CSO wish list for Developers
The four things the CSO of today's modern organization wishes their Developers did more of and how to do them.
Safeguarding Justice
In an era dominated by digital advancements, the legal landscape is not exempt from the pervasive threat of cyberattacks. Law firms, entrusted with sensitive and confidential client information, must prioritize cybersecurity to safeguard both their clients and their own reputation. The consequences of a security breach can be severe, ranging from financial losses to irreparable damage to the firm’s integrity.
Code Signing with Azure Key Vault: Create a Key Vault, Generate CSR and Import Certificate
In today’s digital landscape, where data security is paramount, protecting your private keys, generating certificates, and managing secure connections is crucial. Microsoft Azure KeyVault offers a robust and reliable solution for handling these critical security aspects. Follow the Video to Manage your Keys and Code Signing Certificates on Microsoft Azure KeyVault. You can Buy Code Signing Certificates for Azure Key Vault to Digitally Sign your Executables and Packages.
WEBINAR MOMENT: Do Not Push This To Production
A fun moment from GitGuardian's Ethical Hacking Webinar with Snyk's Sonya Moisset. Sonya finds code that shouldn't have been pushed to production.
Phishing-Resistant MFA Will Not Stop Phishing Attacks
You would be hard-pressed to find an author and organization (KnowBe4) that has pushed the use of phishing-resistant multi-factor authentication (MFA) harder. When the world was touting “MFA,” we were shouting “PHISHING-RESISTANT MFA” even louder, including here: Today, many of the world’s leading cybersecurity voices, including CISA, Microsoft and Google are pushing phishing-resistant MFA. Here is CISA’s take on it.
Assessing Third-Party Vendors: A Cybersecurity Checklist
The reliance on third-party vendors for diverse services has become a norm in 2023. However, this dependence brings with it the need for a heightened focus on the cybersecurity posture of these external partners. It’s imperative for businesses to meticulously assess the cybersecurity risks and compliance levels of their vendors to safeguard against potential vulnerabilities that could impact their operations.
Founder Of Crypto Exchange Bitzlato That Laundered Over $700M In Illegal Proceeds Pleads Guilty
Read also: TrickBot dev faces up to 35 years in prison, Platypus hackers walk free in France, and more.
How Malicious Insiders Use Known Vulnerabilities Against Their Organizations
We are well aware of the devastating effect insiders can have when using their legitimate access and knowledge to target their own organization. These incidents can result in significant monetary and reputational damages. Entities small and large, across all sectors, can fall victim to insider threats.
WEBINAR MOMENT: Trying a Directory Traversal Hack
A clip from GitGuardian's webinar on Ethical Hacking. Special guest, Snyk's Sonya Moisset, uses a directory traversal hack to get much deeper into the app's source code than should ever be allowed.
PCI 4.0: Your Next Audit May Take Longer, But it's for a Good Cause
2024 is almost here, and that means PCI DSS 4.0 will soon go into effect. The newest version will have some mandatory controls on March 31, 2024, for those who store, process, or transmit card payment data. While its predecessor weighed in at 190 pages, PCI DSS 4.0 is 486 pages and includes 63 new security controls.