Software supply chain is anything and everything that contributes to making software functional. This includes code in the developer system, the CICD pipeline, dependencies, binaries, and deployed software in production, as well as people, processes, and the technology space. With the growing adoption of assembling software from distributed, unmanaged components rather than building it from scratch, more often than not, organizations are not aware whose, or what, code is running within their software.

Distributed containerized systems compose applications, resources, services, databases, and other artifacts. These components often need sensitive information such as user keys, passwords, API keys, and certificates to function properly. Secrets management is critical for adequately handling sensitive information and Kubernetes deployments often utilize their built-in Secrets resource type and associated RBAC controls but what if you aren’t deploying on Kubernetes?

With Cyber Security Awareness month fast approaching, information security professionals and data protection managers will be looking at how to secure board-level buy-in for company-wide cybersecurity awareness campaigns. Often, this is the biggest hurdle for any cyber awareness campaign as senior leadership weighs the costs and benefits of investing in the security of their business. Today we will be looking at some top tips for changing the tide on board-level buy-in.

Medical imaging cybersecurity needs to evolve to meet today’s security threats. Cyberthreats specifically targeting health care institutions have increased over recent years. More data is also at risk since patients have begun widely using telemedicine services. In addition to the risk of information theft, there is a very serious risk to patients, including the potential for physical harm due to compromised medical imaging equipment.

In the past, purchasing cybersecurity insurance was considered a luxury rather than a necessity. However, as the number of cyber attacks continues to grow, many educational institutions have started to buy insurance policies to cover the damaging costs of malware and ransomware attacks. The education sector saw the most cyber attacks in 2021 and 2022 compared to every other industry, including healthcare and finance.

While PCI compliance sets an industry benchmark surrounding cybersecurity for the financial sector, organizations shouldn’t rely on it to protect themselves against data breaches. The harsh truth is that cybercriminals will exploit any weakness in an organization’s IT infrastructure to gain unauthorized access to sensitive data, not just those covered by PCI DSS compliance requirements.

Observing the ongoing conflict between Russia and Ukraine, we can clearly see that cyberattacks leveraging malware are an important part of modern hybrid war strategy. Reports from Trustwave and other security researchers show that Russian cyberattackers have maintained pressure on Ukraine throughout the conflict. This article covers malware that has been used against organizations in Ukraine to destroy systems and data or gain control over targeted systems for surveillance and data staling.

Vedere Labs recently developed a proof-of-concept (PoC) ransomware for IoT (R4IoT) using as an example attack scenario a hospital network containing IoT devices such as IP cameras, IT workstations and OT in the form of building automation controllers.

If you’re an IT manager or business owner, chances are external security is always top of your mind. But lately, managing access control of documents for employees has become just as necessary to limit access to information and information processing systems. While cybersecurity breaches are a menacing threat, internal security problems can be equally devastating, making access control measures necessary to mitigate the risk of access without authorization.