Security News

So you've decided to set up a vulnerability scanning programme, great. If you're not sure about that yet - check out this comprehensive vulnerability scanning guide.

If you're like most IT professionals, the threat of a ransomware attack might keep you up at night. Recent Veritas Technologies research suggests that the average organization has had 2.57 ransomware attacks that led to significant downtime in the past 12 months, with 10 percent experiencing downtime that impacted business more than five times.

The National Cybersecurity Alliance and CybSafe announced the release of a report which polled 2,000 individuals across the U.S. and UK. The report examined key cybersecurity trends, attitudes, and behaviors ahead of Cybersecurity Awareness Month this month. "The cybersecurity threat landscape is as complex and diverse as it has ever been," said Lisa Plaggemier, Interim Executive Director, National Cybersecurity Alliance.

Cybersecurity training is not the same across all companies; SMB training programs must be tailored according to size and security awareness. Who better to give advice about how small- or medium-sized businesses should handle cybersecurity than an organization and expert with currency in helping SMBs survive? Anete Poriete, UX researcher at CyberSmart, in her Real Business article, The Best Practises for Cybersecurity Training in SMEs, said there's a common misconception that SMBs aren't aware of cybersecurity threats.

Despite a marked increase in concerns around malware attacks and third-party risk, only 8% of organizations with web applications for file uploads have fully implemented the best practices for file upload security, a report from OPSWAT reveals. Most concerning, one-third of organizations with a web application for file uploads do not scan all file uploads to detect malicious files and a majority do not sanitize file uploads with CDR to prevent unknown malware and zero-day attacks.

The Open Source Security Foundation on Wednesday announced the availability of a new GitHub app that can be used to automatically and continuously enforce security best practices for GitHub projects. Allstar is a companion to Security Scorecards, an automated risk assessment tool for repositories and their dependencies that was also contributed by Google.

Google and the Open Source Security Foundation have released Allstar, an app that allows organizations / owners of GitHub repositories to set up security policy expectations for GitHub projects and to make sure that these policies are adhered to. "Allstar works by continuously checking expected GitHub API states and repository file contents against defined security policies and applying enforcement actions when expected states do not match the policies," OpenSSF's John Mertic explained.

The PCI Security Standards Council and the Cloud Security Alliance issued a joint bulletin to highlight the importance of properly scoping cloud environments. At a high level, scoping involves the identification of people, processes, and technologies that interact with or could otherwise impact the security of payment data or systems.

Pulumi announced that SANS Institute is using the Pulumi Cloud Engineering Platform to streamline the delivery of applications and infrastructure, increasing the speed of delivery by 3X. Pulumi enabled SANS to adopt cloud engineering best practices so that it could reduce deployment times, simplify its cloud architectures and ultimately create a better experience for end customers. SANS now delivers cloud infrastructure using TypeScript and GitOps workflows, allowing it to use the power of modern languages and software engineering to deploy and configure infrastructure through a single platform.

Business email compromise refers to all types of email attacks that do not have payloads. In a recent study, 71% of organizations acknowledged they had seen a business email compromise attack during the past year.