The supply chain for organizations has become increasingly susceptible to unplanned cybersecurity interruptions that negatively impact revenue, inventory, and consumer confidence. As a result, there has been an increasing focus on understanding how critical services are delivered, the reliance on third parties and fourth parties, and key risk controls that can be implemented to mitigate the risk of cyber security incidents.

Grooming techniques used in various frauds are getting more common and more elaborate. Fraudsters are coming up with narratives that involve complicated lies and may have different stages, depending on the type of fraud. Often, different actors are brought into the story. These actors also lie to the victim, in order to support the narrative. The purpose of expanding the fraud in this way is to groom the victim to dismiss their doubts or concerns and comply with requests.

Two packages of well-known origin were found exfiltrating Windows SAM and SYSTEM files, apparently as part of internal security research rather than a targeted dependency confusion attack. On June 6th, 2022, the Mend research team used Supply Chain Defender to detect and flag two malicious packages from the same author that contained identical code. We alerted npm and the packages were removed within three hours of publication.

Rubrik was built on a foundation of Zero Trust architecture. The National Institute of Standards and Technology (NIST) is a United States federal agency that works with organizations of all sizes to help them implement cybersecurity best practices.

This article has nothing to do with chocolate chips or sprinkles. Sorry about that. Instead, we're talking about computer cookies and how too many web cookies can be bad for your online health. While cookies are enormously helpful and necessary for an easy-going web experience, they are not all good, and many pose some genuine privacy concerns. But what is a cookie, how does one work, and how do they (sometimes) infringe on your digital rights?

Protecting Controlled Unclassified Information (CUI) is a top priority for companies that have government and defense contracts, especially with the changes being rolled out in CMMC 2.0. We’re pleased at announce a new NC Protect watermarking feature to support CUI Designator labelling capability to assist US Defense and the Defense Industrial Base (DIB) with meeting the new CUI document handling and tagging requirements. The feature will be globally available during the July 2022 timeframe.

If you are not taking enterprise mobile security seriously, look at these stats: According to the State of Enterprise Mobile Security 2022 Report, 75% of the analyzed phishing sites targeted mobile devices. The same report stated that 30% of the total zero-day vulnerabilities discovered in 2021 targeted mobile devices. Security week states that mobile phishing attacks have increased at a consistent rate of 85% since 2011.

If you’re selling to the federal government, you need to take a closer look at your supply chain risk management process. The software supply chain is, as most of us know by now, both a blessing and a curse.

Kubernetes Admission Controller is an advanced plugin for gating and governing the configuration changes and workload deployment in a cluster. Admission Controller enables DevOps and Security personnel to enforce deployment requirements and restrictions in the cluster upon every workload start and any configuration change. Think of an Admission Controller as an Advanced Resource manager with a shield.

Developed by MIT, Kerberos Authentication Protocol is the default authentication service for Microsoft Active Directory. It is named after the three-headed dog (Cerberus) found in Greek mythology, because the security protocol involves three major steps in the entire authentication process. Although Kerberos is a technology used by Microsoft Windows, by default, its implementations in other operating systems, such as Linux, FreeBSD and macOS, are also present.