We're pretty fired up about what we've introduced to the product throughout November. We leaned into collaboration last month with an emphasis on the ability to work across teams effectively. If you haven’t already, see the month’s highlights.

Rusty Cumpston and Jon Geater saw an opportunity to solve a huge supply chain trust problem and were inspired to build RKVST (pronounced as “archivist”), a platform aiming to bring integrity, transparency, and trust to digital supply chains. RKVST enables all partners in the supply chain to collaborate and work with a single source of truth, which can be helpful for tracking nuclear waste, storing historical flight data to optimize aircraft flight plans, and much more.

An organization's database contains intellectual property, information on clients, product development, personal information on its workers, and in many cases, critical information on consumers. Therefore, it not only makes sense to fully understand how an attacker can threaten a database, but how to best defend against such an attack. So, what are those dangers? In no particular order, the most significant threats facing databases today are system, privilege, and credential threats.

APIs provide rapid and scalable applications for banking, payments, and other businesses that require identity verification for AML and KYC compliance. In most countries, some firms are obliged by law to comply with AML and KYC. When such firms authenticate their consumers, APIs may provide a faster, simpler, and less expensive way to comply while fulfilling speed, security, and privacy demands.

In today’s world of remote work, business trips, and home offices, cybercrime doesn’t just occur within the four walls of an office. Bad actors can strike at all hours and utilize any and every vulnerability to gain access to valuable networks and assets — no matter where the device may be or what the user may be using it for. For example, look at the May Cisco breach.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Its been a bad time for Rackspace, or should I say, their customers. All round it seems as the outage was more than just a system fault.

This is the final of a six-part blog series that highlights findings from a new Mend white paper, Five Principles of Modern Application Security Programs. When thinking of adjectives to describe cyberattackers, it’s doubtful that many people would choose to call them innovative – a term we’re more likely to ascribe to things we enjoy. But the reality is that adversaries are innovative, constantly finding new ways to launch attacks that result in greater rewards for less effort.

OV stands for Organization Validation, and EV stands for Extended Validation. To obtain these certificates, developers, development companies, and publishers have to fulfill a basic set of requirements. This includes furnishing the required documents, including physical address proof, telephone number, and legal documents of company creation. In addition to this, depending on the type of code signing certificate you need, the requirements can change further.

Did you forget your password…again? Wouldn’t it be great if you never had to deal with passwords ever again? Well, we’ve got great news for you! Meet the passkey, a brand-new passwordless technology built on industry standards by the World Wide Web Consortium (W3C) and the FIDO Alliance and backed by Apple, Google and Microsoft. Read on to find out what you need to know about passkeys – and all about how Keeper is planning to support them in 2023.