Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Employee theft isn’t just a financial issue; it can erode trust and damage company morale. These employee theft statistics highlight the prevalence of workplace theft across key categories including data theft, time theft, fraud and embezzlement, insider threats, and retail theft.

On April 15th, Fabian Bäumer and Marcus Brinkmann of Ruhr University Bochum disclosed that PuTTY had a vulnerability that can allow an attacker to compromise private keys, then forge signatures, and log into any remote servers on which those keys are used. PuTTY is a free and open-source terminal emulator, serial console and network file transfer application that supports several network protocols, including SCP, SSH, Telnet, rlogin, serial port and raw socket connections.

Security questionnaires represent the cornerstone of most third-party risk management (TPRM) programs. They allow organizations to responsibly appraise a vendor's security posture before they move forward with onboarding and grant the vendor access to internal systems and data. Nevertheless, most security teams feel burdened by time-consuming and lengthy security questionnaires, especially when faced with additional resource and staffing limitations.

Phishing isn’t what it used to be. Older, popular scams — like grammatically incorrect love letters and mysterious princes who just need a little money — have given way to sophisticated and dangerous social engineering attacks. In fact, phishing has become so prevalent and effective that it is one of the three primary ways hackers compromise credentials.

Clients often conflate Offensive Security with penetration testing, yet they serve distinct purposes within cybersecurity. Offensive Security is a broad term encompassing strategies to protect against cyber threats, while penetration testing is a specific activity where security teams test system vulnerabilities. At its essence, Offensive Security isn't just about reacting to vulnerabilities; it's about actively hunting down and neutralizing potential threats before they wreak havoc.

Software Composition Analysis (SCA) tools have been around since 2002, and they are now more critical than ever for identifying vulnerabilities in your codebase's libraries, frameworks, and third-party components. According to a Capterra report, 61% of businesses have been affected by a supply chain threat in the last year. If you’re one of the lucky 39%, Capterra suggests it really came down to luck - as nearly all companies use at least one third-party vendor.

In the famous book “Code Complete,” published by Microsoft Press, author Steve McConnel emphasized the importance of writing code for people first and computers second for better code readability. This was in 1993, when cyber attacks were practically non-existent. Fast forward to 2023, we have a greater challenge: writing code for tackling hackers first and users second.  This challenge is compounded by the rise of cybersecurity incidents due to security vulnerabilities in code.

The OWASP Top 10 list is the go-to resource to begin understand application security risk for software developers and information security professionals. Most of us don't know we're harboring vulnerabilities in plain sight. During 2020 and 2021, there were an average of 15 vulnerabilities per site, and two out of these fifteen vulnerabilities were of high severity. ‍To protect against vulnerabilities, you first need to be aware of them. That’s where the OWASP Top 10 list comes in handy.

We’re excited to share that Business Intelligence Group has once again recognized WatchGuard Technologies for outstanding customer service, as WatchGuard claimed three award wins in the 2024 Excellence in Customer Service Awards! The annual awards program celebrates the top companies, executives, and products that are leading the way in supporting their customers and developing the tools to help others find success. WatchGuard’s 2024 award winners include.