Code snippets copied from copyleft-licensed open source projects represented the biggest risk in software 15 years ago. The Heartbleed vulnerability, discovered in April 2014, brought to the fore concerns about the security of open source components, and license risk took a bit of a back seat. But the problem never went away. Now, the advent of Generative AI as a tool for writing software is shining a new light on the issue.

In the age of digital collaboration and cloud computing, access control is a critical security tool. It is crucial to ensure that only authorized users have access to the appropriate information in order to effectively manage security, adhere to privacy and industry regulations, and safeguard intellectual property (IP) for competitive advantage.

“Trust takes years to build, seconds to break, and forever to repair.” The road to becoming a trusted partner to your customers has no shortcuts. As you review your portfolio, filled with various network and IT security solutions you’ve accumulated over the years, you believe each fulfills the needs of your customers. Each solution represents significant investments in resources and efforts to stay competitive and succeed.

As we are all very aware, being a technical person or layman, the recent CrowdStrike outage caused disruptions on a myriad of systems worldwide, affecting multiple industry sectors and millions of people in some way, shape, or format.

In today's digital landscape, businesses heavily rely on third-party software for their daily operations. This reliance has led to a surge in software supply chain attacks, which are becoming increasingly prevalent and sophisticated. These attacks exploit vulnerabilities in external tools or services to gain unauthorized access and compromise systems.

In today’s connected world, our online presence is central to our lives like never before. We stay connected with our friends and family wherever they are through social media. Whereas in the past our social contact was limited to those who lived or worked nearby, now, through social media, we can connect with those with shared interests or beliefs anywhere in the world. Most of us use social media to stay in touch with those they care about.

Let’s start with statistics: continuous integration, deployment, and delivery is among the top IT investment priorities in 2023 and 2024. To be exact, according to GitLab’s 2024 Global DevSecOps report, it is on the 8th place (and security is the top priority!). However, it shouldn’t be surprising, as CI/CD practice brings a lot of benefits to IT teams – it helps to accelerate software delivery and detect vulnerabilities and bugs earlier.

On July 23, 2024, CrowdStrike Intelligence identified the phishing domain crowdstrike-office365com, which impersonates CrowdStrike and delivers malicious ZIP and RAR files containing a Microsoft Installer (MSI) loader. The loader ultimately executes Lumma Stealer packed with CypherIt.

No one feels the pain of ransomware and other disruptive and costly digital cybersecurity attacks more than the people managing the day-to-day in your SOC (Security Operations Center). At 13 attacks every second in 2023, cybercriminals, fraudsters and nation-state hacktivists are overwhelming SOC analysts. Nearly two-thirds (63%) of SOC analysts report the size of the attack surface has increased. At the same time, CISOs and SOC managers are struggling to handle on-the-job analyst burnout and turnover.

In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training tools. In this blog post, we'll present a curated list of such APIs, each with its own unique set of characteristics.