Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Learn more about the various sources of exposed secrets beyond source code repositories. From CI/CD systems to container images, runtime environments to project management tools, uncover the risks associated with storing secrets in these sources.

Technology has greatly transformed the automotive industry, bringing both advancements and new challenges. The reliance on connectivity and software in cars has opened the door to cyber threats, making cybersecurity a crucial concern for the automobile industry. With the increasing complexity of modern cars, there are now around 150 Electronic Control Units (ECUs) and an astonishing 100 million lines of code. Even simple functions like opening car windows require multiple software systems.

If you’re starting your SASE evaluation journey, Gartner is here to assist. In a new helpful guide, they delineate how organizations can build their SASE strategy and shortlist vendors. In this blog post, we bring a short recap of their analysis. You can read the entire document here.

Kubernetes has become one of the most popular platforms for running cloud-native applications. This popularity is due to several factors, including its ease of use and ability to handle stateless applications. However, running stateful applications, such as databases and storage systems, on Kubernetes clusters is still debatable. In other words, does Kubernetes and its containerized ecosystem provide a solid and reliable infrastructure to run such critical applications?

Staying one step ahead of cybercriminals is absolutely vital in today’s threat landscape. That's why we're thrilled to introduce PhishER Plus, a revolutionary product from KnowBe4 that takes your anti-phishing defense to a whole new level. Phishing attacks remain the top cyberthreat out there. It's tough to keep up with the ever-evolving techniques of bad actors.

As traditional phishing attack attachment types like Office documents dwindle in use, threat actors look for new effective ways to use email as a delivery medium to launch an attack. We’ve seen email attachments being used in cyberattacks for decades now, so it shouldn’t come as a surprise to anyone working in an office that a strange attachment type may be malicious. And yet, this trend continues, despite threat actors changing which types of attachments to use.

Seeking very large paydays, Vendor Email Compromise (VEC) threat actors are finding out what works and repurposing their content and processes to increase chances of seeing a massive payout. VEC is a form of Business Email Compromise (BEC) where an email account isn’t just impersonated (e.g., using someone’s name, a lookalike domain, etc.) but actually compromising credentials and taking over an account of someone within an organization.

A recap of Q2 from Cisco Talos’ incident response services provides insight into exactly what kinds of attacks are being seen in the field, and what kinds of attacks you need to be protecting against. While I love covering industry reports here, I also love to see practical experiences from the field summarized into trends. And that’s exactly what we find with Cisco Talos Incident Response’s Incident Response trends Q2 2023 recap.

Many of us have received a phone call or other notification from a credit card company telling us that they’ve detected suspicious activity on our card. Was it us? Did we just spend $500 at that big box store up the road? No? Thank you; there’ll be no charge. Or, if that was you, then you need take no further action.

A few weeks ago, GitHub posted on their blog a recent security alert that should have any organization in the tech industry worried. GitHub identified a social engineering campaign that is targeting personal accounts of employees that work for technology firms. This campaign is using a combination of repository invites and malicious npm package dependencies to strike.