The not-so-distant memories of security events like Log4Shell and the SolarWinds attack keep software supply chain attacks front of mind for developers. There are things organizations can do to detect and deter malicious supply chain attacks, including the recently mandated (as per the U.S. federal government) software bill of materials (SBOM).

News broke in early February that the ACN, Italy’s National Cybersecurity Agency, issued a warning regarding a VMware vulnerability discovered two years ago. Many organizations hadn’t yet patched the issue and became the victims of a new ransomware called ZCryptor. The malicious software wreaked havoc on Italian and European businesses by encrypting users’ files and demanding payment for the data to be unencrypted.

On March 2nd, 2023, the Biden-Harris Administration released a fact sheet announcing the National Cybersecurity Strategy, which outlines their vision for securing the nation's digital infrastructure and ensuring the safety of American citizens online. This strategy addresses the growing number of cyber threats facing the United States, including ransomware attacks, supply chain vulnerabilities, and state-sponsored hacking.

The boom of assets in cyberspace has brought companies into the folds of the cyber world. This growth, however, has come with its own set of flaws and vulnerabilities. The management of these vulnerabilities can be a tedious task. Services provided by vulnerability management companies thus become invaluable. This article will detail the top 11 vulnerability management companies, their importance, and their top features.

The vulnerability allows an attacker to extract the full ECDSA private key from BitGo Ethereum TSS wallets using a single signature and a few seconds of computation, bypassing all of BitGo security features.

Synopsys has struck gold in not one but THREE categories at the 2023 Cybersecurity Excellence Awards. The Cybersecurity Excellence Awards honor individuals and companies that demonstrate excellence, innovation, and leadership in information security. We are thrilled to have been awarded the top recognition in these categories.

Lack of resources & rate limiting is #4 on the OWASP Top 10 API Security Risks 2019. It is a prevalent API security risk. As per OWASP, rate limiting and resource-related flaws in APIs are quite easy to exploit, especially with automated toolkits and for-hire services. But the exploitation of the lack of resources & rate limiting flaws has severe consequences for the organization. So, what exactly is this security risk, and how do you prevent it?

We know that most security teams today handle a backlog of thousands of vulnerabilities. We also know that not all of these vulnerabilities pose a significant risk to your organization, whether or not they have a high severity score or are present on a business-critical asset. We’ve spoken with dozens of security teams over the last few months and have learned that filtering vulnerabilities across several factors is critical to accelerating remediation.

Listed as #4 on the OWASP Top 10 list, insecure design is a new category added in 2021 and is related to design and architectural flaws in web apps. Insecure design is a new category in the OWASP Top 10 in 2021. Listed at #4, it is a broad category related to critical design and architectural flaws in web applications that hackers can exploit. Insecure designs can’t be fixed by a perfect implementation. They require security controls to mitigate the threats.