Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Organizations are increasingly relying on open source software (OSS) to accelerate development and innovation. However, with great power comes great responsibility – and in this case, significant security risks. Enter the curated OSS catalog, a solution that ensures secure-by-default OSS usage. Let’s explore what a curated OSS catalog are and who stands to benefit from them.

In today’s increasingly digital world, cybercrime and online criminal activities pose significant threats to individuals, businesses, and governments alike. One of the most effective strategies in combating these threats is the comprehensive monitoring of criminal forums and platforms.

We’ve written a lot about various security frameworks, from CMMC to ISO 27001, and throughout all of them, one of the core elements is the need to protect CUI. Information that is controlled at a very high – SECRET, Classified, or other – level is tightly bound by specific rules and can only be handled by select individuals. Completely base, public information is freely available and completely uncontrolled. But there’s a lot of information somewhere in the middle.

The outlook of cyber threats in this modern cyber warfare theater has changed a great deal. Annually, 60% businesses drop victims to data breaches and cyber-attacks. Security teams intrinsically find themselves in a scenario whereby they lack visibility and control of the network traffic and are incidentally unable to detect and respond in real-time. To this regard, modern cybersecurity strategies now incorporate network forensics into their arsenal of defenses.

Gartner’s 2024 Hype Cycle for Application Security is making the rounds, and Application Security Posture Management (ASPM) continues to climb up and around the famous curve, from the Peak of Inflated Expectations in 2023 to this year’s slide towards the Trough of Disillusionment. That’s pretty fast movement for a technology that we haven’t yet succeeded in clearly defining!

In a troubling development for cybersecurity, the BlackByte ransomware group has shifted tactics by exploiting a newly discovered authentication bypass vulnerability in VMware ESXi, tracked as CVE-2024-37085. This vulnerability has allowed attackers to compromise critical infrastructure within enterprise networks, highlighting a significant shift in the threat landscape.

The Meduza Stealer, a malware designed for comprehensive data theft, first appeared on dark web forums on June 12, 2023. It was introduced by a mysterious actor known only as 'Meduza,' with prices ranging from $199 to $1199. Since its emergence, it has gained attention across cybercriminal communities for its potent capabilities.

Worried about GitHub Copilot’s security and privacy concerns? Learn about potential risks and best practices to protect yourself and your organization while leveraging AI.

California’s data protection law applies not just to consumers, but to employees. And it’s finally taking effect.