Security and privacy often get conflated even though they are quite different things. When it comes to digital assets, security is often associated with organizations, while privacy is associated with individuals. The truth though is that both are important elements in any digital strategy and can impact both individuals and organizations.

A week ago, on March 29th, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that two versions of xz Utils, were found to have been compromised. The xz Utils code had been tampered with to include a malicious “backdoor” that would ultimately give attackers the same level of control over affected systems as authorized administrators.

Enterprise organizations face big challenges in managing software application risk at scale. With hundreds of developers working on thousands of applications across numerous business units, the complexity of ensuring security throughout the software development life cycle (SDLC) is staggering.

Securing custom applications in a sea of vulnerabilities is daunting. To make the task even more challenging, the threat to applications continues to grow: 8 out of the top 10 data breaches last year were related to application attack surfaces.1 This blog details two effective strategies for identifying vulnerabilities in custom software applications so they can be quickly addressed.

As we reach the end of our five-part series on “Secure Cloud Adoption in the Enterprise”, we thought it would be useful to summarize the discussion and also leave with you a few important things to consider when you make the decision to use the public cloud. Clichéd as it may sound, Security and Privacy are probably two of your most important security concerns in cloud computing as an IT executive.

For those only just tuning into this conversation, the EU Commission negotiated and finalized the text of what is called the “General Data Protection Regulation” (GDPR) in December of 2015. This was officially approved as law in April 2016 and comes into effect on May 25, 2018. And, if you’re an organization that does business in the EU or even has customers from those geographies, this could significantly change the way you do business.

The nature of cybersecurity risk has evolved dramatically over time, challenging traditional approaches to security. Historically, organizations have concentrated their efforts on fortifying assets they directly own, assuming that this strategy provides sufficient protection. Unfortunately, this narrow focus fails to acknowledge a fundamental truth: attackers operate without regard for ownership boundaries.

A new campaign of StrelaStealer attacks identified by security analysts at Unit42 has been spotted targeting E.U. and U.S. organizations. This somewhat new infostealer has evolved to be even better at evading detection in a new string of campaigns aimed at stealing email credentials from well-known email clients.

A product is only as secure as its weakest link. That is why many talented security engineers and researchers recommend embedding security as early in the software development life cycle (SDLC) as possible, even from the very first line of code. Or better yet, even before the very first line of code, during the threat modeling and architecture phase. Smart people have been saying this for a very long time. So, why does product security still remain difficult?

Zero-day vulnerabilities are the surprise no developer wants to get. Because these security flaws are unknown to developers, they have zero days to prepare or mitigate the vulnerability before an exploit can occur. 62% of vulnerabilities were first exploited as zero-day vulnerabilities, so they are far more prevalent than we think. Even Google Chrome can attest to that after discovering a series of zero-day vulnerabilities that left its billions of users at risk in 2023.