A collaborative approach between SecOps and DevOps is key to any successful security integration - particularly as developers and security teams have different priorities from the get-go. In this blog we will share 4 tips for getting developers on board to enable true DevSecOps for your business.

Identity and access management best practices dictate that an organization provide one digital identity per individual. That identity can be maintained, monitored, and modified as needed while the user works on different projects and in different roles. However, strong IAM requires the use of tools and platforms, in addition to the principle of least privilege, to keep valuable information secure. [Read: 5 Identity and Access Management Best Practices]

SCADA stands for Supervisory Control and Data Acquisition, and although it’s not likely to be the first thing to come to mind when discussing cyber security, it certainly should be. As its name implies, it is a type of software designed to supervise – controlling and monitoring – and collect data and well as analyze data for industrial processes.

Government cybersecurity standards such as FedRAMP and CMMC can be challenging to comprehend. There are a host of details to decipher between the two. Let’s dive into common questions about these programs: how they work together, how they work independently, and other questions that frequently arise.

The simplest way to ensure the safety of all the open source (OSS) components used by your teams and sites, is with a software composition analysis (SCA) tool. You need an automated and reliable way to manage and keep track of your open source usage. With JFrog Xray, you can set up vulnerability and license compliance scanning built into your software development lifecycle (SDLC).

Following high profile headlines of critical vulnerabilities affecting Microsoft Exchange servers, as detailed in our previous blog/bulletin[1], proof-of-concept exploits have become publicly available and appear to have been utilized by a financially-motivated threat actor in the seemingly manual deployment of a new ransomware threat dubbed 'Dearcry'.

It’s hard to ignore the GDPR these days, with headline-making fines and regular news updates on the continuing impacts of data protection post-Brexit. Most business will be aware of what they have to do for the GDPR, with increasing numbers actively doing something about it. But there is another privacy regulation that UK businesses must comply with.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Who knew this would happen right?

Not even seven days after its public release, the American Rescue Plan Act has already been exploited by cybercriminals. This is the latest example of using a relief measure as bait for phishing or malware delivery.

On 16th March Netacea sponsored the virtual Cyber Security Digital Summit where, alongside speakers from Blackberry, Thycotic and Disney, Netacea’s Head of Threat Research, Matthew Gracey-McMinn hosted a session for attendees. During the showcase, Matthew explored “Lessons Learned From An Invite Only Bot Group & Developing A MITRE-Style Framework for Bots”.