Challenges development teams face when building applications with open source
Tidelift released a report providing critical insights into the state and practice of open source software supply chain management. This comprehensive study of nearly 700 …
Moving towards defense in depth under the gray skies of conflict
The war in Ukraine is in the second month of bloodshed and the broader impact of the conflict is being felt across the globe, as markets react to increased fuel prices and the …
The state of coordinated vulnerability disclosure policies in EU
The European Union Agency for Cybersecurity (ENISA) publishes a map of national coordinated vulnerability disclosure (CVD) policies in the EU Member States and makes …
81% of codebases contain known open source vulnerabilities
Synopsys released a report which examines the results of more than 2,400 audits of commercial and proprietary codebases from merger and acquisition transactions, and …
DaaS might be the future of work
The move to hybrid work is on. And to support and accelerate it, IT executives are counting on Desktop as a Service (DaaS). According to the results of a Pulse survey …
State of Pentesting 2022 report: Interactive event and open discussion
In The State of Pentesting 2022 Report, Cobalt studied data from 2,380 pentests and surveyed 602 cybersecurity and software development professionals. The report focuses on …
4 steps for building an orchestrated authorization policy for zero trust
There is a great deal of emphasis placed on the zero-trust approach with respect to access. Looking beyond authentication (the act of verifying that someone is who they say …
The price of an accelerated digital transformation
F5 announced a report which shows the challenges organizations face as they transform IT infrastructures to deliver and secure digital services that have become inseparable …
Week in review: Attackers exploiting VMware RCE, Microsoft fixes actively exploited zero-day
Here’s an overview of some of last week’s most interesting news, articles and interviews: Microsoft fixes actively exploited zero-day reported by the NSA (CVE-2022-24521) On …
Critical Microsoft RPC runtime bug: No PoC exploit yet, but patch ASAP! (CVE-2022-26809)
Three days have passed since Microsoft’s latest Patch Tuesday, and CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential. It’s easy …
New infosec products of the week: April 15, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Axis Security, BigID, Finite State, oak9, OwnBackup, Palo Alto Networks, and Spin …
Confessions of a CTO
Chief technology officers (CTOs) are typically juggling the joint responsibility of maintaining the organization’s overarching technology infrastructure and enabling business …
Featured news
Resources
Don't miss
- Balancing usability and security in the fight against identity-based attacks
- MSSqlPwner: Open-source tool for pentesting MSSQL servers
- Critical SimpleHelp vulnerabilities fixed, update your server instances!
- Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)