Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Between the 28th –30th of December 2022, Zoho released security updates to address a SQL injection vulnerability that they identified, designated as CVE-2022-47523. An advisory was later published, summarizing the affected products and remediation. This vulnerability affects several credential management products including ManageEngine PAM360, ManageEngine Access Manager Plus, and ManageEngine Password Manager Pro.

Cybersecurity professionals are always looking to keep up with new and changing threats, as well as developing new tactics and technologies to guard against cyberattacks. Traditional approaches to security are focused on defensive or reactive measures, generally blocking attacks from coming in, or responding to attacks once they happen. Unfortunately, these methods may not be enough to satisfactorily address the threats in question.

85% of Machine Learning (ML) projects fail. This stark reminder from Gartner – despite more tools being available to businesses than ever. The thing is ML success is not just about tools and technology; it’s about how they’re put into production by experts. Plural. Machine Learning – that improves productivity and profitability by finding valuable insights buried deep in your company databases – needs a small army to leverage it.

At this point, it’s not too much to say that open source software runs the world. The GitHub Octoverse 2022 report shows that 90 percent of companies use open source, which appears in the vast majority of applications today.

On January 4, CircleCI, an automated CI/CD pipeline setup tool, reported a security incident in their product by sharing an advisory.

The System and Organization Controls, or SOC (sometimes referred to as service organizations controls), are the required security control procedures set as non-mandatory, internationally-recognized standards that help businesses measure how SaaS companies and service organizations manage data and sensitive information. Organizations or businesses that have successfully passed the SOC auditing process can attest to the quality of their security controls for regulating customer data.

User Account Control (UAC) is a security feature in Windows that helps prevent unauthorized changes to a computer by prompting the user for permission before allowing certain actions to take place.

CrowdStrike Falcon® LogScale dashboards are great for monitoring your data with all kinds of visualizations. You can choose between a range of nice charts and arrange your dashboards for wall monitor display or exploring your data. Sometimes, however, you need other ways to explore or present your data. You may want more control of the shape of your data, or you may want to create small tools tailored to your organization’s environment and use cases.

After CircleCI breach, it is a good moment for any team relying on CI/CD infrastructure to review their pipeline security as there are some steps they can take to be proactive.

“Not your keys, not your crypto” is a common phrase in the world of digital assets, and for good reason. Private keys are the only information required to sign transactions and move your digital assets. Because of this, only trusted individuals or third parties should have access to your organization’s private keys. But how do you ensure this stays true as you grow your business, team, and network of counterparties?