The latest security technology and best practices to secure software applications, vulnerabilities and code.

  • Behavioral Analytics in Cybersecurity: Does It Work as Advertised?

    In the ever-evolving fight against data loss, data breaches, and data theft in the 21st century, organizations worldwide have turned to a number of cybersecurity solutions, services, and software in an attempt to keep their data safe and secure from threats. One such solution is behavioral analytics, more specifically User and Entity Behavior Analytics (UEBA).… Read more

  • Okta ‘Breaches’ Weren’t Really Breaches

    With two high-profile breaches this year, Okta, a leader in identity and access management (IAM), made the kind of headlines that security vendors would rather avoid. After seeing headlines like these, some executives and customers lose faith that multifactor authentication (MFA) technology, particularly Okta’s, will protect their organizations, but should they? The tech world defines… Read more

  • The Challenges Facing the Passwordless Future

    For years the tech industry has promised a shift toward a passwordless future. In 2013, for example, the FIDO Alliance was created to solve the world’s password problem by replacing login technology. Google, Paypal, and Lenovo were among the original FIDO founding members. By 2015, Microsoft joined, and in 2020, Apple followed. The road to… Read more

  • Software Supply Chain Security Guidance for Developers

    Whether it’s package hijacking, dependency confusing, typosquatting, continuous integration and continuous delivery (CI/CD) compromises, or basic web exploitation of outdated dependencies, there are many software supply chain attacks adversaries can perform to take down their victims, hold them to ransom, and exfiltrate critical data. It’s often more efficient to attack a weak link in the… Read more

  • CI/CD Pipeline is Major Software Supply Chain Risk: Black Hat Researchers

    Continuous integration and development (CI/CD) pipelines are the most dangerous potential attack surface of the software supply chain, according to NCC researchers. The presentation at last week’s Black Hat security conference by NCC’s Iain Smart and Viktor Gazdag, titled “RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise,” builds on previous work NCC… Read more

  • Security Considerations for Data Lakes

    Many of the basic principles for securing a data lake will be familiar to anyone who has secured a cloud security storage container. Of course, since most commercial data lakes build off of existing cloud infrastructure, this should be the case. However, data lakes add additional elements such as data feeds, data analysis (data lake… Read more

  • Exfiltration Can Be Stopped With Data-in-Use Encryption, Company Says

    Even the most advanced and sophisticated security tools are failing to protect against ransomware and data exfiltration, according to a new report from data encryption vendor Titaniam. The State of Data Exfiltration and Extortion report says that despite heavy investments, more than half of organizations that experienced ransomware attacks ended up paying the ransom. The… Read more

  • Best Zero Trust Security Solutions

    A presidential executive order mandating a zero trust strategy for federal agencies has raised the profile of the cybersecurity technology and prompted many non-government IT security managers to consider how they might adopt the three zero trust principles: “All entities are untrusted by default; least privilege access is enforced; and comprehensive security monitoring is implemented.”… Read more

  • 25 Most Dangerous Software Vulnerabilities & Flaws Identified by MITRE

    MITRE has released its latest list of the top 25 most exploited vulnerabilities and exposures found in software. The MITRE CWE list is different from the product-specific CVE lists from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and other agencies and instead focuses on more generic software development weaknesses, similar to the OWASP list… Read more

  • CISA Urges Exchange Online Authentication Update

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is recommending that government agencies and private organizations that use Microsoft’s Exchange cloud email platform migrate users and applications to Modern Auth before Basic Auth is deprecated in October. CISA noted that Basic authentication is simple and pretty convenient but unsecured by design. It’s relatively easy for… Read more

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis