Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The number of tools organizations use is growing everyday. According to Zylo 2023 SaaS Management Index Report, the average organization has 291 SaaS applications in their tech stack — a number which only increases as your organization grows. The more tools that are added to your tech stack, the more third-party risk your business incurs. These risks could result in threats like data theft, service outages, or loss of revenue and customer trust. ‍

If, as the saying goes, two’s company and three’s a crowd, then, as of today, consider our Disaster Recovery trophy case standing room only. The unfortunate reality of today’s cybersecurity landscape is this: It’s not a matter of when, but if, your organization’s defenses will be tested. Success in these tense moments, when your adrenaline is pumping and time and attention are at a premium, requires more than just the right technology.

On January 11th, 2024, a significant security vulnerability was disclosed in Jinja2, a widely used Python templating library. Identified as CVE-2024-22195, this cross-site scripting (XSS) vulnerability has raised concerns due to its impact on numerous projects. Jinja2 boasts over 33 million weekly downloads, nearly 10,000 GitHub stars, and over 90,000 dependent projects. The vulnerability affects all versions prior to 3.1.3, with the patched version 3.1.3 being the only safe option.

Transforming what we learned in 2023 to new learning in 2024 will be an exciting and fulfilling journey. In 2023, we saw a huge surge in the use of AI, including cyberattacks utilizing AI and machine learning. We are also seeing an increased awareness in the need for application security posture management (ASPM). Snyk has also launched its own ASPM solution — Snyk AppRisk — designed to help AppSec teams implement, manage, and scale their security programs.

Cybersecurity compliance frameworks serve two functions: (1) they voluntarily provide a roadmap for organizations to follow to create robust, sustainable cybersecurity programs and (2) they mandatorily serve as legal or regulatory obligations to which organizations must demonstrate adherence. The ultimate intent of cybersecurity frameworks, regardless of their underlying function, is to reduce cybersecurity risk.

Egress Software is a cybersecurity firm specializing in digital communications. They analyze security risks within emails, messaging, documents, file-sharing gateways, and more. In their line of work, humans are the most significant cybersecurity risk to any organization.

Trustwave Government Solutions (TGS) is proud to announce its designation as “In Process Program Management Office (PMO) Review" by the Federal Risk and Authorization Management Program (FedRAMP) for its Government Fusion platform. TGS expects to receive full authorization in early 2024.

Using AI-based content detection, Egnyte has demonstrated the ability to detect and classify millions of documents for our customers over several years. Egnyte customers can locate files containing sensitive information, write safeguard policies to control how they are shared, and write file lifecycle management policies to automate retention, archival, and deletion.

A botnet is a network of infected devices known as bots, which are controlled by a single attacking party known as a bot herder. Botnets are made up of Internet of Things (IoT) devices such as computers, mobile devices, network routers and smart TVs. Botnets are used to carry out time-consuming cyber activities such as managing online chatrooms or tracking internal data. However, cybercriminals can use botnets for malicious purposes such as launching large-scale cyber attacks and stealing sensitive data.

Veracode is pleased to announce the availability of a new Integrated Development Environment (IDE) Plugin for VS Code. Our new plugin combines both Veracode Static Analysis (SAST) and Software Composition Analysis (SCA) into a single plugin. This allows developers to quickly scan projects for security weaknesses and risks in both first-party code and third-party libraries.