Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Many high-growth technology startups are pressured to deliver applications to market ahead of fast-moving competitors. It’s all too easy to allow a “we’ll get to that eventually” mentality to creep in when competing priorities appear to force a tradeoff with development velocity. This introduces unnecessary risks, but they can be mitigated by implementing an effective AppSec program that involves the right tools, processes, and mindset.

On 3rd November, Bleeping Computer reported that the BlackMatter Ransomware-as-a-Service group had posted a message alerting users that its operations were ceasing within 48 hours. The message advised affiliates to obtain their decryption keys so that they could continue to extort current victims.

We’ve previously discussed what social engineering attacks are and what you can do to prevent them. Here, we’re going to review the reasons why threat actors persist with these types of attacks and why every single employee is potentially susceptible to a social engineering attack.

ISO 27001 is the most popular internationally recognized standard for managing information security. Its creation was a joint effort between the International Organization for Standardization (ISO), and the International Electrotechnical Commission (IEC) - this is why the framework is also referred to as ISO/IEC 27001. ISO 27001 can also be implemented into a Third-Party Risk Management program.

Veracode was recently recognized by the Commonwealth Institute and Boston Globe Magazine as a Top 100 Women-Led Business in Massachusetts. The honor, which was awarded to Veracode’s CEO, Sam King, is given to female leaders across multiple industries who are at the helm of Massachusetts’ most noteworthy companies. ​

A recently published report from the US Government Accountability Office (GAO) has warned that official security guidance from the Department of Education is out-of-date, and needs to be refreshed to address the increasing reports of ransomware and other cyber threats.

Hackathons vary in sizes and shapes, but ours has typically been a 24-hour sprint, with teams submitting a five-minute video presenting their project. This year was our biggest hackathon yet, with almost 90 teams registering across a multitude of departments including Support, Sales, Product, Technical Writing, and, of course, Engineering! We crowdsource the first-round judging by asking anyone at Rubrik to participate in evaluating projects.