We recently launched the 12th annual edition of our State of Software Security (SOSS) report. To draw conclusions for the report, we examined the entire history of active applications. For the public sector data, we took the same approach. We examined the entire history of applications for government agencies and educational institutions. We found that the public sector has the highest proportion of security flaws of any industry.

The dangers of email security are often understated. One successful email attack can lead to malware injection, system compromise, impersonation, espionage, ransomware and more. After all, phishing remains the top attack vector used by hackers. The FBI reported phishing scams were extremely prominent, with 323,972 complaints being made in the U.S. in 2021, compared to 241,342 the previous year. Adjusted losses resulting from these attacks is more than $44 million, a $10 million decrease from 2020.

CVE-2022-1040 and CVE-2022-22247 are two recent vulnerabilities that have been discovered in two different Firewall products. This blog post will cover both the Sophos Firewall vulnerability (CVE-2022-1040) and the SonicWall Firewall vulnerability (CVE-2022-22247).

At Nightfall, our mission is to discover and secure sensitive data in every cloud application through a cloud-native, accurate, and performant platform. Since 2019, Nightfall has partnered with some of the world’s most innovative organizations to proactively eliminate data security risks across a fleet of SaaS applications via our native integrations for Slack, Atlassian Jira, Confluence, Google Drive, and GitHub.

Ransomware isn’t just an internal threat for your organization, it’s also a global crime, and data breach notifications are governed by various laws, policies, and agencies. Let’s go over some common cyber-compliance questions about ransomware, data breach notification and reporting, and the laws that cover cybercrime.

Originally envisaged as a convenient way to store web data, cookies emerged as a powerful marketing tool in the 2000s. For many years, digital marketers relied on cookies for data collection. However, in recent history, new privacy laws, browser features, and plug-ins have changed the landscape of data collection. Marketers have had to develop tools and strategies to ensure they meet compliance as the internet becomes more and more cookieless.

Every business activity involves risk, so simply viewing and measuring risk at a high level isn’t enough. InfoSec teams also need to identify and categorize risks as they relate to individual business activities and the context around them. Managing risk is all about delivering insights so that key stakeholders – including executives and the board – can better understand their IT risk posture and use that knowledge to make better business decisions. But where to start?

In today’s fast-paced world, mobility, connectivity and data access are essential. As organizations grow and add more workloads, containers, distributed endpoints and different security solutions to protect them, security can quickly become complex. Modern attacks and adversary tradecraft target vulnerable areas to achieve their objectives. Threats can originate at the endpoint to attack the cloud, or cloud-based threats can attack vulnerable endpoints.

A new vulnerability, CVE-2021-342 has been discovered in the Splunk indexer component, which is a commonly utilized part of the Splunk Enterprise suite. We’re going to explain the affected components, the severity of the vulnerability, mitigations you can put in place, and long-term considerations you may wish to make when using Splunk.

It’s mid-morning. You’re scanning the daily news while enjoying a coffee break. You come across yet another headline broadcasting a supply chain data breach. Your heart skips a quick, almost undetectable, beat. You have the technology in the headline in your stack. You set aside your coffee and begin furiously scanning through the overwhelming number of alerts triggered across all your technologies.