Believe it or not, the Financial Services industry has one of the slowest vulnerability remediation rates, with a median of 426 days. “Financial regulators can no longer rely on static, point-in-time assessments to understand the cybersecurity risks posed to the financial system,” said Sachin Bansal, SecurityScorecard’s Chief Business and Legal Officer, in a recent BusinessWire article. “Continuous monitoring tools must be a part of every regulator's toolbox.”

“Shifting Left” has long been thought of as a silver bullet of sorts for security. Conducting security testing earlier in the development cycle to catch vulnerabilities in staging rather than production environments is certainly worthwhile and can significantly lower an organization’s risk profile.

In software testing, negative testing refers to the practice of feeding a system with unexpected or invalid inputs. Given an input field that accepts numeric values from 0-100, positive tests would assess if the application does what it's supposed to do, given input values such as "1", "2" or "99".

Pro-Russian threat actor group Killnet claims to have launched DDoS attacks against Starlink and the United States’ government website whitehouse.gov. Starlink is a satellite internet service company operated by SpaceX. In 2019, SpaceX began launching Starlink satellites, and as of September 2022 is reported to have launched more than 3,000 satellites into low-Earth orbit (LEO).

IT environments in businesses are often volatile. The value of hardware might depreciate over time. There is constant evolution in the world of software. Existing configurations go through a variety of transitions. While some of these updates are permitted since they are part of the organization's regular patching cycle, others raise red flags because they appear out of nowhere.

Environments like GitHub present data exposure risk in the form of secrets leakage and sensitive PII leaking from repositories. Read this online guide, for free, to learn about the problem of secrets exposure and leakage in GitHub, as well as how to easily implement secrets detection and scanning to prevent this risk.

In the business world, compliance means making sure that companies of all sizes are meeting the standards set by regulatory or oversight groups in various laws and standards, such as HIPAA, PCI DSS, SOX, and GDPR. Sometimes, an organization will self-impose its compliance by adhering to guidance and frameworks from organizations such as NIST, ISACA, ISO, and other advisory bodies.

My colleague, 1Password Senior Security Specialist (and all round stand-up guy) Chris Butler, and I recently chatted about a trend that’s emerged over the past few years: attempts to capitalize on cybersecurity incidents through self-promotion.