Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

It’s Valentine’s Day and love is in the air. Flowers, candy, cards and dinner are some of the classic ways we show our love on this day. But as an increasing number of people look for love online, it’s a good time for a reminder that more people lose more money in online romance scams than in any other fraud category. According to the FBI, over the past five years $1.3 billion in losses have been reported, with annual losses skyrocketing since the pandemic.

In this episode of Future of Security Operations, Thomas speaks with Jacob DePriest, VP & Deputy Chief Security Officer at GitHub, a company with a mission "to help every developer - regardless of experience level - learn, code, and ship software effectively." Before joining GitHub, DePriest spent more than 15 years as a senior executive at the National Security Agency (NSA) in the US.

In December 2022, the FCC opened a call for comment requesting stakeholders provide input on whether E-Rate program funds can be used to support advanced or next-generation firewalls and services, as well as other network security services. For those unfamiliar with the program, E-Rate is a Federal Communications Commission (FCC) program that provides funding to schools and libraries for telecommunications and internet services.

Securing modern-day production systems is complex and requires a variety of measures—from secure coding practices and security testing to network protection and vulnerability scanning. Scaling these solutions to keep pace with the speed of development teams can be difficult, resulting in sprawling workflows and disparate sets of tooling.

We are in early 2023, and we have over 2700 new vulnerabilities registered in CVE. It is still a challenge for developers to endure the fatigue of continually vulnerability prioritization and mitigating new threats. Our findings in the Sysdig 2023 Cloud-Native Security and Container Usage Report provide signs of hope for overburdened developers, as the data showed opportunities to focus remediation efforts on vulnerable packages loaded at runtime.

8220 Gang has been dubbed as a group of low-level script kiddies with an equally disappointing name based on their original use of port 8220 for Command and Control (C2) network communications dating back to 2017. Since an initial Talos report in late 2018, the group has continued to use, learn, and benefit from the efforts of their counterparts in the cryptojacking world.

Privacy is a fundamental human right. Full stop. At Internxt, we believe that what humanity can achieve is extraordinary and that our products should enable society to achieve excellence. Our cloud services should not only empower people but must also respect basic human individual rights. We are working to build a better, safer internet with respect for you, the user, at its core.

The latest on ESXiArgs ransomware attacks, new QakNote attacks pushing QBot malware via Microsoft OneNote files, and Biden’s attention to data privacy in the State of the Union.

Threat actors today are increasingly targeting the application layer, driving significant challenges for companies using traditional application security strategies. To defend themselves against the rapidly evolving threat landscape, organizations need to build a modern AppSec strategy that addresses these fast-changing conditions. But how?

Keeper Security and TrendCandy Research surveyed over 400 IT and security professionals to explore the common challenges that organizations face with their current Privileged Access Management (PAM) solutions. The results are conclusive. Not only are major components of traditional PAM solutions not being used, but many respondents admit to never fully deploying the solutions they paid for.