Organizations utilize hundreds, sometimes thousands, of vendors to handle their day-to-day production, workflow, and business processes. With this many vendors, it’s easy for details to fall through the cracks and miscommunication to occur. Organizations often turn to vendor management systems to help manage multiple vendor relationships throughout a vendor lifecycle.

The maintainer and original author of curl, Daniel Stenberg, has taken to X (formerly Twitter) and LinkedIn to sound the alarm on what he refers to as “probably the worst security problem found in curl in a long time.” According to project maintainers, the fixed version, 8.4.0, is set to be released on Wednesday, October 11.

Identity and Access Management (IAM) is the name for any framework of technology, policies and processes that authenticate and authorize a user in order for that user to access and consume an organization’s resources. Managing user identities and granting appropriate user access helps protect your assets. These assets can include digital access to sensitive information, intellectual property, data and application workloads, network access or perimeter access to the physical data center location.

23andMe is a personal genome and biotechnology company that provides genetic reports to interested clients. 23andMe employs over 800 employees and operates in California. The company reported $299 million in revenues this year, but the figure will likely drop in the upcoming quarter; opportunists have accessed 23andMe’s systems, resulting in thousands of user records leaking online.

Last week in New York, I had the opportunity to attend a panel discussion hosted by SINET and moderated by Upendra Mardikar, the Chief Information Security Officer of TIAA. We discussed everything from security in DevOps, to AI’s pros and cons, and cybersecurity’s future. As long as the attack surface, API usage, and digital footprints increase, so will cyber risk.

This year for the 13th year in a row, the healthcare industry continues to experience the most expensive data breaches worldwide, at an average cost of nearly $11 million – double the cost for the next-highest industry, finance. That’s not surprising; ransomware attacks on hospitals and health systems are constantly in the news. Add to that the cybersecurity talent shortage, which is especially acute (pardon the pun) in the healthcare industry.

In the realm of cybersecurity, there's a common analogy that likens the process to a health checkup. Vulnerability scanning, in this context, can be seen as a basic health screening. It's a preliminary step, offering a snapshot of potential issues within a system. It's like getting your blood pressure or cholesterol checked during a routine visit to the doctor. These tests are essential, providing a quick overview of potential health concerns. But they don't give the full picture.

Welcome to the 12th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it. To see previous posts you might have missed, click here. This post will put a spotlight on Injection, which used to be its own category (OWASP API8:2019) but has now been subsumed into OWASP API10:2023 (Unsafe Consumption of APIs).

As organizations increasingly deploy business-critical workloads to managed cloud services, enforcing strong security practices needs to be a top priority. While many managed cloud service providers do a good job of protecting the cloud and infrastructure itself, it’s the responsibility of the customer to protect what’s running inside the cloud.

The internet has become an integral part of our daily lives, protecting our online accounts and sensitive information is more critical than ever. Passwords are the first line of defense against cyberattacks, and their strength is essential in safeguarding our identities. In this blog post, we’ll cover passwords and password managers, exploring the significance of strong passwords and the role that password managers play in enhancing our online security.