Black Duck’s newest release delivers all-new, lightning-fast infrastructure-as-code (IaC) scanning capabilities. The news is just in, and it’s big: Black Duck now offers IaC scanning functionality. With no additional licenses required, this capability is available immediately for all existing Black Duck customers. Let’s dig into exactly what this means for you, how it helps your existing security efforts, and what you can expect in the months to come.

Payment fraud is a huge problem for eCommerce and online retail businesses. Even among the world’s biggest companies, there are horror stories about payment security problems like credit card data theft and financial fraud: Cyberthreats like carding attacks are responsible for most modern large-scale data theft. Payment fraud losses cost companies more than $33 billion in 2021 — and this is expected to rise to more than $40 billion by 2027.

When you hear the term “chatbot,” your mind may at first turn to things like robotic customer support services on retail websites – a relatively mundane use case for chatbots, and one that is probably hard to get excited about if you’re a security engineer. But, the fact is that chatbots can do much more than provide customer support.

The FBI published their 2021 Internet Crime Report with data from the FBI’s Internet Crime Complaint Center (IC3). This report shows that Business Email Compromise (BEC) / Email Account Compromise (EAC) attacks far exceed the volume and losses of Ransomware attacks. Organizations need to be prepared and know who they are going to call when they experience BEC/EAC, as well as ransomware, or other high-severity incidents.

For this month’s product rollup, we’re excited to update you on our Egnyte UI redesign. We’ll also highlight improvements to search and snapshot-based ransomware recovery, as well as additions to our Quality App for Life Sciences and more.

On July 27, 2022, Microsoft Threat Intelligence Center (MSTIC) disclosed a private-sector offensive actor (PSOA) that is using 0-day exploits in targeted attacks against European and Central American victims. MSTIC and others are tracking this activity group as KNOTWEED. PSOAs sell hacking tools, malware, exploits, and services. KNOTWEED is produced by the PSOA named DSIRF.

The global financial services industry is undergoing a seismic shift and not enough people are truly aware of what this means. By November of this year, banks and other financial institutions must have in place a new process for payment systems that uses the ISO 20022 standard instead of SWIFT. This must be active by November and by 2025, all financial institutions will have to be compliant.

The organizations developed and deployed their IT infrastructure manually in the early days. The IT teams were responsible for the maintenance of hardware as well as software aspects of the infrastructure. Therefore, it is also applicable to the software development cycle. However, with technological advancement, many organizations have adopted cloud infrastructure for their business.

You want as much of your compliance program automated as possible, and collecting evidence to validate compliance controls always seems to take a lot of your team’s time. A considerable amount of control evidence involves providing accurate lists of artifacts to auditors — whether it’s workstations, tickets, alerts, or people. If only there were an easier way than having your teammates take screenshots and export lists from each of your internal systems.