Software liability is an increasingly important area for every software development company and team. At its core, software liability is about protecting users from damages caused by software issues. As more software is in use than ever before, there’s a lot of ways that software — and its manufacturers — could be held responsible for certain actions or inactions. Indeed, even the rise of cyber insecurity globally could fall into this murky area.

There’s no single perfect, one-size-fits-all SOC model. Leaders are still unsure whether to bring the SOC in-house, get it outsourced, or do a mix of these two approaches (the so-called hybrid SOC). How do you choose? Investing now in the right model (with adaptability and portability as key considerations) might not be glamorous, but it will set you up for success in the future.

Today, data privacy is the new strategic priority for many companies. Prioritizing data privacy boils down to two key drivers: Indeed, the awareness piece has grown significantly, both leading to and because of stringent data privacy regulations, including GDPR and CCPA, the California Consumer Privacy Act. (First time on Splunk.com? You might see a pop-up banner specifically for you to opt in or out.) So, let’s take a look at the concept of data privacy and what’s behind it.

Guest post originally published on Kubescape’s blog by Oshrat Nir, Developer Advocate at ARMO and a Kubescape contributer.

Industry analysts Piper Sandler do a yearly 'Industry Note' where they survey CIOs about their next year budget expectations. For 2024 there is a noticeable improvement regarding enterprise IT spending. The header of their survey was: "2024 CIO Survey | Investments in Security, AI, and Cloud Driving IT Rebound". Here is the summary of the full report which is a good read and warmly recommended.

December 7, 2023 - The Wall Street Journal has an interesting perspective on K-12 Public schools suffering ransomware attacks. The number doubles between 2021 and 2022 to almost 2,000 a year. Here are a few paragraphs with a link to the full article: "Hacks are on the rise across all industries, but the public sector’s weak protections make it an increasingly attractive target for cybercriminals.

Security analysts at identity vendor Sumsub are seeing a massive rise in the use of deepfake fraud in their Identity Fraud Report 2023. And one country may be to blame. While Sumsub’s focus is more around all forms of identity security, it's witnessing a significant increase in deepfakes, as deepfakes are a form of identity fraud. According to Sumsub, the top three fraud trends identified were: The approximate overall growth rate worldwide for the use of deepfakes is 10x.

The US Justice Department has indicted two individuals for launching spear phishing attacks against the US, the UK, Ukraine and various NATO member countries on behalf of the Russian government. “The indictment…alleges the conspiracy targeted current and former employees of the U.S.

On November 14, 2023, FortiGuard published an advisory disclosing that a critical command injection vulnerability (CVE-2023-36553) had been patched in the latest updates for FortiSIEM. The vulnerability was rated with a Common Vulnerability Scoring System (CVSS) score of 9.3, as it can be exploited remotely by an unauthenticated threat actor using crafted API requests to execute unauthorized commands. This vulnerability is caused by improper neutralization of special elements in FortiSIEM report server.

Protecting sensitive data from the threat of exposure is a non-negotiable business imperative for organizations, especially those in highly regulated sectors like government and healthcare. To help organizations keep their data secure, the National Institute of Science and Technology (NIST) developed a set of requirements for the hardware and software components responsible for data encryption.