As cyberattacks become more sophisticated and frequent, developers and security teams often become overextended in their efforts to protect their software and applications. In an article for Security, Daniel Elkabes, Mend’s vulnerability research team leader, highlights what cybersecurity leaders should invest in now to help set up their teams for the future.

Anyone who has watched the Lockpicking Lawyer realizes that certain locks promoted as the latest-and-greatest aren’t necessarily the most reliable devices for securing physical assets. Like many other security professionals, he seeks to educate consumers and manufacturers on defects in devices and how to improve their security. It reminds me of a quote by Deviant Ollam (security auditor and penetration testing consultant): "Security is achieved through openness.

One of the benefits of a secure access service edge (SASE) framework is that organizations can dramatically simplify the implementation of security services without having to go through constant network redesigns and appliance operating system updates.

Cyber-attacks happen around the clock, far more often than can ever be reported outside of the organizations they affect. But sometimes an attack is so widespread and devastating that it sends shockwaves through the business world and even into the mainstream media. Incidents like SolarWinds and Log4j were front page news, sending organizations scrambling to patch them.

For some time now the Cyberint Research Team has been witnessing attacks targeting China. While most campaigns related to OpChina are focusing on infrastructure and government data breaches, over the past weekend, a major breach of the popular social network TikTok occurred, revealing 1.7 billion records and relations to another popular Chinese app – WeChat. The group taking full responsibility for this breach is none other than the notorious BlueHornet, aka AgainstTheWest, aka APT49.

1Password Business customers can now connect 1Password to Google Workspace to automate provisioning and deprovisioning tasks, saving valuable IT resources and strengthening your security posture in the process.

Everyone knows that when it comes to cybersecurity, the faster you can detect and remediate a breach, the better. In order to minimize the risk of damage, security teams need to be able to prioritize remediation efforts, so they can actively watch for exploits targeting vulnerable systems -- including those stemming from commercial, off-the-shelf tools they don’t control.

Trustwave MailMarshal has received a major upgrade to version 10.0.5 adding proprietary technologies to greatly increase the security tool’s ability to detect phishing emails, spam and malicious URLs. MailMarshal is already highly effective against phishing, but the new version’s phishing detection ability is boosted by being able to detect 40% of previously ‘hard to detect' samples the addition of these new capabilities.

Summer is almost over but we are bringing the heat back with the official release of Tigera’s new container security features. With this official launch, Calico leads the industry by offering a complete line of solutions across every stage of a cloud-native application CI/CD pipeline.

The whole point of IT systems, whether deployed via traditional methods or via modern practices (such as Agile methodologies, DevSecOps, and orchestration platforms like Kubernetes) is to make data available for business operations — whether those operations are making business decisions, identifying or troubleshooting system performance and efficiency issues, detecting bad actors, or protecting organizational assets.