April 9, 2024 at 01:59PM The security profession uses preventive and detective controls to reduce risk. Preventive controls aim to lessen potential threats, while detective controls identify security issues post-incident. However, the prevalence of DDoS attacks underscores the need for more emphasis on preventive controls. Steps to enhance DDoS protection include vulnerability checks, staying nondisruptive, … Read more
April 1, 2024 at 04:48PM Veracode has acquired Longbow Security, a startup focused on automating root cause analysis of security vulnerabilities, with financial details undisclosed. Veracode plans to use Longbow’s technology to assist security teams in rapidly discovering cloud and application assets, assessing threat exposure, and automating issue investigation and remediation. The acquisition aims to … Read more
March 13, 2024 at 12:45PM Annual pen test vendor rotation seeks to maintain a fresh perspective on security. While it can uncover missed vulnerabilities and foster healthy competition, drawbacks include lack of consistency and high resource consumption. Penetration Testing as a Service (PTaaS) offers a sustainable alternative, providing continuous monitoring and insights while streamlining vendor … Read more
February 26, 2024 at 09:16AM The NIS2 Directive, effective October 2024, aims to enhance cybersecurity for critical infrastructure. It widens security requirements, extends coverage to more organizations and sectors, and imposes stricter measures and penalties. A webinar on 28 February will feature experts discussing the directive’s implications for application security and offering compliance advice. Register … Read more
February 14, 2024 at 05:21AM SAP released 13 new and updated security notes addressing critical and high-severity vulnerabilities in its February 2024 Security Patch Day. The critical issue, CVE-2024-22131, allows unauthorized access and potential system unavailability. Customers are advised to apply patches promptly due to the risk of exploitation by threat actors targeting SAP products. … Read more
February 13, 2024 at 07:29AM The National Association of State Chief Information Officers’ top 10 list highlights priorities for state and local governments in cybersecurity efforts, particularly in the realm of application security. Based on the meeting notes, it seems that the top 10 list from the National Association of State Chief Information Officers provides … Read more
January 17, 2024 at 10:07AM Cybersecurity architecture involves designing an organization’s approach to securing its information systems. It aims to establish a resilient defense against cyber threats. Leveraging open source tools offers cost-effectiveness and flexibility. Selecting tools like Wazuh, ClamAV, Suricata, pfSense, ModSecurity, VeraCrypt, OpenDLP, and OpenVAS helps build a robust cybersecurity architecture. Wazuh, in … Read more
January 10, 2024 at 12:12PM Funding for Israeli startups decreased by 60% in 2023, reflecting a broader decline in tech investments. The market correction is attributed to inflated valuations. Israeli cybersecurity startups raised $1.89 billion in 2023 compared to $3.22 billion in 2022. Experts anticipate a shift towards more realistic company valuations and increased focus … Read more
December 18, 2023 at 05:52AM Low-code/no-code (LCNC) and robotic process automation (RPA) have gained popularity, but their security implications need attention. The accelerated pace of LCNC development poses unique security challenges. Security is often neglected, leading to compliance and governance issues. Nokod Security offers a centralized solution to address vulnerabilities and manage risks across the … Read more
December 7, 2023 at 06:30PM Cycode released the State of ASPM 2024 report, the first of its kind, revealing that a majority of CISOs find current AppSec surfaces unmanageable. 90% see a need to improve security-dev relations, with software supply chain security being a critical oversight. Their ASPM platform, including newly announced ConnectorX, aims to … Read more