The annual list of top security projects from Gartner provides key insights on where security leaders should focus their limited time and resources to be the most effective at protecting their data, users, and infrastructure. Netskope provides value for each of the top 10 recommended security projects for this year and next, including many critical capabilities. This blog series will highlight each Gartner recommendation and how Netskope specifically can help.

When we set out to create a cloud-based tool for configuration monitoring, we used the tools we knew and wrote UpGuard using JRuby. For our application, JRuby had many good qualities: getting started only required a one line install, the agent only needed to talk out on port 443, and it was platform agnostic. Using JRuby we demonstrated the value of system visibility, attracted our first cohort of customers, and raised the funds to expand UpGuard.

On December 17, CISA released an alert about an advanced persistent threat (APT) that compromised a number of U.S. government agencies, U.S. technology and accounting companies, and at least one hospital and one university. The cyberattack was executed by injecting malware into a software update from network management software company SolarWinds, which has over 18,000 customers.

If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward their possible security implications.

At Nightfall, we believe in the power of learning from those who have done it before. That’s why we created CISO Insider — a podcast interview series that features CISOs and security executives with a broad set of backgrounds, from hyper-growth startups to established enterprises. Through these interviews, we’ll learn how industry experts overcame obstacles, navigated their infosec careers, and created an impact in their organizations.

The SolarWinds hack, which has affected high-profile Fortune 500 companies and large U.S. federal government agencies, has put the spotlight on software development security — a critical issue for the DevOps community and for JFrog. At a fundamental level, if the code released via CI/CD pipelines is unsafe, all other DevOps benefits are for naught.

The air is getting colder, leaves are falling from the trees, and people everywhere are settling in for the holiday season. Which means one thing - increased cybersecurity vulnerability. With more aspects of the winter holidays relegated to online platforms this year, people everywhere are more susceptible to cyberattacks. Luckily, there are plenty of simple steps you can take to protect yourself from digital threats and online scams.

The cyber attack unfolding in the US may turn out to be the most serious nation-state espionage campaign in history The Bulletproof SOC is actively monitoring the situation regarding SolarWinds and the Sunburst attack as with all new attacks. We do this to ensure we have a clear understanding of the potential threat to our customers and to build better innovative detection mechanisms, maintaining a prime position to support our customers as a true extension to their team.

First identified in late 2016, 'Trickbot' evolved from being a well-established banking trojan into a malware-as-a-service (MaaS) threat utilized by both cybercriminals and nation-state threat actors for predominantly financially motivated campaigns. Supporting modular components, Trickbot campaigns will differ based on the requirements of the MaaS 'customer' with many being used to steal personal and financial data as well as deploying ransomware threats, such as 'Conti' and 'Ryuk', to victims.