May 20, 2024 at 08:12AM Developers often rely on open-source components, which account for the majority of modern software. However, vulnerabilities often stem from these components. GitGuardian’s Software Composition Analysis (SCA) enables developers to scan for CVEs before committing code, ensuring early detection and prevention of known vulnerabilities. GitGuardian SCA is available for a 2-week … Read more
May 16, 2024 at 07:10AM Palo Alto Networks and IBM announced a partnership to provide cybersecurity solutions and consulting services. IBM will expand its use of Palo Alto’s security platforms and train security consultants. IBM Consulting will be a preferred MSSP for Palo Alto customers, and the companies will set up a joint SOC and … Read more
May 15, 2024 at 05:36PM Palo Alto Networks and IBM have announced a partnership to deliver AI-powered security outcomes for customers, offering comprehensive security platforms underpinned by AI. As part of the partnership, Palo Alto Networks will acquire IBM’s QRadar SaaS assets, subject to closing conditions. Both companies aim to accelerate growth and innovation in … Read more
April 25, 2024 at 10:04AM The article covers the SEC’s SolarWinds’ indictments and proposes a remediation safe harbor for cybersecurity incidents. It discusses the discrepancy between SolarWinds’ public cybersecurity statements and internal knowledge of risks, highlighting the need for better cybersecurity disclosures. The author suggests CISOs should have more control over and involvement in company … Read more
April 16, 2024 at 10:36AM New cybersecurity research reveals that CLI tools from AWS and Google Cloud can expose sensitive credentials in build logs, posing risks to organizations. Microsoft has addressed the issue, while Amazon and Google consider it expected behavior, advising organizations to avoid storing secrets in environment variables and use dedicated secrets store … Read more
April 12, 2024 at 07:51AM The article discusses the growing importance of managing non-human identities in today’s technology landscape. It highlights the potential vulnerabilities and security risks associated with these identities and provides insights into the necessary features for managing them effectively, emphasizing the need for comprehensive visibility, real-time monitoring, centralized governance, and vulnerability detection. … Read more
April 9, 2024 at 01:52PM Software supply chain attacks are a growing concern for CISOs due to their ease of execution and high payoff for attackers, posing significant risks to organizations. These attacks, whether widely known or obscure, create considerable risk and require comprehensive security strategies. Experts recommend managing vendor risk, implementing security frameworks, software … Read more
April 5, 2024 at 11:39AM Acuity, a federal contractor, confirmed a breach of its GitHub repositories by hackers who stole old and non-sensitive data. The firm provides tech consulting and cybersecurity services to U.S. government agencies. The breach is under investigation by the U.S. Department of State after leaked data allegedly included information from various … Read more
March 21, 2024 at 10:52AM Researchers at JFrog have uncovered over 800 npm registry packages with discrepancies from their registry entries, 18 of which exploit a technique called manifest confusion. This technique can trick developers into running malicious code by supplying a different manifest with hidden dependencies during installation. They stress the importance of verifying … Read more
March 1, 2024 at 04:08PM The explosive growth in AI will immensely complicate software supply chain security. AI and ML models, integral to AI applications, contribute to the complexity. Developers must understand and secure these models, but existing security tools are ill-equipped for this task. Consequently, a new approach called MLSecOps is needed to address … Read more