On Wednesday, July 20, 2022, Cisco disclosed a critical severity vulnerability – CVE-2022-20857 – impacting Cisco Nexus Dashboard, an integrated dashboard used for visibility and provisioning data center and cloud network infrastructure. If successfully exploited, the vulnerability could allow an unauthenticated, remote threat actor to execute arbitrary commands as the root user in any pod on a node.

On Wednesday, July 20, 2022, Atlassian released patches to remediate two critical vulnerabilities (CVE-2022-26136 and CVE-2022-26137) that impact how Atlassian products implement Servlet Filters and could lead to unauthenticated authentication bypass, cross-site scripting (XSS), or cross-origin resource sharing (CORS) bypass depending on the filters used by each impacted product.

When it comes to protecting your business, there is no such thing as being too cautious. In today's increasingly connected world, cyberattacks are becoming more and more common, and the stakes are higher than ever before. That's why many businesses are turning to 24/7 SOC through a managed security services provider (MSSP) to protect their business.

Shifting security left means preventing developers from using unacceptably vulnerable software supply chain components as early as possible: before their first build. By helping assure that no build is ever created using packages with known vulnerabilities, this saves substantial remediation costs in advance. Some JFrog customers restrict the use of open source software (OSS) packages to only those that have been screened and approved by their security team.

Control flows are the backbone of automation. Identifying what to do with a set of data – and how – is a key component of high-value automation, but it can also be confusing to wrap your head around at first. What is a conditional? And what does it have to do with a loop? How do you deal with a set of information versus a single data point?

It’s been just over a month since cybersecurity conferences returned in a big way with the comeback of RSA Conference after last year’s hiatus. A lot happened between 2020 and 2022 in the world, our lives, and cybersecurity, including the birth of a little no-code security automation start-up named Torq. RSAC 2022 was a great place to catch up on these changes and look forward to emerging trends and security needs.

The German IT Security Act 2.0 (IT-SiG 2.0) has been in force since May 2021. Due to this new law, significantly more German companies have been classified as operators of critical infrastructures (KRITIS) than ever. This is a major cause of headaches for many managers. In addition, IT departments are starting to ask themselves: "Are we now regarded as KRITIS"? And if so, "What do we have to take into consideration?"

The Verizon Data Breach Investigations Report (DBIR) is an annual publication that provides an analysis of information security incidents, with a specific focus on data breaches. Verizon has been publishing this report on an annual basis since 2008.

Organizations are moving workloads to the cloud to help keep pace with the speed of innovation. However, too often this is done without a proper plan in place to ensure that their security doesn’t fall behind. The potential financial and reputational damage, as well as the risk of lost data from a breach is massive, and that makes proper planning crucial.