Organizations increasingly rely on third parties for business operations, and as a result are working with more digital suppliers than ever. According to Gartner, 60% of organizations work with more than 1,000 third parties and this number will grow. High-profile vulnerabilities such as Log4Shell are a constant reminder of the risks posed by a breakdown in the software supply chain. This has spurred enterprises to increase the rigor of software risk assessments to ensure supply chain security.

Tines is delighted to announce we have joined the AWS Partner Network as a Select Partner, and our no-code automation platform is now live on AWS Marketplace. Additionally, we are very proud to have recently won an AWS Software Startup Award. The awards were created to shine a spotlight on innovative B2B/SaaS startups in the UK and Ireland.

This is the second part of a three-blog series on startup security. Please check out part one too. The anatomy of a software vulnerability is a bit like mercury accumulation in seafood. Trace amounts of naturally occurring mercury in seawater is absorbed by algae and bioaccumulates up the food chain. Large fish at the top of the food chain contain the most mercury and should be consumed in limited quantities.

If your GitOps deployment model has security issues (for example, a misconfigured permission because of a typo), this will be propagated until it is hopefully discovered at runtime, where most of the security events are scanned or found. What if you can fix potential security issues in your infrastructure at the source? Let’s start with the basics.

With the constant threat of malware weighing on cloud teams, AWS is introducing new ways to identify malicious software with Amazon GuardDuty. Amazon GuardDuty Malware Protection, a fully managed malware detection service launched today at Re:inforce by AWS, provides agentless scanning to identify when suspicious activity occurs.

For our latest specialist interview in our series speaking to security leaders from around the world, we’ve welcomed Tony Giles, Lead Auditor and CMMC Provisional Assessor with the NSF. Tony has conducted audits globally for over 10 years and worked on large-scale security implementation projects, including NIST 800-171, NIST 800-88 and ISO/IEC 27001, ISO 28000.

A couple of days ago, I was checking my Twitter feed and saw a tweet from someone saying how frustrated he was that DockerHub (a renowned container registry) was down. Someone else replied to the tweet, recommending the tweet’s author to check out Google’s repository, where they have DockerHub mirrors in Google Cloud.

Researchers from ESET have shed light on a new macOS backdoor, discovered in April 2022, dubbed CloudMensis. At first glance this is just the latest example of spyware targeting the Apple operating system with the intent of exfiltrating documents, keystrokes, and screen captures. However, as the name suggests, one of the interesting features of this malware is a sophisticated two-stage kill chain that exploits legitimate cloud services in different phases of the attack.

Zero trust network access (ZTNA) has become a hot topic and a popular IT project. Here are some of the reasons why: First, organizations are beginning to pursue a zero trust strategy and ZTNA is the first logical step towards a zero trust security program. Second, remote or hybrid work is here to stay. And as a result, now is the time to replace your legacy remote access VPN with a modern anywhere secure access solution for the long term.

The number and severity of cyber-attacks are increasing with time. For that, the international industry standards and government authorities aim to regulate cybersecurity by enforcing more strict cybersecurity compliance criteria.