Have you considered how often your phone number has been shared? Most of us give out our cell phone numbers all the time – to friends, acquaintances, colleagues, and even big, monolithic, impersonal companies. We may even print them on business cards or list them on public forums. A cell phone is no longer just a way to contact someone to engage in conversation.

Protecting cloud workloads from zero-day vulnerabilities like Log4Shell is a challenge that every organization faces. When a vulnerability is published, organizations can try to identify impacted artifacts through software composition analysis, but even if they’re able to identify all impacted areas, the patching process can be cumbersome and time-consuming. As we saw with Log4Shell, this can become even more complicated when the vulnerability is nearly ubiquitous.

Enterprises continue to embrace cloud technology, some driven by the desire to offload rising hardware costs and operational overhead, others enticed by the promise of scalable, on-demand, practically infinite capacity and capability only a few clicks away.

The impact of AI on cybersecurity continues to be a hot topic of discussion within the information security industry. Cyber-threats are rapidly increasing in volume. In part, this is because the attack surface for cybercriminals is huge, and it continues to grow and evolve at a lightning pace. Every year billions of cyber-attacks are launched with a wide variety of motives, and new threats with more sophisticated tactics or methods are trialed to bypass existing security systems.

Data loss can cause tremendous damage to a business. It diminishes trust in your brand and can lead to financial losses from lawsuits, fines for non-compliance, and theft of intellectual property. Data loss prevention (DLP) is the set of practices and tools designed to prevent data leakage through intentional and unintentional misuse. These practices and tools include encryption, detection, preventative measures, educational pop-ups, and even machine learning to identify vulnerabilities.

Our activities around sponsoring Open Source are not just limited to projects we rely on; we have also been supporting those that are important to the general Cybersecurity ecosystem and beyond. We're in this for the long haul and the most recent set of projects covers a very wide scope. We want to help ensure that everyone has sustainable Open Source for many years to come. Let's tell you about these new projects and why you should be aware of them.

The benefits of cloud computing are causing the adoption of cloud services by companies of all sizes to increase each year. The reduction of operating costs, time to market, ease of use, and reliability are some of the most significant benefits. However, the shared responsibility model must be taken into consideration. Cloud breaches are already everywhere and it doesn’t look like they’re going to slow down anytime soon.

In the latter part of December 2021, WhiteSource Diffend detected the new release of a package called @maui-mf/app-auth. This package used a vector of attack that was similar to the server side request forgery (SSRF) attack against Capital One in 2019, in which a server was tricked into executing commands on behalf of a remote user, thereby enabling the user to treat the server as a proxy for requests and gain access to non-public endpoints.

Just over three years ago, Joe DePalo joined Netskope as Senior Vice President of Platform Engineering. He had most recently led the infrastructure design and build-out at AWS, the world’s largest public cloud, and prior to that, engineering and operations for one of the largest content delivery networks (CDNs) at Limelight Networks.