A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Its been a bad time for Rackspace, or should I say, their customers. All round it seems as the outage was more than just a system fault.

This is the final of a six-part blog series that highlights findings from a new Mend white paper, Five Principles of Modern Application Security Programs. When thinking of adjectives to describe cyberattackers, it’s doubtful that many people would choose to call them innovative – a term we’re more likely to ascribe to things we enjoy. But the reality is that adversaries are innovative, constantly finding new ways to launch attacks that result in greater rewards for less effort.

OV stands for Organization Validation, and EV stands for Extended Validation. To obtain these certificates, developers, development companies, and publishers have to fulfill a basic set of requirements. This includes furnishing the required documents, including physical address proof, telephone number, and legal documents of company creation. In addition to this, depending on the type of code signing certificate you need, the requirements can change further.

Did you forget your password…again? Wouldn’t it be great if you never had to deal with passwords ever again? Well, we’ve got great news for you! Meet the passkey, a brand-new passwordless technology built on industry standards by the World Wide Web Consortium (W3C) and the FIDO Alliance and backed by Apple, Google and Microsoft. Read on to find out what you need to know about passkeys – and all about how Keeper is planning to support them in 2023.

All software has bugs, and some can be difficult to find or reproduce. However, not all approaches to bug-finding need to be difficult to use! Fuzzing is an undeniably effective approach to finding security issues and bugs in software projects, however, tools can be complex to set up and execute. CI Fuzz CLI (open-source), automates the parts that make fuzzing complex, giving its users the look and feel of a unit test.

An incident response plan assigns responsibilities and lists procedures to follow if an event such as a breach were to occur. Having a plan put in place to handle cybersecurity incidents at your business can aid your business in identifying when a cyberattack is taking place, how to clean up the mess that an attack leaves and prevent an attack from happening again. Read on to learn why an incident response plan is needed, incidents that require response plans and more.

2022 revealed that security challenges remain for organizations leveraging GitHub. Between supply chain attacks, API key leaks, and other security risks, there are plenty of lessons and takeaways from this year’s GitHub-related headlines. In this post, we’ve rounded up and categorized the year’s largest GitHub stories. Read on to learn more about the types of security risks occurring in GitHub and the lessons you’ll want to take with you into 2023 and beyond.