In December 2022, the FCC opened a call for comment requesting stakeholders provide input on whether E-Rate program funds can be used to support advanced or next-generation firewalls and services, as well as other network security services. For those unfamiliar with the program, E-Rate is a Federal Communications Commission (FCC) program that provides funding to schools and libraries for telecommunications and internet services.

Securing your software requires a mix of automated and manual processes, and threat modeling is a crucial part of the mix. Your organization relies on software to innovate and deliver value to your customers, as well as to work faster and more efficiently. However, if that software is not developed and deployed securely, it can put your business at risk. When software risk is business risk, you must both prioritize it and manage it proactively.

Securing modern-day production systems is complex and requires a variety of measures—from secure coding practices and security testing to network protection and vulnerability scanning. Scaling these solutions to keep pace with the speed of development teams can be difficult, resulting in sprawling workflows and disparate sets of tooling.

We are in early 2023, and we have over 2700 new vulnerabilities registered in CVE. It is still a challenge for developers to endure the fatigue of continually vulnerability prioritization and mitigating new threats. Our findings in the Sysdig 2023 Cloud-Native Security and Container Usage Report provide signs of hope for overburdened developers, as the data showed opportunities to focus remediation efforts on vulnerable packages loaded at runtime.

8220 Gang has been dubbed as a group of low-level script kiddies with an equally disappointing name based on their original use of port 8220 for Command and Control (C2) network communications dating back to 2017. Since an initial Talos report in late 2018, the group has continued to use, learn, and benefit from the efforts of their counterparts in the cryptojacking world.

Privacy is a fundamental human right. Full stop. At Internxt, we believe that what humanity can achieve is extraordinary and that our products should enable society to achieve excellence. Our cloud services should not only empower people but must also respect basic human individual rights. We are working to build a better, safer internet with respect for you, the user, at its core.

The latest on ESXiArgs ransomware attacks, new QakNote attacks pushing QBot malware via Microsoft OneNote files, and Biden’s attention to data privacy in the State of the Union.

Threat actors today are increasingly targeting the application layer, driving significant challenges for companies using traditional application security strategies. To defend themselves against the rapidly evolving threat landscape, organizations need to build a modern AppSec strategy that addresses these fast-changing conditions. But how?

Keeper Security and TrendCandy Research surveyed over 400 IT and security professionals to explore the common challenges that organizations face with their current Privileged Access Management (PAM) solutions. The results are conclusive. Not only are major components of traditional PAM solutions not being used, but many respondents admit to never fully deploying the solutions they paid for.

All cyberattacks that violate the confidentiality, integrity and availability (CIA) of the network and data demonstrate some form of anomalous behavior. The starting point of this behavior may be an unauthorized intrusion into the network and, then, unauthorized use of the resources contained within the network. If you can identify an unauthorized network intrusion attempt, you can maintain the CIA of your data assets and network resources.