Ransomware is one of the most painful threats to organizations worldwide. As this industry keeps on growing both in number of groups and improved technology, every now and then global authorities are able to get their hands on individuals and important data that can mitigate and prevent this threat. This week, the FBI was able to take down the notorious Hive Ransomware group’s Onion Site.

Over the weekend, a relatively new ransomware group named Nevada Ransomware initiated a first massive campaign, targeting any ESXi machine that is exposed to the internet. The group seemed to compromise hundreds of servers over the weekend and caused major damage. Although the scale of this campaign is one of the biggest we have seen, it might already have a solution.

According to a recent study, machine identities (IDs) are growing at twice the rate of human identities. To defend these machine identities in the IoT, privilege access management will be one of the most important areas of focus for businesses in the Internet of Things (IoT) space in 2023. As more and more devices are connected to the internet and can share data, it’s becoming increasingly important to make sure that only authorized users have access to sensitive information.

How geopolitics and hacktivism is causing trouble for the healthcare industry

Enterprises today have had to rethink how they apply security to their corporate network and, as a result, have decided to implement zero-trust principles. As this approach encompasses a security concept and an organizational vision, understanding the benefits it delivers requires cultural change and clear communication within companies.

We examine the Log4Shell disclosure through the lens of the Black Duck Knowledge Base to understand how organizations respond to high-profile vulnerabilities.

2022 saw privacy truly take hold in the U.S., while Europe buttressed its position as the global leader and other regions worked to get up-to-speed with new or amended laws.

The European Union (EU) General Data Protection Regulation (GDPR) turns five this year. While the law spawned many imitators, most notably the California Consumer Privacy Act (CCPA), the GDPR remains the world’s most comprehensive, far-reaching data privacy law to date. It gave European citizens a wide swath of new data privacy rights, while placing significant new data governance responsibilities on organizations.

Attacks on software supply chains have been around for some time, but recently they have evolved into much more dangerous threats. Let's dive into the SLSA framework to understand where supply chain security is headed.