Following President Biden’s address to Congress last night in which he referenced cybersecurity as a priority twice, news is circulating today that the executive order on cybersecurity is imminent. This news comes as a much awaited and long overdue step towards creating standardization and structure around cybersecurity.

The role of the developer has evolved over the past several years. Developers are not only responsible for writing code and releasing new software rapidly but also for securing code. By implementing security in the software development lifecycle, you can reduce risk and cost without slowing down time to production. But the developer role is already stretched so thin and many developers don’t have a background in security.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. I don’t know about you, but I’ve always been wary of the risk of QR codes. Yes they are useful, but the risk of visiting a dodgy embedded URL without prompt goes against all we’re told. I’m pretty sure there have been issues in the past, but here is a new example.

It’s estimated that cyber crime will cost businesses as much as $45,000,000,000 by 2025. Each year, small businesses who haven’t put a cyber security plan in place are at the mercy of hackers who are using ever increasingly sophisticated methods to breach their network, compromise their data - and even hold the business to ransom.

Today, having a strong data governance program is critical for many reasons: understanding and minimizing risk to sensitive data, maintaining security and trust, avoiding compliance fines, and empowering knowledge workers to be more effective at their jobs. The trouble is, if you don’t manage scope properly, and instead try to eat the proverbial data governance elephant all in one bite, you are setting yourself up for trouble.

Application security has a broad scope for teams that build and ship cloud native applications. The landscape spans many processes, tools, and team members, and includes anything from automating secure pipelines (hello DevSecOps) to open source security to cloud infrastructure security testing.

Financial crime has become a red-hot topic over the last 12 months, as fraudsters have sought to exploit the monitoring gaps between people, process and technology across an ever-widening attack surface – driven by the growth in usage of remote (digital) channels. Even before its recent growth, the cost of fraud and financial crime was significant.

The CVE-2021-25735 medium-level vulnerability has been found in Kubernetes kube-apiserver that could bypass a Validating Admission Webhook and allow unauthorised node updates. The kube-apiserver affected are: You are only affected by this vulnerability if both of the following conditions are valid: By exploiting the vulnerability, adversaries could bypass the Validating Admission Webhook checks and allow update actions on Kubernetes nodes.