cybersecurity

The NIST cybersecurity framework has been a go-to resource for defining cybersecurity strategies, policies, and activities ever since version 1.0 was published back in 2014. Originally intended specifically for US companies operating critical infrastructure, it soon gained popularity across all industries and is used by CISOs worldwide. February 2024 saw the launch of version 2.0 […]

Important Information   The xz-utils package in versions 5.6.0 and 5.6.1 contains a malicious backdoor that could potentially allow remote access to SSH sessions for remote code execution (RCE) on certain Linux systems under specific circumstances and configurations. It is recommended that all Linux users verify their xz-utils version is earlier than 5.6.0 and downgrade

Focused on detection and response, security leaders might not think of DAST tools as an essential component of their AppSec toolbox. All too often, external vulnerability scanning is only performed during periodic third-party tests, giving you snapshots of your security posture that can be months out of date. What if you could run your own

Some days, it feels like every application and system out there is getting new functionality based on large language models (LLMs). As chatbots and other AI assistants get more and more access to data and software, it’s vital to understand the security risks involved—and prompt injections are considered the number one LLM threat. In his

As the saying goes, it’s tough to make predictions, especially about the future. And yet everyone tries—whether for planning or in the naive hope of not getting caught off-guard this time. While we do have our own modest tradition of end-of-year prediction posts on this blog, we look to the experts to help us make

In early December 2023, the U.S. Department of Health and Human Services published a concept paper outlining imperative new guidelines for healthcare organizations tackling cybersecurity. The publication comes on the tailwind of the Biden-Harris administration’s National Cybersecurity Strategy, building off of that momentum with a renewed focus on one of the nation’s most high-risk sectors.

It’s tempting to speak about security in binary terms: fixed or not fixed, patched or unpatched, secure or insecure. Reality, though, is more about shades of gray and probabilities than absolutes. It’s also about limited resources and endless prioritization—always with the awareness that the stakes are high and any security gaps you fail to address

Tool sprawl is a problem in all walks of the technology industry but can hit especially hard in cybersecurity. Losing track of the security toolset in your organization introduces inefficiencies that can hurt not only your security operations and incident response but also your application development and overall company performance. There are many examples of

Creating industry-leading products in application security goes beyond developing a powerful platform that delivers results without any noise—it also involves focusing on customer experiences that help build lasting relationships and add more value to our tools. Research from Salesforce proves the importance of customer experience: 73% of consumers expect vendors to understand their unique needs

In the military world, asymmetric warfare is where a large military force has to deal with far smaller and irregular opposition, like guerillas or other insurgents. So instead of facing off against a clearly visible enemy military unit, you could be surrounded by any number of smaller threats that remain hidden until an unexpected and