We love open-source software (OSS). Not only does it save time and effort, but it’s also incredibly rewarding to collaborate with other developers on major projects. Plus, it opens the door for innovation that otherwise wouldn’t be possible at this scale. However, with code comes responsibility, and so it’s imperative to understand the risk OSS libraries carry when we’re integrating them into projects.
Going into 2023, phishing is still as large a concern as ever. “If it ain’t broke, don’t fix it,” seems to hold in this tried-and-true attack method. The 2022 Verizon Data Breach Investigations Report states that 75% of last year’s social engineering attacks in North America involved phishing, over 33 million accounts were phished last year alone, and phishing accounted for 41% of social engineering compromise overall.
If you’re a CISO, VP of Security, or a Staff Security Engineer and still wondering whether your developers own the keys to application security, this Forrester report is for you. Get your complimentary copy now, courtesy of GitGuardian.
Over the last few years, there has been a huge adoption of containers. Actually, container technologies have existed for a while, but in 2013, the launch of Docker gave popularity to containers. Docker shows organisations how they can go for container-first development and operations mode. But along with the increase in the use of containers or growth of containers, the risks associated with them also increased.
Two years ago, Kovrr took a unique approach to cyber risk modeling of financial quantification (FQ) and expanded to the enterprise market. After a long time of quantifying risks of portfolios for global insurers and reinsurers, Kovrr was able to build expertise around quantifying risk with specific expertise in acquiring high-quality data to feed our models and fast time to value using automation.
An analysis of the way in which symlinks are handled by Google’s Chrome browser and other web browsers that use the Chromium web browser project revealed a vulnerability that can result in the theft of sensitive data including crypto wallets and cloud provider credentials. It is dubbed CVE-2022-3656. The issue was partially fixed in Chrome 107 and fully redressed in Chrome 108.
Cyber security has been and will continue to be a more critical issue than ever. As technology becomes more complex, more advanced, and more user-friendly, it becomes more vulnerable. We can blame that on a few factors, but one such factor is the human element. Humans are the weakest link in any structure, and that’s no secret.
Slack is a very popular corporate messaging app with 20 million daily active users. They recently announced suffering from a data breach on their code repository on Github. Ever since layoff has become a trend or a harsh reality, the world of cybercrime has become proactive as a company experiencing a layoff may have less resources to devote to cybersecurity, making it a more vulnerable target for cybercriminals.
Whether or not you believe in omens and superstition , Friday the 13th is a day of infamy. To celebrate—if that’s a thing—let’s look at some creepy cyber incidents that will have your skin crawling in good old Friday the 13th fashion.
