Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The more technology your organization adopts, the more exposed it becomes to third-party risks. Consider these statistics: Organizations have responded to these risks by implementing robust third-party risk assessment procedures. However, a common mistake is to view vendor risk management as a one-time activity, typically conducted prior to onboarding a new vendor. Since third-party risks are constantly evolving, it's crucial to evaluate vendor security at every phase of the vendor lifecycle.

Many enterprises today are exploring the benefits of Secure Access Service Edge (SASE). SASE is a modern networking and security solution for enterprises that converges SD-WAN and network security solutions like NGFW, IPS, and NGAM. SASE provides a single, unified and cloud-native network and security service that is adapted to current and future technology and business needs.

News broke in early February that the ACN, Italy’s National Cybersecurity Agency, issued a warning regarding a VMware vulnerability discovered two years ago. Many organizations hadn’t yet patched the issue and became the victims of a new ransomware called ZCryptor. The malicious software wreaked havoc on Italian and European businesses by encrypting users’ files and demanding payment for the data to be unencrypted.

Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories affected. Specifically – there was no public evidence of severe malicious activity in the NuGet repository other than spam packages used for spreading phishing links. As with other repositories, the JFrog Security Research team regularly monitors the NuGet repository for malicious packages, including manual analysis of suspicious code.

From the CISO perspective, identity security is one of the top security challenges, driven by the adversary’s increased use of stolen credentials to target and infiltrate organizations. The data bears this out: according to the CrowdStrike 2023 Global Threat Report, 80% of attacks use compromised identities, while advertisements for access broker services jumped 112% in 2022.

From its inception, the automotive industry has been shaped by innovation and disruption. In recent years, these transformations have taken shape in rapid digitization, ever-growing Electric Vehicle (EV) infrastructure, and advanced connectivity. These shifts have redirected the automotive industry, meeting and surpassing customer expectations for what vehicles should accomplish.

When did you last have a light-bulb moment? For me, it was very recent. I was working with a client, supporting them in their latest Payment Card Industry Data Security Standard (PCI DSS) annual compliance assessment, and, in discussion with the Qualified Security Assessor (QSA), I had a sudden urge to challenge something we’ve all, always, believed to be a fundamental tenet of managing information security – the need for annual policy reviews.