Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Freshen up how you build security into the software pipeline. In this article, we’re looking at the seven core principles of DevSecOps: Let’s get started.

IBM have just released their coveted X-Force Threat Intelligence Index 2023 report, tracking new, existing and evolving threat insights, discovered over the last year. This in-depth, 58-page report explores threat actor’s exploitation of the after-effects of a global pandemic, and the turmoil caused by conflict between Russia and Ukraine, as IBM states “creating exactly the kind of chaos in which cybercriminals thrive. And thrive they did.”.

Recent high-profile software supply chain breaches have sharpened the focus on application security. But as cybersecurity professionals know all too well, concern doesn’t always equate to action. In theory, the rise of DevSecOps best practices that shift responsibility for application security further left should reduce the number of vulnerabilities that now routinely make it into production applications. However, real life is a little messier.

Staying ahead of the cyberattack curve in a constantly evolving world requires a comprehensive strategy. Today's release of the Biden-Harris Administration's National Cybersecurity Strategy provides an extensive roadmap for impacting both public and private security efforts. In this blog post, we’ll take an in-depth look at three of the most software-related strategic objectives: software liability, open-source software usage, and cybersecurity workforce readiness.

Willie Sutton, the criminal who became legendary for stealing from banks during a forty year career, was once asked, "Why do you keep robbing banks?" His answer? "Because that's where the money is." However, today there's a better target for robbers today than banks, which are typically well-defended against theft... Cryptocurrency wallets.

We recently launched the LimaCharlie Query console which makes the underlying LimaCharlie Query Language (LCQL) more accessible. Users can now easily operationalize the full year of telemetry retained by LimaCharlie, reducing or eliminating the need to send telemetry into 3rd party SIEM-like tools such as Splunk and ELK. It is an exciting new set of capabilities that opens a whole new world of possibilities.

The Australian Cyber and Infrastructure Security Centre (CISC) recently announced that the Critical Infrastructure Risk Management Program (CIRMP) obligation had entered into effect. The Minister for Home Affairs, the Hon Clare O’Neil, signed the CIRMP Rules as the final part (Section 61) of the Security of Critical Infrastructure Act 2018 (SOCI Act) on 17 February 2023, effective immediately.

Nearly 93% of healthcare organizations experienced a data breach in the last three years, and most of these events could have been avoided with basic cybersecurity practices. To help healthcare entities mitigate cybersecurity risks and increase their data breach resilience, we’ve created a comprehensive healthcare cybersecurity guide optimized for the biggest security threats in the industry.

On November 30, 2022, ChatGPT quaked the digital world, sending a tremor that even rattled the cybersecurity industry. Instead of responding in panic, a more sensible approach is to begin learning how to leverage the technology to streamline your workflow and optimize your skills. In this post, we explain how ChatGPT can be used to improve your cybersecurity posture and data breach resilience.

In February 2021, UpGuard researchers discovered that 51% of analyzed Fortune 500 companies were leaking information in the metadata of public documents hosted on their websites. This discovery is a window into a broader overlooked cyber threat category, increasing the risk of data breaches in the tech industry - data leaks. Data leaks (often confused with data breaches) help hackers compress the data breach attack pathway, increasing the speed, severity, and frequency of these events.