One of the most significant changes to come out of the COVID-19 pandemic is the shift to remote work. By late 2020, 58% of U.S. employees worked at home at least some of the time, and this trend will likely continue. While a remote workforce can bring several productivity and morale benefits, it also creates some security challenges such as cyber threats. Most companies’ cyber defenses are designed to handle a single, centralized network in one location with standardized devices.

As a CVE Numbering Authority, Synopsys can assign CVE ID numbers and publish newly discovered vulnerabilities. The Synopsys Software Integrity Group has been helping organizations find and fix vulnerabilities in their software for nearly a decade. And now it will be able to help them and the broader software industry even more.

As global regulations for data privacy and cybersecurity continue to proliferate, the pressure for organizations to manage compliance risk grows. To meet the demand for greater compliance risk management and value for corporate stakeholders, compliance professionals must be sure they have a thorough understanding of their compliance obligations and potential vulnerabilities.

Cybersecurity is no longer an outlandish concept to many business enterprise executives. What is still relatively unfamiliar to many organizations and their leadership, however, is the task of evaluating their cyber strategy and risk to determine how best to adapt and grow to stay secure while remaining competitive. Executives must initiate thorough evaluations of their existing cybersecurity strategies to figure out which types of new technologies and risk management strategies they need the most.

The first ever Veracode Hacker Games competition has come to a close, but were the flaws in favor of our brave competitors? Read on to find out. Over the course of the two-week challenge, students from several universities in the U.S. and the U.K. came together to explore vulnerabilities and threats that they’ll one day face on the job.

Digital attackers are increasingly targeting the automotive industry. In its 2020 Automotive Cybersecurity Report, for instance, Upstream found that the number of annual automotive cybersecurity incidents had increased by 605% since 2016, with the number of incidents has doubled in 2019 alone.

A customer walks into a bank, asks a question at the information desk, and then leaves. Later that day an operations manager notices an unmarked USB device left on the counter. He doesn’t remember who might have left it, so he plugs it into his computer to see if he can potentially spot the owner. As the USB loads, the malware shuts down the entire system, while the hackers get the bank’s customers’ account details.

What do data protection and the perfect vodka martini have in common? Quite a bit. For one thing, they’re both comforting to have around when things go wrong. More importantly, they're both made up of multiple ingredients and need premium products to work well together. It doesn’t matter how much flair you bring to serving that cocktail – without high-quality products and the right technique, you’re essentially serving a few ounces of vodka and vermouth.

NIST’s timely new release of Special Publication (SP) 800-172 (formerly referred to in draft form as 800-171B) provides exactly what its title says, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171. Yet it goes a step further to protect controlled unclassified information (CUI) specifically from APTs.

Hot on the heels of 'Dearcry'[1], yet another ransomware threat has been observed as targeting Microsoft Exchange servers vulnerable to recently reported critical vulnerabilities[2]. Dubbed 'Black KingDom', this ransomware threat has reportedly been deployed through a web-shell that is installed on vulnerable Microsoft Exchange servers following the exploitation of the vulnerability chain that results in both remote code execution (RCE) and elevated privileges.