With challenging cybersecurity requirements on the horizon for automotive companies in 2022, security teams can look to BSIMM12 for guidance. For security teams in the automotive industry, 2021 was an extremely busy year. Cybersecurity became a requirement for market access and compliance, so the entire industry faced a challenging timetable. The security groups in automotive companies are experiencing “forced growth” brought about by rigorous cybersecurity compliance requirements.

As organizations deploy more and more cloud native workloads, the ability to protect them in a secure and cost-effective manner is becoming increasingly important. Data access is also more widely spread, making it even more critical to meet this protection need with a secure, logically air-gapped copy of that data.

Gary Pelczar, Devo’s vice president of global alliances, has been named a 2022 Channel Chief by CRN. Gary and his team launched Devo Drive, the company’s partner program for resellers, MSSPs and global systems integrators in 2021. In this post Gary shares his thoughts about the growth of Devo Drive, the value Devo delivers to partners, and what lies ahead.

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most recently we disclosed 25 malicious packages in the npm repository that were picked up by our automated scanning tools.

With constant pressure on web application and software development teams to churn out code for new website tools/features, it makes sense to leverage code depositories and JavaScript libraries to expedite the development process. In fact, code depositories, like GitHub, are so important to the web development process, that the vast majority of organizational websites use them. But code depositories and libraries—whether their internal or external—can hide a danger known as shadow code.

IoT has rapidly moved from a fringe technology to a mainstream collection of techniques, protocols, and applications that better enable you to support and monitor a highly distributed, complex system. One of the most critical challenges to overcome is processing an ever-growing stream of analytics data, from IoT security data to business insights, coming from each device. Many protocols have been implemented for this, but could logs provide a powerful option for IoT data and IoT monitoring?

The NIS Regulations were enacted in May 2018 to implement the EU Directive to achieve NIS compliance.

According to the FBI Internet Crime 2020 Report, phishing scams were the most prominent attack in 2020 with 241,342 complaints reported and adjusted losses of $54 million. In particular, whaling (a highly targeted phishing attack) has been on the rise and is only expected to grow from here. A whaling attack targets high-profile executives with access to valuable information and systems. Let’s take a closer look at whaling attacks and how to stay protected.

CVE-2022-23628 was published last week by the Open Policy Agent (OPA) project maintainers after a user reported unexpected behavior from a policy bundle that was built with optimizations enabled. The problem stemmed from a regression fix in the v0.33.1 release that addressed incorrect pretty-printing of Rego object literals by the `opa fmt` command and the underlying `format` package.

Part of operating an effective security program is the ability to never rest upon any previous success. When guarding against an adversary, yesterday’s success is quickly eclipsed by the dynamic shift in the attacker’s tactics. Just as a doctor “rules out” a particular diagnosis, an effective attacker first searches for well-known vulnerabilities using catalogs of offensive exploits. These are part of the attacker’s playbook.