Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A potential security risk in the npm ecosystem known as “manifest confusion” has recently been spotlighted in a blog post by Darcy Clarke, a former Staff Engineering Manager at GitHub. Clarke mentioned that JFrog Artifactory seems to replicate this issue, so of course we investigated it right away. In this post, we will explain what the issue is and what it might mean for JFrog Artifactory users.

Security compliance programs help your organization identify, implement, and maintain appropriate security controls to protect sensitive data, comply with laws and contractual obligations, and adhere to the standards, regulatory requirements, and frameworks needed to protect customers and enable the business to succeed. ‍ In other words, with a security compliance program in place, companies are able to demonstrate that they meet designated security requirements and objectives.

The Cybersecurity Maturity Model Certification (CMMC) is a US Department of Defense (DoD) certification framework that aims to protect sensitive information handled by Defense Industrial Base (DIB) contractors by establishing a set of cybersecurity standards and best practices to follow. DIB partners often handle critical DoD information and other government data to operate, which typically has various levels of sensitivity and classification.

When the Nevada Revised Statutes Chapter 603A (Nevada Privacy Law) was first proposed, it only required businesses to notify consumers in the event of a data breach. Since then, the law has been expanded and amended on several occasions. Today, the law grants resident consumers various privacy rights and requires operators and data brokers to adhere to strict data protection regulations.

Finding the perfect cybersecurity SaaS solution can be difficult considering the numerous factors that must be considered, such as the industry your organization operates in, the number of vendors your organization manages, the budget available to find a suitable security solution, and the specific use cases for your organization. Part of the selection process is to trial many different products so you can compare multiple services and find the best solution for your organization’s needs.

Microsoft was the most impersonated brand in phishing attacks during Q2, 2023, according to Check Point’s latest Brand Phishing Report.

A new report focused on the healthcare sector sheds light on the state of cyber attacks in the European Union, including the types of attacks, who’s targeted, motivations, and who’s responsible. The newly-released Health Threat Landscape report from the European Union Agency for Cybersecurity (ENISA) is the first analysis completed by the agency and covers incidents from 2021 through March of 2023.

The latest data from the FBI’s Internet Crime Complaint Center (IC3) ups the estimate for the cost of losses and exposure through business email compromise (BEC) attacks from 2013 through 2023. In the latest advisory from the IC3 entitled “Business Email Compromise: The $50 Billion Scam,” there was a 17% increase in losses from BEC attacks in 2022.

Nightfall’s recent “State of Secrets” report uncovered that collaboration, communication, and IT service tools have the highest risk of data exposure, particularly in industry-leading SaaS apps like Slack and GitHub. This trend highlights an incredibly pervasive (yet often overlooked) risk in cloud cybersecurity: Data sprawl.

Hillsborough County is a location in the middle of Florida, with a current population of approximately 1.4 million. The county is tasked with managing and protecting the information of a huge number of people, and it failed to do so recently. It was hit by a data breach that lost personal and medical information for thousands of people. The breach could result in several consequences, such as identity theft, financial loss, and long-term problems for some of these victims.