Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Earlier this month, a group of researchers at the University of Cambridge published an academic paper, with an accompanying website, on a new type of potential vulnerability that could appear in source code. They called it Trojan Source.

On July 19, 2021, The Board of Governors for the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) released their proposed interagency guidance around third-party risk management. SecurityScorecard submitted comments in response to the proposal urging the agencies to include the adoption of security ratings to mitigate the cyber risk to financial institutions introduced by third-party vendors and suppliers.

Supply chain logistics have been the backbone of global trade for hundreds of years. Extending the same concept, with the added digital components gives birth to supply chain cyber security risks. Supply chain cyber security is a topic that has come into the limelight for the last couple of years.

Configuration management (CM) is a process that helps maintain the consistency of software versions and configurations across various environments. It is usually associated with the concept of change control. Configuration management systems help ensure that changes to an application are correctly documented, authorised, tested and deployed in a controlled manner to avoid errors.

In late August 2021, a major data leak exposed where 38 million private records through Microsoft’s Power Apps portals, a powerful low-code tool that enables both professional and citizen developers to create external-facing applications. The misconfiguration was discovered by the research team at UpGuard and is now well-known as one of the most severe low-code security incidents to date.

Iranian government-sponsored advanced persistent threat (APT) actors are exploiting known Microsoft and Fortinet vulnerabilities to attack targets with ransomware in the transportation, healthcare and public health sectors, according to an alert issued on Nov. 17 by the Cybersecurity and Infrastructure Security Agency (CISA).

The risk of config drift is ever present. And when you consider that modern enterprises have incredibly complex and ever-changing networks with thousands of devices, from routers to firewalls to switches, running billions of lines of config, it’s easy to understand why. Networks are constantly being changed by people - who though well intentioned - make mistakes. A configuration change that accomplishes the immediate goal may take the network out of compliance, but how would anyone know?

With the new year just around the corner, the world of business is set to see great change. From 5G and the Internet of Things to the blockchain, new technology trends are creating a digital transformation for companies on a global level. In this article, we’ll take a look at the latest trends in technology to keep an eye out for in 2022 and beyond.

CalCom has joined the Center for Internet Security Inc. (CIS®) as a CIS SecureSuite Product Vendor Member. Membership allows product vendors the right to integrate the CIS Benchmarks™ and the CIS Controls® content into their security product and service offering(s). CIS Benchmarks and the CIS Controls are globally recognized standard best practices for securing IT systems and data against the most pervasive cyber-attacks. “We see the collaboration with the CIS as only natural.