Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

A primer on homomorphic encryption

For any company in the IT industry, it is virtually impossible to function unless a lot of personally identifiable information and confidential data flows through servers across deployments every single day. While working with this kind of data, companies need to be watchful about the state of its encryption. This information needs to be encrypted both when it is stored (data at rest) and when it is transmitted (data in transit).

Take Me Down to Funksec Town: Funksec Ransomware DLS Emergence

Cyjax has continued to observe the emergence of data-leak sites (DLSs) for extortion and ransomware groups, with ContFR, Argonauts, Kairos, Chort, and Termite, appearing November 2024 alone. Cyjax has identified the emergence of a Tor-based DLS belonging to a new, self-called “cybercrime group” named ‘Funksec’. This group has claimed 11 victims so far and advertises a free Distributed Denial-of-Service (DDoS) tool.

Seven steps to close coverage gaps with ASPM

The old adage “knowledge is power” holds especially true in the realm of AppSec. By remaining aware of the potential threats to applications and closing gaps in coverage, AppSec teams can demonstrate to leaders that they are in a solid position to protect vital assets. However, visibility is riddled with challenges, not the least of which are highly productive developers racing to market, often using AI-generated code that contains potential security issues.

2024 Open Source Security Report: Slowing Progress and New Challenges for DevSecOps

Trust is the foundation of the open source community — but what happens when that trust is betrayed? When a backdoor vulnerability was found in a widespread Linux-based data compression tool, it nearly created an opportunity for malicious actors to seize control of countless computers worldwide. The vulnerability was introduced by a trusted contributor who, after years of building rapport with maintainers, ultimately exploited that trust.

Scale Quickly with a Partner Focused on Growth

Cloud computing is no longer just a choice—it’s a necessity for modern organizations aiming to thrive in today’s business environment. Infrastructure scalability, cost management, and multi-layered security are driving organizations toward cloud solutions. But finding the right partner to guide this transition is often the biggest challenge. High Point Networks, an established IT services provider, successfully tackled this challenge by partnering with 11:11 Systems. The result?

Barak Engel Lightning Interview

Welcome to the third installment of Riscosity’s Lightning Interview Series In this episode, we sit down with Barak Engel, founder and CEO at EAmmune, and CISO at MuleSoft, Amplitude, StubHub, BetterUp, and Faire among others. Barak is also the author of Why CISOs Fail, The Security Hippie, and The Crack in the Crystal. Ever wonder how you pentest a novel? Tune in to find out.

API Security: 200 is Not Always Okay, and How to Cope with This

While a 200 OK status often signals success, its appearance can be deceiving, especially when it cloaks significant threats within API interactions. This session expands on the critical role of APIs as part of the broader attack surface essential for robust Threat Detection, Identification, and Response (TDIR) programs. We’ll explore intricate case studies where seemingly successful responses harbored risks that bypass traditional monitoring. Learn how to enhance your SIEM capabilities by effectively detecting anomalies in API traffic, ensuring that every layer of interaction is scrutinized—not just the surface.