Collaborate Disseminate
Microsoft-owned GitHub is again flagging major security problems in the npm registry, warning that a pair of newly discovered vulnerabilities continue to expose the soft underbelly of the open-source software supply chain.
read more
Continue reading GitHub Confirms Another Major NPM Security Defect
When FireEye (now Mandiant) disclosed the SolarWinds breach in December 2020, the security world was forced to accept the reality that given the motivation, time and resources, an advanced attacker can breach any organization. And if the breached organ… Continue reading SolarWinds Outlines ‘Triple Build’ Software Development Model to Secure Supply Chain
The open-source Mozilla Foundation says it blocked a series of malicious Firefox add-ons that misused the proxy API that extensions use to proxy web requests.
The API allows add-ons to control the manner in which the browser connects to the Internet, a… Continue reading Mozilla Blocks Malicious Firefox Add-Ons Abusing Proxy API
Endpoint security platform Kolide on Thursday announced that it has raised $17 million in Series B funding, for a total of $27 million raised to date.
read more
Continue reading Endpoint Security Platform Kolide Banks $17 Million Investment
The cybercrime underground’s adoption of Cobalt Strike correlates with the rise in ransomware activity over the past few years. Cobalt Strike is a commercial tool used by legitimate penetration testers. However, many open source reports show the suite … Continue reading Whitepaper: Cobalt Strike – a toolkit for pentesters
Studying for the CCSP exam? The CCSP practice quiz is a great (FREE) study tool that allows you to quickly identify any knowledge gaps you might have in each domain. Your quiz results will allow you to refine your study strategy, so you can show up on … Continue reading CCSP practice quiz: It’s time to test your knowledge
A recent Authentication Security Strategy survey by Enzoic and Redmond magazine revealed insights into the way that passwords are currently being used in various organizations, and what the future looks like regarding this ubiquitous authentication met… Continue reading Report: The State of Password Security in the Enterprise
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that ransomware actors are deliberately launching attacks during the holidays and weekends.
read more
Continue reading CISA, FBI Warn of Increase in Ransomware Attacks on Holidays
MITRE ATT&CK has become the go-to framework in understanding and visualizing cyber threats and risk. Today its application in identifying the effectiveness of security technologies and processes is widespread, but there are also huge potential adv… Continue reading eBook: Aligning cyber skills to the MITRE ATT&CK framework
Your executives don’t care about security – they care about risk! Join to hear the latest research from a guest speaker, Sandy Carielli, Principal Forrester Analyst, on the role of the security team in building secure products. This will be… Continue reading Webinar: Practical steps to build a risk-based application security program