Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Rezilion

How Generative AI Can Enhance Software Supply Chain Security

Generative AI is the technology of the moment, and is actually being hyped as providing transformational benefits for years to come, including when it comes to software supply chain security. This subset of AI uses machine learning algorithms to generate new data and content. Given the increasing importance of the software supply chain, it is critical to use every measure possible to secure it. But this is no easy feat—96% of scanned codebases contain open source.

What Can Happen If You Don't Address Software Supply Chain Security Issues?

By now we know that software supply chain security issues are plentiful. And perhaps you’ve (wisely) decided that it’s a good idea to secure your software supply chain…you just haven’t gotten around to dealing with it yet, given other organizational priorities. The more software you use, the more important it becomes to secure it. Software supply chain attacks are increasing, and there are major implications if you don’t.

Products for Software Supply Chain Security

As CISOs and CSOs craft or broaden their software supply chain security programs, they will be faced with an overwhelming number of tools in a variety of categories. Even with product consolidation, it may be confusing to figure out what they need in their tech stack. It’s no wonder–the software supply chain is comprised of code, configurations, proprietary and open source components, libraries, plugins, and container dependencies that are mainly derived from third-party providers.

The Cost of a Data Breach Reaches an All-Time High

Like most things in life, the cost of a data breach has gone up, reaching an all-time high of $4.45 million—a 2.3% increase over last year’s cost, according to IBM’s newly-released Cost of a Data Breach 2023 report. In the firm’s 2020 report, the average cost was $3.86 million, a 15.3% increase.

How to Help Manage the Risks of Generative AI in the Enterprise

Many organizations are racing to deploy generative artificial intelligence (AI) products, as they look for ways to leverage the hot technology. While generative AI is revolutionizing how people create, interact with, and consume digital content—and the advent of large language models (LLMs) such as Generative Pre-Trained Transformer (GPT) has increased the capabilities of generative AI—the technology also presents security risks for organizations and users.

2022's Most Exploited Vulnerabilities: Insights and Future Preparedness

The cybersecurity landscape is a dynamic battlefield where attackers constantly seek out vulnerabilities to exploit. In this context, the release of the list of top 12 routinely exploited vulnerabilities by CISA in August 2022 provides invaluable insights into the ever-evolving nature of cyber threats. Our new report delves into these vulnerabilities, their historical exploitation, and potential future threats.

Forged Azure Access Tokens Exploited by Storm-0558: A Cloud Vulnerability Transparency Gap

Starting May 15, 2023, threat actor Storm-0558 illicitly employed forged Azure Access tokens tokens to gain unauthorized access to user emails in around 25 organizations, encompassing government agencies and various consumer accounts hosted on the public cloud.

Rezilion Uncovers High-Risk Vulnerabilities Missing from CISA KEV Catalog, Challenging Current Patching Prioritization Standards

Rezilion announces new report, "CVSS, EPSS, KEV: The New Acronyms - And The Intelligence - You Need For Effective Vulnerability Management," detailing the critical importance of the Exploitability Probability Prediction Score (EPSS) for enhancing patch prioritization and effective vulnerability management.

CVSS + EPSS + KEV: Why You Need All Three to Effectively Manage Vulnerabilities

Security and development teams know that managing vulnerabilities is complex and challenging. The ultimate aim of a vulnerability management program is to minimize the organization’s overall risk exposure by identifying, prioritizing, and resolving vulnerabilities that impact its assets and environment. Attackers frequently exploit known vulnerabilities to gain access to the organization.

Open Source Security Incidents and How Organizations Can Respond

Attacks that leverage vulnerabilities in open source software are on the rise. How security teams respond to these incidents is key to what impact they will ultimately have. Oftentimes the attacks stemming from open source vulnerabilities are unpredictable, making them a big challenge for teams.