Code snippets copied from copyleft-licensed open source projects represented the biggest risk in software 15 years ago. The Heartbleed vulnerability, discovered in April 2014, brought to the fore concerns about the security of open source components, and license risk took a bit of a back seat. But the problem never went away. Now, the advent of Generative AI as a tool for writing software is shining a new light on the issue.

On July 23, 2024, CrowdStrike Intelligence identified the phishing domain crowdstrike-office365com, which impersonates CrowdStrike and delivers malicious ZIP and RAR files containing a Microsoft Installer (MSI) loader. The loader ultimately executes Lumma Stealer packed with CypherIt.

Organizations are constantly on the lookout for more efficient, streamlined solutions to bolster their security posture.

“Trust takes years to build, seconds to break, and forever to repair.” The road to becoming a trusted partner to your customers has no shortcuts. As you review your portfolio, filled with various network and IT security solutions you’ve accumulated over the years, you believe each fulfills the needs of your customers. Each solution represents significant investments in resources and efforts to stay competitive and succeed.

In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training tools. In this blog post, we'll present a curated list of such APIs, each with its own unique set of characteristics.

Snowflake is a fully managed data platform that enables users to store, process, and analyze large volumes of data across their cloud environments. Recently, Datadog’s Security Research Team posted a threat hunting guide to help defenders ensure the security of their Snowflake instances.

When we look back–in six months, 12 months, or even several years–at the global IT outage that severely disrupted major industries around the world, I don’t think that it will be hyperbole to say that July’s global outage is a watershed moment for IT. Just as the SolarWinds breach was security’s watershed moment, this will end up being IT’s.

While identity and access management (IAM) has always been vital to cybersecurity, its prominence has grown as IT networks have become more complex and businesses have embraced cloud computing. Indeed, a robust IAM strategy is imperative for all organizations today to reduce the risk of costly security breaches, compliance penalties, and business disruptions.

Let’s start with statistics: continuous integration, deployment, and delivery is among the top IT investment priorities in 2023 and 2024. To be exact, according to GitLab’s 2024 Global DevSecOps report, it is on the 8th place (and security is the top priority!). However, it shouldn’t be surprising, as CI/CD practice brings a lot of benefits to IT teams – it helps to accelerate software delivery and detect vulnerabilities and bugs earlier.