Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the evolving landscape of software development, where dependencies and third-party packages are increasingly baked into the fabric of our applications, understanding and managing the risk associated with these components has become paramount.

The ever-evolving cybersecurity threat landscape make the competent authorities adapt to reality by establishing new security regulations and laws. According to Forbes Advisor in 2023, there were more than 2K cyberattacks with more than 340 million victims all around the world, which made a significant increase of 72 % in data breaches since 2021.

Scammers use psychology to create some of the most convincing internet cons – here's how to advise your customers on what to watch out for.

In this episode of Trust Issues, David welcomes back Shay Nahari, VP of CyberArk Red Team Services, to discuss the topic of secure browsing and session-based threats. They delve into the dangers of cookie theft, the expanding attack surface, and the importance of identity security. Shay explains how cookies sit post-authentication and how attackers can bypass the entire authentication process by stealing them.

Nearly 50 million healthcare records were compromised in 2022, highlighting a dire need for proactive data security measures in this rapidly evolving digital landscape. For healthcare entities storing ePHI (Electronic Protected Health Information), a comprehensive HIPAA Risk Assessment is a foundational step towards protecting sensitive data and ensuring compliance. Furthermore, establishing robust Business Associate Agreements (BAAs) is a HIPAA mandate; failure to do so invites substantial penalties.

Note: This post is co-authored by JFrog and Sean Wright and has also been published on Sean Wright’s blog. DevOps engineers and Security professionals are passionate about their responsibilities, with the first mostly dedicated to ensuring the fast release and the latter responsible for the security of their company’s software applications.

A contributor to the liblzma library (a compression library that is used by the OpenSSH project, among many others) submitted malicious code that included an obfuscated backdoor. Since the maintainers had no reason to suspect foul play, they accepted and merged the contribution. The malicious code made it into the compression library release, and later on to the OpenSSH server, which relies on the library in question.

In the rapidly evolving AI landscape, the principle of least privilege is a crucial security and compliance consideration. Least privilege dictates that any entity—user or system—should have only the minimum level of access permissions necessary to perform its intended functions. This principle is especially vital when it comes to AI models, as it applies to both the training and inference phases.

In any organization, unrestricted access to systems and resources poses significant security risks. Recent cybersecurity events have shown that attackers will target any organization of any size. The most common attack vector is through unauthorized access to a legitimate account, often preceded by a phishing technique. To protect against unauthorized access, it's essential to establish rules and policies for authenticating and authorizing users.

According to Cybersecurity Ventures, the cost of cybercrime is expected to surge by 15 percent annually over the next five years, soaring to a staggering $10.5 trillion annually by 2025, up from $3 trillion in 2015. This exponential growth underscores the urgent need for a comprehensive understanding and proactive defense against the myriad of cyber threats looming on the horizon.