Data is an integral part of any organization and hence it is important to respond to and recover it from any crisis. With the onset of the COVID-19 pandemic, the need for data security and cyber resiliency is evident. Cyber resiliency is the ability to prepare for, respond to, and recover from cyber-attacks and data breaches while continuing to operate effectively.

In early April, the tech industry witnessed a major GitHub security incident targeting GitHub organizations using Heroku and Travis CI. GitHub was made aware of this threat via an attack leveraging AWS API keys to GitHub’s own npm production infrastructure. As upstream security risks within SaaS platforms become more common, organizations that leverage these platforms are relying on tools like Nightfall to protect themselves.

Gartner’s introduction of the Security Service Edge (SSE) Magic Quadrant in February of 2022 has been an impetus for organizations to reassess their cloud access security broker (CASB) solutions. CASB is one of the three core components of SSE and the piece of the puzzle that handles cloud security for SaaS and IaaS applications.

Containers are used for packaging software and all its dependencies before deployment. Before the era of containers, software developers had to deal with compatibility issues during deployment. These could occur when software functions properly during the development phase but fails to function due to dependency issues in the production environment. With containers, however, all the software dependencies used for development can be shipped and used in the production environment.

When a leading financial technology provider began posting record success and rapid customer growth, it needed a holistic security strategy to protect its customer data and comply with regulations such as the Payment Card Industry Data Security Standard (PCI DSS) and the California Consumer Privacy Act (CCPA).

The Splunk SOAR team is excited to be recognized within Forrester’s report Now Tech: Security Orchestration, Automation, And Response (SOAR), Q2 2022. Splunk SOAR is categorized within the Security Analytics Portfolio functionality segment and in the “Large” vendor market presence segment. The following post will share more on our views of the report, our position in this dynamic market landscape, and a look at what’s ahead.

Have you ever deployed Docker containers and hoped they delivered safe software? Would you like to get peace of mind that the contents of your containers are secure and clear of vulnerabilities? With JFrog Xray’s new integration with Docker Desktop Extensions, you will be able to do just that. By scanning for vulnerabilities locally before pushing to your remote repositories, your deployed software will inherently be more secure.

The JFrog Security research team constantly monitors the npm and PyPI ecosystems for malicious packages that may lead to widespread software supply chain attacks. Last month, we shared a widespread npm attack that targeted users of Azure npm packages. Over the past three weeks, our automated scanners have detected several malicious packages in the npm registry, all using the same payload.

In our new threat briefing report, Forescout’s Vedere Labs analyzes an Emotet sample, presents a list of IoCs extracted from the analysis and discusses mitigation. Emotet is the name of both a cybercrime group and a malware loader it distributes. The group is also known as MUMMY SPIDER, while the malware is also known as Geodo or Heodo.

Usability testing is a method for evaluating your product to see how it performs in real contexts. It helps test user behavior, performance, and satisfaction, while consequently offering opportunities to improve the user experience within the product. Often, in a fast-paced company, user research ends up overlooked because it takes up time and resources. However, all the team's hard work will be wasted if you end up making something that nobody wants to use.