In cybersecurity, three key terms are vulnerability, threat and risk. Often they’re tossed around interchangeably, but they have a specific relationship to one another..

On November 1, OpenSSL v3.0.7 was released, patching two new high-severity vulnerabilities: CVE-2022-3602 and CVE-2022-3786. The new vulnerabilities have been dubbed by the community as “Spooky SSL,” although the name is not recognized by the OpenSSL team. CVE-2022-3602 was originally discovered by a researcher known as Polar Bear, while CVE-2022-3786 was found during the analysis of the first vulnerability by Viktor Dukhovni.

The increased use of open-source software components in application development exposes companies to security vulnerabilities and liability related to software licensing. To mitigate these risks, software development organizations are turning to Software Composition Analysis (SCA) tools, which identify security and license compliance issues in code.

OAuth is an authorization protocol that allows apps to securely request user data without requiring the user to enter their sensitive credentials (e.g., API keys, application keys, etc.). Datadog API-based data integrations now fully support OAuth.

Your APIs are the digital face of your business. It helps to exchange your business-critical data. Do you know the point where the information is exchanged? The answer is API Endpoint. A crucial endpoint on API where the data exchange happens. While focusing on API protection, don’t ignore API endpoints. How to secure your API endpoint? API scanning can help you secure endpoints. It also optimizes it for better reliability and performance.

Supply chain attacks have been on the rise in the last few years, rapidly becoming one of the most dangerous security threats. This article highlights some of the most noteworthy supply chain incidents observed in 2022.

Nowadays, organizations are exposed to a high volume of security related information. Unfortunately, most of these organizations have little to no capabilities of using this information in a proactive manner, i.e. using information to try to change or anticipate an outcome. In other words, using information to produce intelligence products. It is safe to say that few of these organizations have a clear understanding of what Cyber Threat Intelligence (CTI) is and what it is not.

Note: The examples in this post use apt commands, which are for Debian-based operating systems like Ubuntu, Kali and Mint. However, the examples have also been tested with yum/dnf commands for RPM-based distros like CentOS, Red Hat, Fedora and openSUSE.

Bots make up more than 42% of all internet traffic — so there’s a good chance bots are regularly visiting your website. While some bots are good, most are malicious, and are designed to cause problems for you and your site users. Many businesses try to protect themselves from bad bots by blocking users from certain locations. This tactic assumes users from far-flung destinations are probably bots.

In today’s rapidly evolving cyber risk landscape, a resilient and trusted digital ecosystem is possible with an agile security program. Cyber resiliency is the ability to respond to and recover from a cybersecurity incident effectively. A record high 71% of organizations were victimized by a ransomware attack in 2022. Even more concerning is that Gartner estimates that 80% of organizations have no knowledge or awareness of their attack surface.