Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

Adversaries Are Using Automation. Software Vendors Must Catch Up

We won’t start yet another blog yammering about how bad the consequences of an attack are. There’s a lot on the line, including both financial and reputational losses. You get it. We get it. Cybercriminals definitely get it. Another thing cybercriminals get is automation. Attacks are up and their rise is expected to continue, in no small part due to the fact that attackers are using automation to scale their criminal enterprises.

How Supply Chain Attacks Work - And What You Can Do to Stop Them

Supply chain attacks made headlines in 2022, sending shockwaves through the industry as security and business leaders scrambled to reexamine the security of their own supply chains. In this webinar, experts talk through the stages of a supply chain attack and the different types of attacks to look for. You will also learn what tools and strategies you can start using immediately to assess your own supply chain security and put defenses in place to keep your supply chain protected.

The CISO's Guide to AppSec Innovation

Threat actors operate by an ironclad rule: If it’s important to businesses, it’s important to them. And they certainly understand the crucial business role of applications. Applications are now the number one attack vector, while software supply chain attacks increased 650 percent in a year. Clearly, if you don’t already have a modern application security program that can support today’s digital world, you need to build one.

Securing the Software Supply Chain: Key Findings From the Mend Open Source Risk Report

Open source vulnerabilities are in permanent growth mode. A significant quarterly increase in the number of malicious packages published in registries such as npm and rubygems have shown the increasing need to protect against this trending attack. At the same time, companies struggle to close the remediation gap on known vulnerable open source code. It’s all in The Mend Open Source Risk Report, which details these and other significant risks posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.

Operationalizing DevSecOps Roundtable

DevSecOps best practices are increasingly being adopted to better secure software supply chains. The challenge, though, is finding ways to operationalize these processes so they’re seamless and development and deployment don’t slow down. Join Shiri Arad Ivtsan, Senior Director of Product Management – Mend.io, in this editorial roundtable as these experts explore the challenges DevOps teams and developers face in operationalizing security into their workflows and processes, what’s taking so long to do so and how AI and automation can help.

Malicious Packages Special Report - Attacks Move Beyond Vulnerabilities

Threat actors are after our sensitive data. In 2023, the number of malicious packages published to Node Package Manager (npm) and RubyGems ballooned 315% compared to 2021, and 85% of malicious packages discovered in existing applications were capable of exfiltration – meaning they could cause an unauthorized transmission of information. Software packages containing malicious code are a growing threat, and they may have unknowingly infiltrated your applications.

AWS and Mend.io Webinar: Five Principles of Modern Application Security Programs

Organizations of all kinds are experiencing increasing volumes, frequency, and severity of cyberattacks. 71% of IT and security leaders say that their portfolio of applications has become more vulnerable in the last year alone, and cybercrime is expected to cost companies worldwide around $10.5 trillion annually by 2025. To fight this trend, organizations need a resilient AppSec strategy that can reinforce trust, reliability, and security when faced with adverse conditions.

Happy second birthday, Kubescape!

Guest post originally published on Kubescape’s blog by Ben Hirschberg. Co-Founder and CTO at ARMO and a Kubescape maintainer. What do you get a piece of software for its second birthday? A brand new blog, of course! And cake. More on the cake later. Kubescape is an open-source Kubernetes security platform that helps you identify and fix security risks, misconfigurations and vulnerabilities in your Kubernetes clusters.