolate victims, and ultimately extort them for financial gain. Reports indicate that digital arrests are on the rise globally, leading to devastating consequences for individuals and businesses alike.

As your business grows, there are new demands of the security team, like adding additional compliance frameworks, more security questionnaires, or new, advanced requirements from large enterprise customers. ‍ While this growth is exciting, it also comes with growing pains — like outgrowing your existing security processes.

Trustwave today added Threat Intelligence as a Service (TIaaS) to its offensive security portfolio to help organizations better understand the threats they face and provide detailed knowledge and mitigations of their security weaknesses. Trustwave TIaaS provides organizations with timely, contextualized, and prioritized threat intelligence based on factors relevant to their operations, enabling them to make risk-based and threat-informed decisions which benefit their organizations.

CrowdStrike is committed to protecting our customers from the latest and most sophisticated cybersecurity threats. We are actively monitoring activity surrounding CVE-2024-3094, a recently identified vulnerability in XZ Utils.

In the automotive industry’s fast lane, the fusion of digital innovation with vehicular engineering has revolutionized how we manufacture, drive and protect our vehicles. It also helps to ensure our cars are safeguarded against cyber risks. And it’s at this juncture that identity security emerges as a critical priority – serving as both a shield and a guide, leading the industry through the complexities of cybersecurity in automotive challenges with unmatched precision.

Spoofing attacks are a common cyber attack that tricks people into revealing their login credentials by pretending to be a legitimate business website. Password managers, like Keeper Password Manager, have an autofill feature that can help protect against this type of attack. If you land on a spoofed website, Keeper’s autofill feature, KeeperFill®, will not fill in your login credentials if the URL stored in your password vault does not match the website you’re on.

In recent years, the popularity of Kubernetes deployments has surged—as has the prevalence of security risks associated with the technology. Red Hat’s State of Kubernetes Security for 2023 reveals that 67 percent of organizations have encountered delays in application deployments due to Kubernetes-related security issues. Additionally, 37 percent have experienced significant revenue or customer losses stemming from Kubernetes security incidents.