The new threats in software development are not only related to the specific company itself. The whole software supply chain is a target for attackers and it is really important to make sure that we put all our effort into securing each link because if one fails, everything will be affected. Supply chain activities include each step of the transformation of raw materials, components, and resources into a completed product, and its delivery to the end customer.

In a previous blog I reviewed the foundational use case for a TIP, which is threat intelligence management—the practice of aggregating, analyzing, enriching and de-duplicating internal and external threat data in order to understand threats to your environment and share that data with a range of systems and users. However, one of the unique benefits of the ThreatQ Platform and where organizations are deriving additional business value, is that it also allows you to address other use cases.

Microsoft Office 365 (also known as Microsoft 365 or Office 365) is a cloud-based service that enables online collaboration and real-time data sharing via Microsoft solutions such as SharePoint, MS Teams, and OneDrive. Microsoft Office 365 brings together familiar Microsoft Office desktop applications together with business-class email, shared calendars, instant messaging, video conferencing, and file sharing, making it an integral part for many in times of pandemic.

STOCKHOLM, SWEDEN – Detectify, the SaaS security company powered by ethical hackers, announces new product names for the core products developed for security teams defending medium to large enterprise companies. On November 11th, the product names will be switched from Asset Monitoring to Surface Monitoring, and where you previously saw Deep Scan you will now see Application Scanning.

If every vulnerability seems to be equally critical, engineers would get overwhelmed and probably waste time on the wrong issues. This is why it’s important for developer security tools to provide clear and simple prioritization functionality. As you’ve likely noticed, Snyk Code provides a Priority Score on the top right corner of the overview panel. When hovering over it, an explanation is shown how the priority score was calculated.

We believe, a Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more chaotic markets, a Market Guide does not rate or position vendors within the market, but rather more commonly outlines attributes of representative vendors that are providing offerings in the market to give further insight into the market itself. We feel the Gartner Market Guide helps organizations learn about the below.

On November 1st, 2021, a public disclosure of a paper titled Trojan Source: Invisible Vulnerabilities described how malicious actors may employ unicode-based bidirectional control characters to slip malicious source code into an otherwise benign codebase. This attack relies on reviewers confusing the obfuscated malicious source code with comments.

A cyber threat is any kind of attack against what we consider cyber security. Cyber security is what we use to protect our computers and networks from intrusions or attacks that can be harmful to us. There are many different types of cyber threats like malware, ransomware, botnets and phishing scams etc.

Forescout Research Labs, with support from Medigate Labs, have discovered a set of 13 new vulnerabilities affecting the Nucleus TCP/IP stack, which we are collectively calling NUCLEUS:13. The new vulnerabilities allow for remote code execution, denial of service, and information leak. Nucleus is used in safety-critical devices, such as anesthesia machines, patient monitors and others in healthcare.

Establishing positive vendor relationships is crucial to running a successful business. Nonetheless, vendor management has several moving parts, and you have a lot of things to keep track of. This includes who your third parties are, the services they offer, which internal policies apply to them, and what sensitive data they have access to. Without a strong foundation of vendor management best practices, vendor risks could manifest into failures that could affect business continuity.