Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Arctic Wolf Labs team recently investigated a Lorenz ransomware intrusion, which leveraged a Mitel MiVoice VOIP appliance vulnerability (CVE-2022-29499) for initial access and Microsoft’s BitLocker Drive Encryption for data encryption. Lorenz is a ransomware group that has been active since at least February 2021 and like many ransomware groups, performs double-extortion by exfiltrating data before encrypting systems. Over the last quarter, the group has primarily targeted small and medium businesses (SMBs) located in the United States, with outliers in China and Mexico.

cifuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands.

#policies
This video in the series describeshow the Mend Unified agent can be used to check and fail CI/CD pipelines when open source vulnerabilities and licensing risks are detected.

At Amazon, Jeff Bezos was famous for having an empty chair in the meeting room that represented the customer. I admire him for that because as the organization grows, it's easy to have meetings that are so focused on metrics, KPIs, internal execution, etc. that you lose sight of the customer. Here’s how we practice being customer-obsessed at SecurityScorecard: We make sure that we start every meeting by sharing customer insights, such as.

Writing riskless code is challenging, and the cost of deploying vulnerable code can be extremely high. But detecting issues before they hit production can reduce costs and user pain. Both Snyk and Codecov work to help developers catch issues in your codebase before they become problems. Join members from Snyk and Codecov going over everything you need to know to understand how to de-risk code.

16 weeks of preparation in the ConnectWise PitchIT acceleration program comes down to this 5-minute pitch. On August 31st Vonahi presented their solution in front of partners, judges, and the MSP community for the chance to make it to the top 3 finalists. Winning this round gives Vonahi the chance to present vPenTest on center stage at The IT Nation Connect conference in front of +3,000 attendees.

In this video, Bob Gilbert, Netskope’s VP Strategy and Chief Evangelist, presents a live demo of Netskope Endpoint DLP

Tony Loehr, Developer Advocate at CyCode, discusses the strengths of the CyCode platform in the software development life cycle to secure software delivery.

As globalization takes shape and government regulations defy borders, the issue of compliance risk remains a top-level business issue. Growing concerns over consumer privacy and data security have prompted a rush of legislation intended at holding corporations more accountable for maintaining and sharing the information they collect about consumers.

JavaScript is widely used in both backend and frontend applications. Crashes that cause downtime or other security issues are very common in nodejs packages. Our goal with Jazzer.js is to make it easy for developers to find such edge cases. In this webinar, Norbert will show you how to secure JavaScript applications using our open-source fuzzer Jazzer.js.