Like the speed of light, phishing remains a reliable constant in the cybercrime universe, never going out of fashion with fraudsters, always reinventing itself to stay relevant. As part of that reinvention, phishing-related scams increasingly use search engine optimization (SEO) to drive malicious websites higher in search results, outranking legitimate sites whose brands they often impersonate.

Penetration testing, dynamic application security testing (DAST), and attack surface management (ASM) are all strategies designed to manage an organization’s digital attack surface. However, while each aids in identifying and closing vulnerabilities, they have significant differences and play complementary roles within a corporate cybersecurity strategy. Let’s take a quick look at the definition of each of these strategies.

Consider a modern software application as a constellation of cities that dot the landscape. These cities are components such as databases, authentication services, business logic engines, and more. Requests travel between components carrying data just as citizens travel between cities carrying their belongings. The highways that connect the cities on this map are your APIs. Cities get the most attention, often receiving the security and protection they need.

In today's interconnected business environment, third-party risk management has become a pivotal concern for organizations. As businesses increasingly rely on external vendors for essential services, managing the risks associated with these third-party relationships is critical. A key tool in mitigating these risks is the Service-Level Agreement (SLA).

Since the technological “birth” of Artificial Intelligence and ChatGPT, many people are wondering what on earth they would do without AI in their lives. Since July 2024 ChatGPT has had 200 million weekly active users worldwide and attracted nearly 2.5 billion site visitors. However, ChatGPT is not the only AI out there.

This is the second instalment of a two-part blog post. The blogs are based on one of our “AppSec Talk” YouTube videos, featuring Kondukto Security Advisor Ben Strozykowski and Rami McCarthy, a seasoned security engineer with experience at Figma and Cedar Cares. In that video, Ben and Rami delved into the critical role developers play in the security program and the application security lifecycle.

The modern age of renewable energy has seen a surge in solar panels and wind turbines. While these systems enhance sustainability, their digital technologies carry risks. Cybersecurity professionals must know the relevant nuances when integrating renewable systems.

We are thrilled to announce that Rubrik has been ranked highest for the ransomware protection, detection, and recovery use case in the 2024 Gartner Critical Capabilities for Enterprise Backup and Recovery Software Solutions1. This recognition underscores our unwavering commitment to innovation that empowers customers with robust cyber resilience solutions in an increasingly complex digital landscape.

Until recent decades, operational technology (OT) – a principal element in manufacturing – remained segmented from information technology (IT). OT systems, responsible for monitoring and controlling physical machinery and equipment, were manually managed by skilled workers, operated in isolation, and secure in their simplicity.

Chrome and Mozilla announced that they will stop trusting Entrust’s public TLS certificates issued after November 12, 2024 and December 1, 2024, respectively. This decision stems from concerns related to Entrust’s ability to meet the CA/Browser Forum’s requirements for a publicly trusted certificate authority (CA).