While code and cloud security scanners are great at identifying code flaws and cloud misconfigurations, they can bombard developers with long lists of potential security “issues” – many of which don’t introduce real risk. Whether insecure code introduces real risk depends on a number of factors, like whether it is being deployed to production, is exposed to the internet, or calls a sensitive database.

In June 2024, the digital world was rocked by a significant supply chain attack involving Polyfill.io, a JavaScript library that had been a staple in web development for over a decade. Originally designed to ensure compatibility between older browsers and modern web APIs, Polyfill.io became a silent vulnerability when a Chinese company named “Fun Null” acquired the domain in February 2024.

The latest evolution of the ransomware service model, RansomHub, has only been around since February of this year, but its affiliates are already successfully exfiltrating data. You know you’re a problem when the U.S. government puts out a notice about you. That’s the case for RansomHub — the latest iteration of a ransomware as a service group formerly working under the names Cyclops and Knight.

There are a lot of fancy buzzwords in cybersecurity. One of this year’s most popular terms is Cyber Resilience but it is far from just a buzzword! In fact, The World Economic Forum agrees stating “Cyber resilience is more than just a buzzword in the security industry; it is an essential approach to safeguarding digital assets in an era where cyber threats are not a matter of IF but WHEN.”

According to the National Institute of Standards and Technology (NIST), complex passwords that contain a variety of characters are strong, but the longer a password is, regardless of the types of characters, the more secure it is. Password length is generally more important than complexity because longer passwords are typically harder for cybercriminals to crack. That being said, you should also prioritize making your passwords complex for added security.

Misconfigurations (when cloud computing assets are set up incorrectly, leaving them vulnerable to unauthorized access, data breaches, and operational disruptions) and inadequate change control top the list of cloud security threats in 2024, rising from third place the year before. It's clear that the transition to cloud computing has amplified the challenges of configuration management, making it critical for entities to adopt cloud-specific configurations.

An initiative of the National Cyber Security Centre (NCSC) since 2017, the Active Cyber Defence (ACD) programme has provided a range of free cyber security tools and services to enable eligible public sector organisations to address high-volume commodity attacks. Following on from its success, the NCSC has announced plans to launch a new version of ACD, aimed at extending its benefits to businesses.

In today’s software development, Git usually stands as a “go-to” for DevOps projects. It allows teams of developers to collaborate and contribute on non-linear projects, go back to any point in time and undo, as well as, redo changes whenever they need. In this article, we will go over important commands to help you navigate your commit history.

In the ever-evolving landscape of global finance, a new paradigm is emerging that promises to reshape assets, investments, and financial transactions at a fundamental level. Welcome to the era of tokenization.

Cybersecurity is no longer an awareness issue but a strategic execution problem. In 2023, 96% of CEOs acknowledged cybersecurity’s importance for organizational growth, stability, and competitiveness, but only 15% had dedicated board meetings to discuss cybersecurity issues. This disconnect between awareness and action stems primarily from difficulty quantifying cybersecurity goals, investments, and return on investment (ROI), making it easier to overlook or, at best, an afterthought.