Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Understanding OWASP Top 10 Client-Side Risks

Websites rely heavily on client-side code to deliver interactive user experiences. Unlike server-side code, which is protected within an organization’s infrastructure, client-side code runs in the user’s browser and is exposed to various risks such as data theft and JS injection. Recognizing the unique challenges of securing client-side code, OWASP has created a dedicated Top 10 list for client-side security risks.

How to Prevent Malware Attacks from Impacting Your Business

A robust malware prevention and detection strategy is critical to cyber security and cyber resilience today. After all, a single malware infection can inflict serious financial damage — from business disruptions and remediation costs to lasting reputational damage and customer churn. To help, this blog explains the types of malware organizations need to defend against and the common vectors for deployment.

On-Prem and Kubernetes: A delicate relationship

In cloud security, context is everything. In the previous two installments of our Customers Care Chronicles, we wrote about how a security vendor needs to be a true business partner and the potential headaches when migrating tools in the cloud. In this installment, we tackle another non-security concept that happens to be crucial for security: environment.

The Downloadable Risk Assessment Template for Cybersecurity [XLS]

Every day, new headlines emerge about another major corporation falling victim to a cyberattack, leaving businesses everywhere questioning their vulnerabilities. These breaches underscore the critical need for thorough risk assessments to identify and mitigate potential weaknesses. Proactively managing risks enables organizations to better defend against the relentless wave of cyber threats.

August Release Rollup: PDF Document Comparison, Content Classification Policy Recommendations, Knowledge Base Updates and More

We’re excited to share new updates and enhancements for August, including highlights: For more information on these updates and others, please read our complete list below and follow the links for more detailed articles.

Threat Actors Abuse Microsoft Sway to Launch QR Code Phishing Attacks

Researchers at Netskope last month observed a 2000-fold increase in traffic to phishing pages delivered through Microsoft Sway. The phishing attacks are targeting organizations in the technology, manufacturing, and finance sectors in Asia and North America. Most of these attacks involved QR code phishing (quishing) to trick victims into visiting the malicious sites.

Nearly Half of Mid-Market and Enterprise Organizations Have Experienced Four or More Ransomware Attacks in the Last Year

New data exposes the reality of ransomware attacks today, including their frequency, impact, ransom payment – and the involvement of human error. It’s readily evident that ransomware is only growing as a threat. But a new infographic from ERP Cybersecurity vendor Onapsis covering the state of ransomware provides some context on just how critical the threat is right now: The most shocking stat is that in 81% of attacks, human error was involved in the successful execution of the ransomware.

U.S. Experiences 52% Increase in the Number of Ransomware Attacks in One Year

New analysis of current ransomware attacks shows a massive focus on U.S. organizations, with growth spread across nearly every industry. One would think there would be a slowdown in the number of ransomware attacks due to the amount of threat intelligence and best practices to mitigate this threat.

Software supply chain risk assessment: 8 steps to a secure SDLC

Like any chain, a software supply chain contains many links. These links consist of every actor involved in the development & deployment of your code in the Software Development Life Cycle (SDLC). An actor can be the developers, infrastructure components, and even repositories like GitHub. A company might have a very secure supply chain. However, it will only be as strong as its weakest link.

Evolution of Attack Surface Management

While it was not called ASM, the concept of managing attack surface management began with basic asset management practices in the late 1990s and early 2000s. Organizations focused on keeping an inventory of their digital assets, such as servers, desktops, and network devices. The primary objective was to maintain an accurate record of these assets to ensure proper configuration and patch management.