Requirements for reporting cybersecurity incidents to some regulatory or government authority are not new, but there has always been a large amount of inconsistency, globally, in exactly what the requirements are. More recently, there’s been a growing trend across government and regulatory bodies in the United States towards shorter timeframes for reporting of cybersecurity incidents. Here’s a brief rundown of the recent activity.

Containerization describes the creation of a self-contained computing environment that runs on a host machine and any operating system (OS) with an available container runtime engine. Built from an image, a container holds an app and the filesystem alongside configurations, dependencies, binaries, and other specifications needed to run it successfully. Containers are typically much smaller than virtual machines and run in the host’s OS rather than containing OSs themselves.

In an ever-expanding web landscape, JavaScript is the glue that holds website and web application development together. But eventually, weaknesses, cracks, and gaps are going to appear in the JavaScript code. When this happens, businesses may find themselves at risk of something more dangerous. Understanding JavaScript security in today’s digital landscape, and the issues and problems related to vulnerable JavaScript code, are critical to protecting businesses and client-side interactions.

The modern infrastructure is controlled by the DNS with pointers to both internal and third-party services. As a result, organizations are simultaneously expanding their attack surface and inviting potential cyber threats. Unknown subdomains can be challenging, as they are not always closely monitored.

Microsoft Word, Excel, PowerPoint, and other Office document formats are popular among attackers, who abuse them to infect their victims with ransomware, infostealers, backdoors, and other malware. In this article, we look at the anatomy of a recent Office document attack from the victim’s perspective, highlight the most common types of Office document attacks seen today, and suggest strategies to reduce your risk of becoming the latest victim.

You hear a lot about shifting your application security (AppSec) left – in other words, shifting AppSec to the beginning of the software development lifecycle (SDLC). While we firmly believe that you should continue scanning in development environments, that doesn’t mean that you should neglect applications that have been deployed to or staged in runtime environments.

Security teams want to accomplish their best work — but they're being prevented from doing so. We recently surveyed 468 full-time security analysts for our 'Voice of the SOC Analyst' report to learn more about their day-to-day workloads, successes, and concerns. What we found was that seven out of ten analysts are either somewhat or very burned out, and that six out of ten analysts want to find a new job in the next year.