“Science and technology revolutionize our lives, but memory, tradition, and myth frame our response.” – Author Arthur M. Schlesinger Urban myths rely on their communities of origin to thrive and survive.

With the onset of the ongoing COVID 19 pandemic, cybercriminals started looking for opportunities to threaten the already suffering businesses through malware, ransomware, and social engineering attacks. Amidst this public health crisis, a new remote working culture evolved as remotely connected workplaces had to adapt rapidly to a greater digital threat emerging online.

Endpoint security is at the forefront of digital transformation due to the very nature of needing to protect devices outside the company’s network perimeter. This started with traditional devices such as laptops and desktops. Endpoint security then quickly expanded to include mobile security, for smartphones and tablets. And, as more data moved to the cloud endpoint security came to include servers and containers, both inside and outside of the network perimeter.

We here at WhiteSource often get asked if we use our own software when we’re developing our product. It’s a fair question. Like most of our customers, we write a lot of code. A lot of code. And we want it to be secure. Really secure. So it should come as no surprise that the answer to this question is a resounding and absolute yes! At WhiteSource, we believe in practicing what we preach.

Whether you’re just starting to understand basic Rego language concepts or want to brush up on structuring policy-as-code rules, Styra Academy’s “OPA Policy Authoring” course lays out the fundamentals you need to know to get started. Before we dive in, let’s get a better understanding of Open Policy Agent (OPA) and some common use cases. OPA is an open source, general purpose policy engine for cloud native environments.

In today’s highly regulated digital businesses a frictionless, and secure identity verification has become a mandate. The traditional onboarding process for new clients can be time-consuming, error prone, labor-intensive, manual process involving multiple departments within the institution. This can lead to frustrating delays for customers and can put a strain on the business relationship.

The latest Honeywell USB Threat Report 2020 indicates that the number of threats specifically targeting Operational Technology systems has nearly doubled from 16% to 28%, while the number of threats capable of disrupting those systems rose from 26% to 59% over the same period. Let’s face it. Critical infrastructure operators in manufacturing, aerospace, energy, shipping, chemical, oil and gas, pulp and paper, water and wastewater, and building automation are heavily relying on USB devices.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. A supply chain infection that could have had far reaching impact had it filtered to deployed builds. This time, instead of package dependency infection, they went for the core….

It’s official! Snyk Container offers support for scanning container images stored in the popular open source container registry, Harbor. Snyk Container helps you find and fix vulnerabilities in your container images, and now it integrates with Harbor as a container registry, enabling you to import your projects and monitor your containers for vulnerabilities. Snyk tests the projects you’ve imported for any known security vulnerabilities found, testing at a frequency you control.

CISA, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, has told federal agencies that they have until 12:00pm EDT on Monday April 5 to scan their networks for evidence of intrusion by malicious actors, and report back the results. CISA is ordering agencies with on-premises Microsoft Exchange servers to urgently conduct the scans following widespread exploitation of vulnerabilities, in fear that some compromises may have remained undetected.