Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Rezilion

What to Know About the CISA Software Bill of Materials Sharing Lifecycle Phases

As Software Bill of Materials (SBOM) adoption efforts mature, a report recently released by the Cybersecurity and Infrastructure Security Agency (CISA) provides guidance to users in selecting suitable SBOM sharing platforms based on the amount of time, resources, subject-matter expertise, effort, and access to tooling available to them to implement a phase of the SBOM sharing lifecycle. The lifecycle has three phases: discovery, access, and transport.

Fortinet Discreetly Patches CVE-2023-27997, a Known Exploited Vulnerability

According to Fortinet, 110 vulnerabilities affecting Fortinet software were announced since the beginning of 2023. On June 8th, security fixes were released in FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5. Interestingly, no specific reference to a CVE patch was provided, raising questions about the nature and extent of the new version release’s purpose.

Rezilion Launches Breakthrough Agentless Runtime Monitoring Solution for Vulnerability Management

Rezilion announces the release of its Agentless Runtime Monitoring solution. This new capability allows user connection and access to Rezilion's full feature functionality across multiple cloud platforms. It enables security teams to monitor exploitable attack surfaces in runtime without using an agent to simultaneously minimize security and operational risk.

The Biggest Risks to the Software Supply Chain

Software supply chain risks is an increasingly hot topic because attention to the supply chain has grown in recent years. Its importance has naturally attracted the attention of hackers, so protecting the software supply chain is paramount. A 2023 software supply study found that organizations recognize, and have been impacted by, software supply chain security threats.

Which Critical Vulnerabilities Discovered in 2023 Can Do Serious Damage? Read Our Report

Software vulnerabilities are among the biggest security risks organizations face today, and several critical vulnerabilities have already been revealed in 2023. Software bugs plague enterprises and small organizations alike and wreak havoc on entire supply chains. What’s worse, new bugs emerge on a regular basis, forcing security leaders and teams to scramble for solutions to avoid data breaches and other incidents.

CVE-2023-34362 - MOVEit Transfer Zero-Day SQL Injection Vulnerability Actively Exploited in the Wild

Progress Software has recently (May 31st, 2023) released a security advisory regarding a critical zero-day vulnerability affecting ALL VERSIONS of the company’s MOVEit product which is being actively exploited in the wild in order to exfiltrate data from targeted environments. The vulnerability has been already added to the CISA KEV (known exploited vulnerabilities) catalog.

The Cyber Resilience Imperative for Software Supply Chain Security

The concepts of cyber resilience and software supply chain security go hand in hand. It’s heartening that many organizations now recognize the cybersecurity landscape continues to evolve and grow more sophisticated and are taking steps to increase their security posture. However, not enough are working on becoming cyber resilient- especially when it comes to software supply chain security.

Rezilion Releases New Smart Fix Capability, Delivering Intelligent Guidance for Patching

Rezilion announces the release of its new Smart Fix feature in the Rezilion platform, which offers critical guidance so users can understand the most strategic, not just the most recent, upgrade to fix vulnerable components.

The Conflict Between Operational Risk and Security Risk

Let’s talk about operational risk and security risk. In the dynamic world of software development, a persistent tension exists between developers and security professionals when it comes to managing operational risk and security risk. Developers prioritize avoiding code disruptions, leading them to implement measures like version locking and reluctance to patch.