The software supply chain is increasingly being weaponized by attackers seeking to compromise businesses and steal information.
Application security specialist Checkmarx is looking to combat this with the launch of a new product which delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, malicious behavior and more.
GitHub has issued a warning about "unauthorized access to a set of repositories used in the planning and development of GitHub Desktop and Atom" in a hack that took place back in December.
Users are being advised to ensure that they install the latest updates for the affected software, but there is currently no suggestion that GitHub.com has been impacted. With the attackers having stolen code signing certificates, GitHub is revoking the certificates for some versions of Atom and GitHub Desktop on February 2, so users should update before this date.
Much of our current IT infrastructure relies on DNS to safely route traffic. Securing that infrastructure is in turn heavily reliant on cryptography, but there's a threat looming on the horizon.
Quantum computing will offer a level of processing power that could render current cryptographic techniques obsolete, and that's a problem for the entire internet and networking world. We spoke to Peter Lowe, principal security researcher at DNSFilter, to discuss the possible impact of quantum computing on security and what can be done to address the threat.
Threat hunting takes a proactive approach to identifying the security issues an organization might face. But since it tends to be based on intelligence about current threats it can overlook new ones.
Now though Trustwave has enhanced its Advanced Continual Threat Hunting platform, offering resulting in a three times increase in behavior-based threat findings that would have gone undetected by current Endpoint Detection and Response (EDR) tools.
The latest report from the GuidePoint Research and Intelligence Team (GRIT) shows an increase in ransomware activity from Q3 2022 to Q4 2022, as rebranded ransomware groups significantly increased the number of publicly claimed victims.
No quarter of last year saw less than 569 total victims -- with the biggest lull occurring in late June and early July, most likely attributed to the shift from Lockbit2 to Lockbit3, although challenges in the crypto currency market may have also had an impact.
New research commissioned by Telstra shows 41 percent of UK technology leaders identify cybersecurity as an enabler of innovation within their organization.
The fallout from the COVID-19 pandemic has seen unprecedented levels of digital transformation. At the same time though an ever-evolving threat landscape means that security risks are on the rise, leaving organizations facing the difficult task of balancing rapid digitization with security.
A new survey of 1,300 CIOs and senior DevOps managers in large organizations finds it's getting harder for IT teams to maintain software reliability and security amid the rapid acceleration of digital transformation and rising complexity of cloud-native environments.
The study from Dynatrace finds 90 percent of organizations say their digital transformation has accelerated in the past 12 months. 78 percent of organizations deploy software updates into production every 12 hours or less, and 54 percent say they do so at least once every two hours.
The switch to remote and hybrid working has led to more people working from mobile devices and using cloud platforms.
This needs a security solution that 'follows' and protects corporate data wherever it flows or resides, and with the launch of its new Cloud Security Platform, Lookout does just that.
Thanks to improved security technology, most cyberattacks now rely on some element of social engineering in order to exploit the weakest link, the human.
Phillip Wylie, hacker in residence at CyCognito, believes CISOs now need to take a step back and focus on the overall picture when it comes to security. This includes securing internal and external attack surfaces, and testing the security of these environments, as well as educating employees about the risks.
A new survey reveals that 72 percent of organizations report insider attacks have become more frequent (a six percent increase over last year), with 60 percent experiencing at least one attack and 25 percent experiencing more than six.
The study by Gurucul and Cybersecurity Insiders gathered responses from over 320 cybersecurity professionals and finds 75 percent say they feel moderately to extremely vulnerable to insider threats -- an increase of eight percent over the previous year.
According to a new study, 33 percent of global organizations are not taking the threat of cyberwarfare seriously.
The report, from asset visibility and security company Armis, is based on a survey of over 6,000 IT and security professionals around the world and finds 24 percent feel under prepared to handle cyberwarfare. Indeed, the lowest-ranking security element in the eyes of IT professionals is preventing nation-state attacks (22 percent).
League of Legends publisher Riot Games has announced that it suffered a security breach last week. While it is not clear precisely what was compromised in the social engineering-driven attack, the company says that personal information and player data was not accessed by the hackers.
The impact of the hack is that key updates and patches for numerous titles will be delayed. In addition to League of Legends, games including Teamfight Tactics have also been affected, forcing developers to change the release schedule for hotfixes.
Introduced by the US military in the 1950s, Moving Target Defense (MTD) is the concept of controlling change across multiple system dimensions in order to increase uncertainty and apparent complexity for attackers, reduce their window of opportunity and increase the costs of their probing and attack efforts.
This technique has been translated to the cybersecurity world in recent years, but while the concept is strong, it's a complex strategy that has many drawbacks if not executed properly. We spoke with Avihay Cohen, CTO and co-founder of Seraphic Security, find out more about how this concept is applied to today's cybersecurity strategies, its pitfalls and how to implement it successfully.
Although it has a reputation as a safe and secure operating system, Linux is not immune to malware. Indeed it's become an attractive target as increasing numbers of servers and other devices run Linux-based OSes.
Data analyzed by the Atlas VPN team, based on malware threat statistics from AV-ATLAS, shows new Linux malware threats hit record numbers in 2022, increasing by 50 percent to 1.9 million.
A barrage of new threats along with increasingly complex IT environments and a shortage of skilled staff make securing the enterprise and ensuring compliance more of a challenge than ever.
In order to help businesses visualize attack surfaces, understand security requirements and prioritize steps to mitigate threats across environments, ThreatModeler is launching a new cybersecurity asset marketplace.