Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Seven steps to close coverage gaps with ASPM

The old adage “knowledge is power” holds especially true in the realm of AppSec. By remaining aware of the potential threats to applications and closing gaps in coverage, AppSec teams can demonstrate to leaders that they are in a solid position to protect vital assets. However, visibility is riddled with challenges, not the least of which are highly productive developers racing to market, often using AI-generated code that contains potential security issues.

2024 Open Source Security Report: Slowing Progress and New Challenges for DevSecOps

Trust is the foundation of the open source community — but what happens when that trust is betrayed? When a backdoor vulnerability was found in a widespread Linux-based data compression tool, it nearly created an opportunity for malicious actors to seize control of countless computers worldwide. The vulnerability was introduced by a trusted contributor who, after years of building rapport with maintainers, ultimately exploited that trust.

Phishing Attacks Impersonating Big Brands Starts to Zero in on Just One Brand

The latest data on brand phishing trends shows one brand dominating quarter over quarter, but also continuing to take on a larger share of the brand impersonation. Take a guess which brand tops the list as the most impersonated in phishing attacks? If you guessed Microsoft, you’d be right. You’d also have been right last quarter, and the quarter before that – according to Check Point Research.

Reflecting on 2024: Key Cybersecurity Trends and ThreatQuotient Milestones

This year, organizations increasingly recognized the importance of cybersecurity automation. According to our 2024 Evolution of Cybersecurity Automation Adoption report, 80% of senior cybersecurity professionals now consider automation crucial, up from 75% last year. Notably, 39% have secured new budgets specifically for automation, highlighting a strategic shift towards more efficient and scalable security operations.

Protecting Your Business from Web Scraping as a Service

Since the early days of the World Wide Web, automated scripts known as bots have been crawling cyberspace, collecting data for various purposes. Initially, these bots were designed to be helpful, cataloging information much like search engines such as Google and Bing do today. However, the volume of automated requests has grown significantly. Today, bots account for a substantial portion of web traffic, costing businesses considerable resources to handle unwanted or malicious requests.

CVE-2024-42448: Veeam Discloses Critical RCE Vulnerability in Service Provider Console

On December 3, 2024, Veeam disclosed a critical vulnerability within the Veeam Service Provider Console (VSPC), tracked as CVE-2024-42448, which was discovered during internal testing. VSPC is a management tool designed for service providers to manage customer backups. The vulnerability allows a remote threat actor to perform Remote Code Execution (RCE) on the VSPC server machine from an authorized VSPC management agent machine.

Grow Your MSP Practice with SecurityScorecard MAX

Managing vendor security is a growing challenge for MSPs. Clients expect you to deliver enterprise-grade protection across their entire supply chain. However, many struggle with limited resources, manual processes, and the complexity of addressing third-party risks. SecurityScorecard MAX turns this challenge into an opportunity, helping you protect your clients while driving recurring revenue for your business.

A Comprehensive Guide To The NIST Cybersecurity Framework

Businesses are turning to structured cybersecurity approaches like the NIST Cybersecurity Framework (CSF) to protect data from breaches. Especially since the latter’s cost is expected to reach $10.5 million in 2025. The CSF’s core functions (Govern, Identify, Protect, Detect, Respond, Recover) can help mitigate digital risks.

Security Culture: Moving Beyond Basic Awareness Training

By James Rees, MD, Razorthorn Security The landscape of cybersecurity awareness has changed dramatically in the last 25 years. What began as simple password guidance and basic IT training has evolved into a complex web of security challenges that organisations must navigate daily. Back in December 1999, the world held its breath waiting for the Y2K bug to wreak havoc on computer systems globally.