Today, open source software provides the foundation for the vast majority of applications across all industries, and software development has slowly moved toward software assembling. Because of this change in the way we deliver the software, new attack surfaces have evolved and software security is facing new challenges inherent with dependency on open source software.

Elastic Security has long been open — with open source roots, open development, and the release of our SIEM in 2019. In 2020, we further embraced the openness of Elastic and released our open detection-rules repo to collaborate with our users and be transparent about how we protect customers. That repo is focused on our SIEM and Security Analytics use cases and did not yet include Elastic Endpoint Security artifacts.

A new long-running phishing campaign, allegedly originating from Vietnam and active since 2018, is targeting professionals on LinkedIn with the final objective to compromise their corporate Facebook accounts.

Being online means that we are constantly interacting with others and sharing information across borders. It also means that Google is tracking you. This virtual international travel creates countless opportunities for cybercriminals to access our personal data. If you dive into how the internet works and how to protect your privacy, you’ll start to hear the word cybersecurity a lot. But what is cybersecurity exactly? Is cybersecurity hard?

One of the best ways to stay up to date on how mobile devices affect your organization's security is by reading the Mobile Security Index (MSI) by Verizon. Lookout is a long-time contributor to the report, including the 2022 edition that was just published. This year’s MSI is especially interesting, as it dives deeper into the interconnectivity that now exists between endpoint devices and cloud applications.

The internet of things (IoT) is a system of interconnected computers, devices, digital machines, and objects, all marked with unique identifiers (UIDs) and enabled to transfer and share data over a network. It was first coined by Kevin Ashton in 1999 when he envisioned a future where things communicated with each other, apart from human interaction With the evolution of web-enabled smart homes and smart devices in nearly every corner of life, IoT attack surfaces begin to emerge.

A recent survey of nearly 2,000 IT professionals found that while most (85%) enterprises believe cloud technologies are critical to innovation, only 40% actually have a security policy in place. On top of this, almost half of the respondents using cloud infrastructure reported their engineers and developers circumvent or ignore cloud security and compliance policies, demonstrating the importance of automation and monitoring technology.

Black Duck’s newest release delivers all-new, lightning-fast infrastructure-as-code (IaC) scanning capabilities. The news is just in, and it’s big: Black Duck now offers IaC scanning functionality. With no additional licenses required, this capability is available immediately for all existing Black Duck customers. Let’s dig into exactly what this means for you, how it helps your existing security efforts, and what you can expect in the months to come.

If you are considering Azure Files as the persistent storage for your Azure Kubernetes Service (AKS) applications, there are important considerations around AKS backup and recovery with implications on how you can perform Dev, Test, and Staging. This article outlines these data management considerations in detail and how to work around Azure Files limitation to achieve feature parity with using Azure Managed Disks.