Nucleus Security Partners with SecurityScorecard to Enhance Unified Risk Analysis and Compliance Reporting
Customers can now ingest scorecard data directly into their Nucleus Security projects.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
%term
A primer on homomorphic encryption
For any company in the IT industry, it is virtually impossible to function unless a lot of personally identifiable information and confidential data flows through servers across deployments every single day. While working with this kind of data, companies need to be watchful about the state of its encryption. This information needs to be encrypted both when it is stored (data at rest) and when it is transmitted (data in transit).
Take Me Down to Funksec Town: Funksec Ransomware DLS Emergence
Cyjax has continued to observe the emergence of data-leak sites (DLSs) for extortion and ransomware groups, with ContFR, Argonauts, Kairos, Chort, and Termite, appearing November 2024 alone. Cyjax has identified the emergence of a Tor-based DLS belonging to a new, self-called “cybercrime group” named ‘Funksec’. This group has claimed 11 victims so far and advertises a free Distributed Denial-of-Service (DDoS) tool.
Seven steps to close coverage gaps with ASPM
The old adage “knowledge is power” holds especially true in the realm of AppSec. By remaining aware of the potential threats to applications and closing gaps in coverage, AppSec teams can demonstrate to leaders that they are in a solid position to protect vital assets. However, visibility is riddled with challenges, not the least of which are highly productive developers racing to market, often using AI-generated code that contains potential security issues.
2024 Open Source Security Report: Slowing Progress and New Challenges for DevSecOps
Trust is the foundation of the open source community — but what happens when that trust is betrayed? When a backdoor vulnerability was found in a widespread Linux-based data compression tool, it nearly created an opportunity for malicious actors to seize control of countless computers worldwide. The vulnerability was introduced by a trusted contributor who, after years of building rapport with maintainers, ultimately exploited that trust.
Scale Quickly with a Partner Focused on Growth
Cloud computing is no longer just a choice—it’s a necessity for modern organizations aiming to thrive in today’s business environment. Infrastructure scalability, cost management, and multi-layered security are driving organizations toward cloud solutions. But finding the right partner to guide this transition is often the biggest challenge. High Point Networks, an established IT services provider, successfully tackled this challenge by partnering with 11:11 Systems. The result?
Trustwave Launches Two New Microsoft Security Accelerators
Trustwave has launched two additional Microsoft Security accelerators designed to quickly increase an organization’s security maturity and identify potential cost-saving initiatives. The new accelerators are focused on Microsoft Purview and Microsoft Entra ID.
QR Code Scams: The New Frontier of Cyber Attacks
QR codes are being weaponised to bridge the digital and physical realms. Learn how criminals are exploiting this overlooked threat in everyday scenarios.
Barak Engel Lightning Interview
Welcome to the third installment of Riscosity’s Lightning Interview Series In this episode, we sit down with Barak Engel, founder and CEO at EAmmune, and CISO at MuleSoft, Amplitude, StubHub, BetterUp, and Faire among others. Barak is also the author of Why CISOs Fail, The Security Hippie, and The Crack in the Crystal. Ever wonder how you pentest a novel? Tune in to find out.
API Security: 200 is Not Always Okay, and How to Cope with This
While a 200 OK status often signals success, its appearance can be deceiving, especially when it cloaks significant threats within API interactions. This session expands on the critical role of APIs as part of the broader attack surface essential for robust Threat Detection, Identification, and Response (TDIR) programs. We’ll explore intricate case studies where seemingly successful responses harbored risks that bypass traditional monitoring. Learn how to enhance your SIEM capabilities by effectively detecting anomalies in API traffic, ensuring that every layer of interaction is scrutinized—not just the surface.