Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This week on the podcast we cover CISA's freshly-released Cybersecurity Performance Goals (CPGs) designed to help smaller organizations bridge the gap between frameworks and practical implementation. After that, we discuss a new bill working its way through the US Senate designed to address open source software security risks. Finally, we end with a research post from Microsoft on the evolution of an interesting malware campaign.

The top cyber news stories you need to know about right now. Microsoft Security Threat Intelligence is reporting on the Raspberry Robin worm, having infected at least 3000 systems across 1000 organizations at time of this report. First reported by Red Canary in September, Raspberry Robin is spread via USB drive (yes this is still a viable attack vector, and very similar to how Stuxnet initially kicked off). It has very similar technical behavior to the FakeUpdates malvertising campaigns.

Join Veracode and Cybeats as they engage in a discussion breaking down all of the details from creation to strategies around SBOMs.

FORTUNE-recognized data privacy and protection solutions allow financial institutions the tools and security to improve data storage, flows, and protected usage within minutes. Discover how Protegrity Vautless Tokenization works wonders for organizations, and check out our finance-catered data protection solutions today.

What to Expect CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands. In this live stream, our expert Daniel will: All code examples and tools used are open-source.#c/c++ #fuzzing #security #opensource #automotive

Meet our partner experts and learn more about how JFrog's Pyrsia project (the decentralized package network) works hard to secure the #softwaresupplychain! Learn more at https://pyrsia.io/.
#DevOps #DevSecOps

The video describes how to use async inventory reporting for Accounts with multiple organizations and how to filter a report by library name before generation for a project, product, or organization using the Mend UI.

Are you using JetBrains WebStorm? Mend can integrate with your IDE and quickly detect open source artifacts and their known vulnerabilities. Mend also provides all the information you need to fix these artifacts automatically.

We believe compliance should be a team sport. With Workflow Automation, your team can be segmented into “groups”, including DevOps, Engineering, HR, and Legal. TrustOps intelligently delegates tasks, controls, tests, and systems into these groups. Group have owners, who assign each component of your company’s compliance program to the right person within their group.

You can now connect TrustOps to multiple SaaS vendors that you use to run your product and business, and we automatically collect inventory lists from these vendors to satisfy audit requirements. With this new release, TrustOps intelligently creates the following inventory lists for you: Databases in AWS RDS Logs from AWS Cloudwatch Alerts from AWS Cloudwatch Alerts IT assets from Jamf and Duo HR lists from BambooHR and TriNet.