Addressing the security intricacies of sophisticated automation frameworks, in our case the Continuous Integration/Continuous Deployment (CI/CD) environments, is always challenging. The inherent complexity of such environments, characterized by the multitude of components that are each performing distinct tasks, necessitates a dynamic and adaptable rule engine to ensure the security of our pipelines.

What do you get when you bring soaring numbers of connected devices online around the world—more than 29 billion by 2027? For consumers and businesses, the Internet of Things (IoT) promises a life of ever-increasing convenience, efficiency, and insight. Unfortunately, cybercriminals have just as much to celebrate.

In part 1 of this series, we covered a lot of ground including the three converging trends that point to the need for an attack surface management (ASM) solution – the growing attack surface, attackers having more opportunities and tools to infiltrate the attack surface, and manual SecOps being slow and ineffective. We also outlined the key features you should be looking for when selecting an ASM tool.

When thinking about which industries get targeted most often in ransomware attacks, many people think that large healthcare and financial institutions would be at the top of the list. Most people don’t associate cyber attacks with K-12 schools. However, a recent cybersecurity report noted that lower education, or K-12 schools, is the single most targeted industry for ransomware attacks, with 80% of schools reporting a ransomware attack in 2023.

Dependency management is a broad topic encompassing, among other things, keeping an inventory of dependencies, removing unused dependencies, and fixing conflicts between dependencies. In this article, we will focus on one large part of software dependency management that devs can do easily and with great results: updating dependencies.

With the advent of digital technology that makes its way into every sphere of our lives, software’s reliability and integrity are particularly important. Hackers never stop trying to gain unauthorized access and exploit application weaknesses to achieve their goals and gain from outact. This can mean peril respectively for individuals and organizations.

The massive increase in cloud adoption has driven adversaries to focus their efforts on cloud environments — a shift that led to cloud intrusions increasing by 75% in 2023, emphasizing the need for stronger cloud security. Larger scale leads to larger risk. As organizations increase their quantity of cloud assets, their attack surface grows. Each asset brings its own set of security concerns.

Read also: a hacker-for-hire arrested in the UK, the BTC-e mastermind pleads guilty, and more.

The manufacturing landscape is undergoing a digital revolution, driven significantly by Industrial IoT (IIoT), cloud adoption, and remote access needs. These advancements enable manufacturing companies to unlock efficiency gains, optimize operations, and enhance collaboration, but they also introduce a raft of new cybersecurity challenges. Legacy equipment and complex network setups have always made it difficult to secure manufacturing environments.

Sequels, bah! Usually, they are never as good as the first. Do not even speak of prequels! This is less of a sequel, and rather should be considered a continuation of the first blog. In line with the original blog, there will be a few references to Tolkien’s Lord of the Rings. So, without further ado, you have my sword, and you have my bow, and my axe, or, at the very least, some of my NIST CSF 2.0 insights.