ADC vendor landscape is experiencing a significant change as a result of acquisitions and shifting portfolio priorities among the two largest ADC vendors. That is bringing about uncertainty with customers who have relied on these vendors for their mission-critical application infrastructures. Businesses are built on applications, and for digital-first businesses, they are critical for driving revenue and delivering a positive customer experience.

Most websites do not have their own individual server, instead they share a server along with multiple other websites and applications. All websites hosted from this server will therefore have the same IP address. This can be problematic as the server can’t differentiate which website to serve if many websites are hosted on the same IP address and port. It will serve the default website regardless of the requested domain.

When former University of Tennessee women’s basketball coach Pat Summitt retired in 2012, she had more wins than anyone in college basketball history. And yet, when asked about winning, the Vols legend is famously quoted as saying: “Winning is fun … Sure. But winning is not the point. Not giving up is the point. Never letting up is the point. Never being satisfied with what you’ve done is the point.”

Last week, CISA added CVE-2024-1086 to its Known Exploited Vulnerability Catalog. CVE-2024-1086, a use-after-free vulnerability in the Linux kernel’s netfilter, was disclosed on January 31, 2024 and assigned a CVSS of 7.8 (High). If successfully exploited, it could allow threat actors to achieve local privilege escalation. While there was no evidence of active exploitation at the time of disclosure, we have since observed adversaries targeting CVE-2024-1086 in the wild.

Talking to fellow CISO’s around the globe - and in particular Europe - the topic of cybersecurity regulations and compliance has taken on a new life. Most recently, the Network and Information Security (NIS 2) Directive is the latest regulation shaking up the region. NIS2 is much more than an update though—it's transforming the cybersecurity landscape of the EU.

Let’s take a deep dive into app permissions and privacy this summer.

Imagine a scenario where an attacker, unnoticed, gains access to your cloud infrastructure, manipulating identities and permissions to steal sensitive data or disrupt operations. In the rapidly evolving world of cloud computing, managing and securing cloud identities has become more critical than ever. Identity-based threats are growing exponentially, and traditional security measures are no longer sufficient.

The digital supply chain refers to the chain of third-party digital tools, services and infrastructure that a company depends on for a particular first-party service (such as their website or SaaS platform). In an ever-changing digital landscape, supply chains can be brittle with many unseen risks. The nature of supply chain risk is transitive; any part of the often long and complicated digital supply chain can be compromised, causing all components downstream of it to also be compromised.

To address the need for streamlined code changes and rapid feature delivery, CI/CD solutions have become essential. Among these solutions, GitHub Actions, launched in 2018, has quickly garnered significant attention from the security community. Notable findings have been published by companies like Cycode and Praetorian and security researchers such as Teddy Katz and Adnan Khan.

Onboarding is perhaps the most precarious phase of the Vendor Risk Management process. A single oversight could expose your organization to dangerous third-party security risks, increasing your chances of suffering a data breach. This post explains how to bolster the most vulnerable access points of the vendor onboarding process to help you securely scale your VRM program.