During our recent webinar hosted by Device Authority’s Tyler Gannon and Imagination Technologies Marc Canel (Does new IoT security legislation make Zero Trust the only strategy?). We ran a poll asking attendees about their understanding of SBOM; one of the options was “SBOMs are a roadmap to the attacker”.

Open source got more open source-y. Kubescape API is now documented on Swagger, the OpenAPI standard. That’s it in a nutshell. Scroll down to read more about it. We’re excited to share that we made another important step as an open-source company. We have documented the APIs of our newly open-sourced services using Swagger, the OpenAPI standard. This will help you integrate, interact and develop for the Kubescape platform.

For far too long, the cybersecurity industry has subscribed to a flawed methodology — one that is based on the notion that organizations can avoid security threats through obscurity and secrecy. The assumption is that keeping security controls and processes covert makes products and data inherently more secure against cyber threats within the networks we defend. However, even the most sophisticated cybersecurity defenses are no match for well-funded, highly motivated adversaries.

The awaited OpenSSL 3.0.7 patch was released on Nov. 1. The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786), which affect all OpenSSL v3 versions up to 3.0.6. These vulnerabilities are remediated in version 3.0.7, which was released Nov. 1. The vulnerabilities fixed include two stack-based buffer overflows in the name constraint checking portion of X.509 certificate verification.

TL;DR: AWS Object Lamba can authorize requests to S3. We can create an Object Lambda that calls Open Policy Agent (OPA) to get a policy decision. This delegation allows us to implement policies using Rego and manage them in Styra Declarative Authorization Service (DAS).

One of the primary challenges that our security analysts encounter is where and how to best use their time. Monitoring and reviewing the constant influx of data and alerts produced by our client’s networks whilst also finding the time to keep on top of trending and emerging threats is no mean feat, and not particularly conducive to a healthy work-life balance…

Artificial Intelligence (AI) is a trending topic for many industries now. A variety of organizations currently employ AI mechanisms to support their operational functions. Automated tasks, natural language processing, deep learning, and problem-solving; such AI characteristics have made business tasks much easier. The factor of security in AI is largely overlooked, and with the increasing number of cyber threats and attacks, AI security serves as a crucial element that should be paid attention to.

Google Play is every Android’s first go-to option for downloading apps. However, even this ever-famous application portal isn’t free from malicious apps directed toward conning the installers. A renowned security firm, Malwarebytes Labs, has warned users against downloading and using these top four applications, which have collectively garnered 1 million downloads. Per the security researchers at the firm, these apps hide Trojans, which serve adware and direct users to phishing sites.