As businesses adopt emerging technologies like AI and VR, professional lives are growing more connected to the internet and, therefore, the world. While this can drastically improve efficiency and contribute to business growth, it has also led to a rise in cyber-attacks — and not just for tech companies. Cybercrime is affecting industries beyond tech, … Read more
Humans have long been the weakest link in an organization’s cybersecurity infrastructure. Statistics reveal that human errors such as misconfigurations, secret leakage, and bad data hygiene cause 95% of data breaches. Hackers rarely find their way into a system through brute force attacks; in fact, the most commonly known strategy is phishing attacks that help … Read more
The world is filled with hackers and other criminals who hunt the web for unprotected small and medium-sized businesses. Cybercriminals understand that many businesses are not equipped to manage a breach, leaving them more vulnerable to attacks and less likely to respond. But that doesn’t mean your company has to remain passive in the fight … Read more
Perhaps one of the best Black Hat talks in recent years was renowned web security researcher Orange Tsai’s presentation about bypassing Server-Side Request Forgery (SSRF) defenses. Together with his team, Tsai proposed a “very general attack approach” to discover numerous zero-days in built-in libraries of widely-used programming languages including Java, PHP, Python, Perl, JavaScript and … Read more
Widespread transition to remote/hybrid work creates vast opportunities for cyber attackers. With much more data being stored in the cloud and employees toiling away in less-secure home-office environments, ransomware attacks have skyrocketed. All told, ransomware struck 66% of midsize organizations in 2021, up from 37% the previous year according to the State of Ransomware 2022 … Read more
Cybersecurity news is a curious thing. For the most part it’s bad news. Companies have been breached, risks are ever increasing and another billion-dollar crypto raid is under investigation. Feels like we have enough to be worried about in 2022 without adding more. Application security is a category within a category and has been top … Read more
What happens when two distinct teams with varied technological expertise, different incentive structures and contrasting priorities converge?—the answer is usually tension. During a recent discussion with colleagues, a completely different result was experienced. ‘Camaraderie’ is the word that immediately comes to mind when thinking about the veteran DevSecOps/engineering and security leaders. Sure there are still … Read more
In the past, women’s role in the tech industry has been underrepresented, however, women have long been active in information security. Their contributions are often overlooked and under-appreciated. Perhaps because women’s stories aren’t told as often as men. Many cybersecurity professionals are unaware that women have been shaping and protecting our data for decades. Despite … Read more
The Russian invasion of the Ukraine was bound to have a part of the conflict rooted in cyberspace. The rise of crowdsourced security in the current war has taken an interesting turn.
Security is a part of the Software Development Life Cycle (SDLC) that needs to be made a part of every cycle process, especially deployment. Secure software deployment does not start when the software is being deployed; it starts way back when the first line of code is written. Here are some secure software development best … Read more
