Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With flexible work environments now the norm, the use of endpoint devices has increased – whether your organization allows work-from-home days, hires freelancers, and collaborates through email and phone calls. Many employees require access to the corporate network to carry out their daily responsibilities, and endpoint devices allow employees to do just that. That said, endpoints have become one of the biggest attack vectors for cybercriminals since they are easier to target.

If you work in an organization, you’ve probably had to take a cybersecurity training course at some point during your time there. Regardless of whether you work in cybersecurity or not, most of us breeze through the slides or videos, halfway listening to the warnings about spear phishing emails and hacking tactics. We complete the training and then we tuck away the lessons learned until the next year when we have to do it all again.

No security team — at least no effective security team — can operate successfully in a silo. Even expert teams know the value of leveraging the power of the community to build effective security content, share intelligence, and keep current with best practices.

John Tuckner is a recognized leader in the field of security automation. As Principal Technical Program Manager at Tines, John helps new and existing customers identify more opportunities to leverage the platform, and enables them to build transformative automation workflows to improve their security operations.

From TVs to fridges to energy meters, more and more of the items we use every day are now smart devices. 87% of US households have at least one smart TV, up from 50% in 2014. And with ownership of smart speakers, thermostats, lights, and security systems also on the rise, it’s expected that smart homes will soon become the norm. This ever-expanding network of smart devices is known as the Internet of Things (IoT).

The JFrog Security research team continuously monitors popular open-source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. At times, we notice trends that are worth analyzing and learning from.

In 2022, the buzz phrase of the year has to be “The Great Resignation”. What is it? It’s a term coined to describe the current rise in people leaving their employer to find work elsewhere. But people have always moved on, right? Of course they have. Staff retention rates have always been a target for most HR functions. But something is different in 2022. More people are leaving organisations quicker than they did previously.

I recently wrote a blog post outlining what to do in the first 24 hours after you have been breached, and in my conclusion I mentioned that capturing the incident in a case study could help unlock budget in future. Today, I want to look at this in more detail, and consider the approaches you can take to analyse the cost of a breach in order to make a request for appropriate preventative spend.

CEOs, when it comes to your organization's security posture, you can never be too aggressive. And while there are many different security technologies and practices you can implement, penetration testing should be high on your list. Here's why penetration testing should be your favorite security tool.

Over the past several years, hackers have gone from targeting only companies to also targeting their supply chain. One area of particular vulnerability is company software supply chains, which are becoming an increasingly common method of gaining access to valuable business information. A study by Gartner predicted that by 2025, 45% of companies will have experienced a supply chain attack.