Whether you’re migrating to the cloud via lift-and-shift deployments, or re-architecting to a cloud-native architecture, the migration itself and adopting a microservices architecture is no easy feat. To accelerate their cloud-native journey, many organizations opt for a managed Kubernetes service, as the skill and resources required to run a container orchestration system at scale are demanding.

Code that an organization’s developers create is only the beginning of modern software development. In fact, first-party code is likely to be only a small proportion of an application – sometimes as little as 10% of the application’s artifact ecosystem. An enterprise’s software supply chain is made of many parts, from many sources: open source packages, commercial software, infrastructure-as-code (IaC) files, and more.

The BlackCat/ALPHV ransomware is a complex threat written in Rust that appeared in November 2021. In this post, we describe a real engagement that we recently handled by giving details about the tools, techniques, and procedures (TTPs) used by this threat actor. Firstly, the attacker targeted an unpatched Microsoft Exchange server and successfully dropped webshells on the machine.

For most companies, security and IT systems are growing in complexity, breadth of scope, and coverage, which consumes budget and staff time. The rapid breakdown of the traditional perimeter in this “new normal” world increases the challenges IT teams and remote users face on a daily basis.

In August 2022, password management company LastPass fell victim to a cyberattack, in which hackers breached its systems and stole its source code. LastPass’s success is built around offering secure, trustworthy software, so a hack like this could be seen as a knock against the company — but it also impacts wider public trust in password management software.

Jeff Martin, vice president of product for Mend, was recently interviewed by Michael Vizard from the Techstrong Group. In a fascinating conversation on application security debt, the two shed a spotlight on the insufficiencies of the current security stance of many companies and the budgetary pressures that might be influencing them.

Chris Krebs, former Director of the Cybersecurity and Infrastructure Security Administration (CISA) and the new Chair of Rubrik’s CISO Advisory Board, joined us at FORWARD to discuss ransomware, cyber resilience, and all things data security with co-founder and CTO, Arvind (Nitro) Nithrakashyap. His vast experience working with executives, government officials, and IT experts across the country has given him a unique insight into cybersecurity, which he shared, only at FORWARD.

What are the most important areas for a CISO to focus on? When speaking to Aman Sood, it becomes clear that the job of a CISO encompasses every aspect of a business. Aman is the Head of Cyber Security with Jimdo, a website building platform that helps small businesses start, grow, and ultimately thrive online. Aman is also the Cyber Security Group Chairman for ISITC Europe CIC, a non-profit industry body and a catalyst for collaborative innovation within the capital markets.

The automotive industry is experiencing challenge and change from all sides. Automotive OEMs are working to better understand the changing customer journey in relation to their products, and identifying profitable growth opportunities through the integration of digital technology into all areas of the business.

Day in and day out, we install various executable files from the web which are relevant to our work. But while installing, sometimes a message is popped up, “This file can harm your computer”. That means, along with those executable files, we also receive some malicious software that can harm our computer system. So, a software development company must protect its software, which can get infected by some unwanted harmful software at the time of distribution across the web.