Are you looking to catch up on the latest in AI and cloud-native Application Security at RSAC 2024? Veracode is hosting a series of talks at our booth along with a series of programs at The W San Francisco. Here are all the details.

Identity theft is one of the things you never expect to happen to you until it does. The scariest part is not the theft itself but what follows after. Victims of identity theft don't often discover their financial, reputational, and bureaucratic lives are destroyed until long after the crime was committed. This delay makes it extremely difficult for authorities to investigate identity theft cases.

Some Apple users have reported phishing attacks using the password reset feature.

The Critical Entities Resilience (CER) Directive is a new initiative in the EU that aims to ensure that critical entities providing essential services are effectively managing their network and information security. The CER Directive is part of the EU’s latest effort to build stronger cyber resilience across Europe, alongside NIS2 and the EU Cyber Resilience Act.

Containers are integral to modern application development portability, resource efficiency, and ease of deployment. But there is a flip side to these benefits. Unlike traditional applications, containers bundle everything needed to run, making them a scattered setup for hidden security issues. 54% of container images in Docker Hub were found to contain sensitive information that could lead to unauthorized access, data breaches, or identity theft.

In 2023, a quarter (25.6%) of incidents originated with a known vulnerability, according to the Arctic Wolf Labs 2024 Threat Report. And while zero-day vulnerabilities only accounted for a tiny percentage of incidents in 2023, two of them — the MOVEit Transfer Vulnerability and the GoAnywhereMFT Vulnerability — wreaked havoc around the globe.

Don't let zombies haunt your security posture.

The evolution of tech necessitates stronger cybersecurity. Financial information is appealing to hackers trying to steal identities and commit fraud. These bad actors are evolving with tech to figure out ways to bypass the increasingly robust cybersecurity measures.

In July 2022, the Pentagon’s acquisition office issued a memo reminding acquisition officials of the DoD’s requirements for handling controlled unclassified information (CUI). The standard which applies to Defense contractors is not new. The original Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 requirement went into effect in 2017.

There’s one major between organizations that fall victim to a data breach and those that don’t - attack surface awareness. Even between those who have implemented an attack surface management solution and those who haven’t, the more successful the cybersecurity programs more likely to defend against a greater scope of cyber threats are those with greater attack surface visibility.