Serverless functions such as AWS Lambda, Google Cloud Functions and Azure Functions are increasingly popular among DevOps teams, as these cloud-based systems allow developers to build and run applications without managing the underlying infrastructure. But for all their benefits, serverless functions can also raise cybersecurity risk.

Over 100,000 websites using a popular JavaScript service (polyfill.io) are now victims of a web supply chain attack. A web supply chain attack is a cyberattack is a type of software supply chain attack that targets a third-party web software component to gain access to an organization’s systems or data. These attacks can be difficult to prevent because they can be hard to detect, take advantage of trust, and have long-lasting effects.

The SWIFT Customer Security Controls Framework (CSCF) is a key global cybersecurity framework that provides recommended and mandatory security controls for banking institutions that use the SWIFT banking system. The framework is designed to help financial institutions improve their cyber resilience and ensure that participants within the SWIFT network adhere to a stringent set of security compliance standards. Find out how UpGuard helps the financial services industry meet compliance standards >

AWS-Vault is an excellent open-source tool by 99Designs that enables developers to store AWS credentials in their machine keystore securely. After using it for a while at Jit, I decided to dig deeper into how it works and learned a lot along the way. In this article, I will summarize and simplify the information I learned to help others with their aws-vault adoption and lower the barrier to usage.

Whether organizations are looking to prevent data exposure, meet leading compliance standards, or simply earn customer trust, Data Leak Prevention (DLP) policies are effective tools for pinpointing and protecting sensitive data across the cloud and beyond. DLP policies are especially useful in the following top use cases.

WhatsApp is a messaging app that enables users to message and voice call other WhatsApp users. Many people from all over the world use WhatsApp to communicate. This has made it a common platform for scammers to target people. Some of the most common scams on WhatsApp include an invitation to “WhatsApp Gold,” impersonation scams, WhatsApp tech support scams, as well as charity and romance scams.

Today, organisations store a lot of sensitive data in their database systems. This could be customer info, financial records, intellectual property, etc. Protecting this from unauthorised access is key; database penetration testing helps achieve this by finding holes in the system.

Security misconfigurations can open the door to potential cyberattacks, leading to data breaches, system compromises, and other severe consequences for organizations. In modern IT environments, including cloud infrastructure and other digital platforms, these misconfiguration vulnerabilities are becoming increasingly common and complex. Preventing and addressing security misconfigurations requires a collaborative effort across DevOps, DevSecOps, and security teams.

Back in the early days of the internet, people looked forward to hearing that deep, robotic voice announcing “you’ve got mail!” Today, whether you like it or not, email is fundamental to personal and business communications. In 2022, people sent and received an estimated 333 billion emails daily, with the number expected to increase to 392.5 billion by 2026. Experiencing a security incident on your email server can interrupt business operations leading to lost revenue.

Software security is key to the online world’s survival. Collaborative efforts of cybersecurity professionals and volunteers have come together to create the OWASP web security testing guide. Malicious actors constantly threaten web applications, the backbone of many businesses. OWASP penetration testing is crucial for identifying and addressing these security vulnerabilities.