South Korean IT Firm Conspired With North Korean Hackers, Stole $2.5M Via Ransomware
Read also: Nigeria dismantles cybercrime recruiting and mentoring hub, two Russians charged over JFK taxi dispatch hack, and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Rego for beginners: Introduction to Rego
This blog post series offers a gentle introduction to Rego, the policy language from the creators of the Open Policy Agent (OPA) engine. If you’re a beginner and want to get started with writing Rego policy as code, you’re in the right place. In this three-part series, we’ll go over the following.
What does Biden's Executive Order on AI safety measures mean for businesses?
On October 30, U.S. President Joseph Biden issued a sweeping Executive Order (“EO”) focused on making AI safer and more accountable.
SAST vs. DAST for Security Testing: Unveiling the Differences
Application Security Testing (AST) encompasses various tools, processes, and approaches to scanning applications to uncover potential security issues. Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) are popularly used security testing approaches that follow different methodologies of scanning application codes across different stages of a software development lifecycle.
Cisco IOS XE Privilege Escalation (CVE-2023-20198) - Cato's analysis and mitigation
All secured webservers are alike; each vulnerable webserver running on a network appliance is vulnerable in its own way. On October 16th 2023 Cisco published a security advisory detailing an actively exploited vulnerability (CVE-2023-20198) in its IOS XE operating system with a 10 CVSS score, allowing for unauthenticated privilege escalation and subsequent full administrative access (level 15 in Cisco terminology) to the vulnerable device.
CISO Panel Discussion on Application Security
In this CISO panel discussion, join Kiran Belsekar, EVP – CISO & IT governance, Aegon Life, Manoj Srivastava, CISO, Future Generali and Ashish Tandon, Founder and CEO, Indusface. They cover a variety of topics including: Top challenges facing the office of the CISO Alert fatigue and steps to reduce it Top threat vectors faced by the insurance industry in India The rising threat of LLMs API security and best practices to secure APIs Fighting the perception battle and positioning security teams as business enablers Cutting through vendor noise and picking the right tech stack.
Get More Out of Mend.io with Repository Integrations
How do you build a successful AppSec program? Today, we’re focusing on an area where we have great evidence for a specific best practice – Repository Integration. Choosing where to deploy SCA scans can have a major impact on the success of your AppSec program. You can boost the value of Mend SCA by scanning in your repositories, and we want to show you how!
Mend.io Customer Success Story - WTW
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks. With a proven track record of successfully meeting complex and large-scale application security needs, Mend.io is the go-to technology for the world’s most demanding development and security teams. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project.
Bring Your GRC to New Heights: 3 Metrics Every Security Team Should Track
Leading a security team can sometimes feel like you’re being asked to climb a mountain—without any equipment. There’s a lot on the line. You’re trying to stay on the right path, avoid obstacles, and report back your progress to someone who doesn’t even understand what mountain range you’re in. In other words, it’s a climb filled with frustrations and obstacles. We're here to equip you with the tools you need to conquer this security peak.
Are Managed SASE Offerings the Wave of the Future? A Roundtable Discussion with GSI's & SP's
Organizations quickly adapted when they needed to suddenly support hybrid and remote workforces, often in inefficient and unsustainable ways. New technologies and new managed services can now help companies realize the full potential of SASE. In this roundtable discussion, you'll hear leading System Integrators and Service Providers talk about their clients’ top challenges and use cases, how that’s changed over the past three years, and where they see networking and security evolving over the coming years.