The cybersecurity world is no doubt aware that the National Vulnerability Database (NVD) has been experiencing issues over the last three months.

Secure code ensures the Internet runs smoothly, safely, and securely. This includes examples from our banks to online stores, all through web applications. With web application penetration testing, secure coding is encouraged to deliver secure code.

Cyber resilience is becoming increasingly complex to achieve with the changing nature of computing. Appropriate for this year’s conference theme, organizations are exploring “the art of the possible”, ushering in an era of dynamic computing as they explore new technologies. Simultaneously, as innovation expands and computing becomes more dynamic, more threats become possible – thus, the approach to securing business environments must also evolve.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! A request for an eye watering amount received an obvious rejection.

As technology becomes more complex, the need for strong cybersecurity measures has never been more critical. Statistics speak for themselves – according to the 2023 Annual Data Breach Report, the world has seen a 78 percent increase in 2023 in data compromises compared to the previous year. The reasons can be different – from human mistakes and ransomware to security misconfigurations.

It’s been a while since I’ve blogged. Things have been busy; Bitsight released a great report authored by yours truly on CISA’s KEV catalog. It’s really great if I do say so myself so I highly recommend going and giving it a glance.

The last 12 months have witnessed a rapid-fire round of innovation and adoption of new technologies. Powerful new identities, environments and attack methods are shaping the quickly changing cybersecurity threat landscape, rendering it more complex and causing the diffusion of risk reduction focus. New CyberArk research indicates that the rise of machine identities and the increasing reliance on third- and fourth-party providers are deepening the existing threats and creating novel vulnerabilities.

An organization’s software supply chain includes all the elements involved in developing and distributing software, such as components, tools, processes, and dependencies. Each link in this important chain presents the potential for security threats. Recent research conducted by Gartner shows a major increase in attacks targeting code, tools, open-source components, and development processes, particularly in areas where organizations lack visibility.

A third-party risk assessment pulls risk vendor risk data to help cybersecurity teams understand how to best mitigate supplier risks. Though the field of Third-Party Risk Management (TPRM) is evolving to prioritize compliance, security, and supply chain risk, third-party risk assessments could also be used to uncover an organization’s exposure to financial, operational, and reputational risks stemming from its third-party network. Learn how UpGuard streamlines Third-Party Risk Management >

With economic sanctions being levied by the US against Iran and a trade war heating up with China, some security experts are cautioning that attacks targeting US critical infrastructure may be inevitable. Are electric utilities prepared to defend themselves and their facilities against these attacks?