Surveys, unfortunately, show that the vast majority of organizations do little to no security awareness training. The average organization, if it does security awareness training, does it once annually, likely as part of a compliance program. It is not enough We know from customer data collected, involving many tens of millions of records, over 10 years, that the more frequently an organization does training and simulated phishing, the better able their staff is able to spot phishing attacks.

When 97% of CIOs all see things the same way, it’s probably a sign to take the risk of cyber threats seriously – a problem new data shows is only going to get worse in the next five years. I cover a ton of reports from cybersecurity vendors on our blog, but when you see a network infrastructure vendor put out a report with intent on just covering the challenges organizations are facing and they have some interesting data on cybersecurity, it got my attention.

We're sometimes asked, "Can you run Bash or Python scripts natively in Tines?" and today, we're sharing the answer, and weighing in on the debate between full-code, low-code and no-code automation. The short answer is yes, you can run scripts and linux commands natively in Tines, however, you might not necessarily want to. Many of our customers avoid doing so for security, usability and performance reasons. Let's take a closer look at some of these potential pitfalls.

In today's financial landscape, businesses are interconnected, and outsourcing and partnerships are necessary—meaning managing risks associated with third-party vendors is pivotal. Whether you're a small community bank or a multinational financial conglomerate, mastering third-party risk management is vital to safeguarding your institution against the vulnerabilities that third parties can introduce.

QR code phishing, most commonly referred to as “quishing,” is a type of phishing attack that tricks users into scanning QR codes to steal personal information such as login credentials or credit card numbers. When a user scans a QR code created for a quishing attack, they are taken to a malicious website that either downloads malware on their phone or asks for their personal information.

This week’s data breaches contained significant impact figures from around the world. Malware on a vendor’s computer inadvertently breached Japan’s Line Messenger. New York’s East River Medical Imaging suffered the loss of employee and patient record information. The Pan-American Life Insurance Group faces a 105k record data breach through MOVEit.

Cybersecurity breaches are at epidemic proportions; in the last two years, cybercriminals have stolen over 2.6 billion consumer records from thousands of organizations. The breaches target more than individuals—they target data from healthcare networks, academic institutions, small businesses, and governments. The attacks come at a destructive cost. Where criminals use personal information for extortion, and the trust of the public is ever-decreasing.

The Common Vulnerability Scoring System (CVSS) can help you navigate the constantly growing ocean of open source vulnerabilities. But it’s difficult to lend your trust and put the security of your organization and your customers into the hands of a system that you may know very little about. Let’s take a closer look at the CVSS to see what it’s all about.

CrowdStrike’s cloud security team discovered a new vulnerability (CVE-2023-29082) in Flexera’s FlexNet Inventory Agent. When exploited, an attacker can escape from a container and gain root access to the host. Exploitation of CVE-2023-29082 can allow an attacker to perform a variety of actions on objectives, including execution of malware and exfiltration of data.

Developing applications and working within the software supply chain requires hard skills such as coding and proficiency in programming languages. However, protecting the software supply chain also requires some softer skills and an openness to strategies and tools that will strengthen your security posture. In this two-part series, we will discuss these considerations and how they support a holistic approach to application security and software supply chain security.