October is a month that generates much buzz amongst the cybersecurity community. It’s National Cybersecurity Awareness Month (NCSAM) – a time when security professionals work around the clock to raise awareness of growing cyber risks amongst general user communities.
Protecting your data is an important component of your cyber risk management plan, and one that involves a certain level of preparedness for an event like a data breach. Even the best cybersecurity efforts, however, will still fail at some point — when attackers abscond with your organization’s confidential data, either to resell it on the dark web or to post it for all the world to see.
JFrog security research team (formerly Vdoo) has recently disclosed a code injection issue in Yamale, a popular schema validator for YAML that’s used by over 200 repositories. The issue has been assigned to CVE-2021-38305.
We live in a world of increasingly connected devices – phones, digital assistants, smart watches, cars, thermostats, refrigerators, windmills, and more. More than 50% of the world’s population is now online and two-thirds own a mobile device, according to the World Economic Forum. Additionally, the codebase of today’s applications typically consists mainly of open source components – exposing them to greater risk of hacking than ever before.
There’s an old saying that “there’s no such thing as bad publicity.” Unfortunately, this doesn’t ring true when it comes to data breaches and ransomware attacks. High profile security incidents continue to make headlines, and those headlines are impacting bottom lines. In response to these, the US federal government is modernizing its own cybersecurity infrastructure, and more state governments are implementing laws to protect citizens.
It has been argued that automation in the workplace tends to be misunderstood. Analysts are keen to point out that, despite myths to the contrary, automation isn't going to put most people out of work, for instance. Nor is AI going to become a real substitute for actual human intelligence. These are compelling arguments for rethinking the way we think about automation in general. But you can take the points further if you analyze the impact of automation on specific domains, such as cybersecurity. Indeed, automation is perhaps nowhere more misunderstood than in the realm of cybersecurity. To prove the point, here are five common myths about automation's impact on security, and why they're wrong.
Threat intelligence feeds enable organizations to stay informed about indicators of compromise (IoCs) related to various threats that could adversely affect the network. These feeds also help to inform tools like SecurityScorecard’s Security Data by providing a source of information to collect, analyze and share with customers.
Since the covid-19, the cyber incident ratio has drastically increased and shows no signs of settling down. In just one year, cyber-attacks have targeted big enterprises, government agencies of the world’s leading countries, educational institutes, non-government organisations (NGOs), and small to mid-sized businesses. It is estimated that threat actors carry out cyber attacks every 39 seconds, which is relatively faster than before.
