Security News

In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution. We hope to find the 'golden' indicator for which risk will eventually lead to a breach, but until that day, security teams need to holistically incorporate several layers of risk factors to determine business risk and drive justifiable communications.

Big incidents will be BIG. High-visibility attacks will continue to be rare, but when they occur, they will be major news, with massive implications for customers and even wider society, depending on the organization affected. Unlike the indiscriminate "Spray-and-pray" attacks we used to be so afraid of, bad actors will shift their attention to building sophisticated campaigns to take down high-value targets that are more financially rewarding for them.

Distinguishing real, business-critical application risks is more challenging than ever. A siloed, ad hoc approach to AppSec generates noisy false positives that overwhelm under-resourced security teams.

Wing Security recently announced that basic third-party risk assessment is now available as a free product. But it raises the questions of how SaaS is connected to third-party risk management...

There has been a significant decrease in vulnerabilities found in target applications - from 97% in 2020 to 83% in 2022 - an encouraging sign that code reviews, automated testing and continuous integration are helping to reduce common programming errors, according to Synopsys. The report details three years of data derived from tests run by Synopsys Security Testing Services, with targets made up of web applications, mobile applications, network systems and source code.

Research points to generative AI as a means to resolve the incident management paradox with 84.5% who either believe AI can significantly streamline their incident management processes and improve overall efficiency or are excited about the opportunities AI presents for automating certain aspects of incident management. "Traditional, rule-based automation tools are no longer sufficient for the demands of modern operations teams. Despite robust incident management processes within numerous organizations, the relentless surge in service incidents - with its consequential impact on customers and financial ramifications - mandates a transformative approach. The path forward lies in harnessing innovative solutions like generative AI, augmented by automation and guided by human judgment, to not only expedite incident resolution but also proactively detect and preempt potential issues before they escalate."

Open-source solution k0smotron is enterprise-ready for production-grade Kubernetes cluster management with two support options. The k0smotron operator is deployed onto an existing Kubernetes cluster, designated as the management cluster similar to a "Mothership," that orchestrates and provides control plane services on demand.

Kubernetes, often abbreviated as K8s, is an open-source container orchestration platform that has redefined the way modern applications are developed, deployed, and managed. Born out of Google's internal container orchestration system, Kubernetes has become the de facto standard for containerized application management, offering a powerful and flexible platform for automating containerized applications' deployment, scaling, and management.

Without the right metrics, vulnerability management is pretty pointless. Intruder makes vulnerability management easy by explaining the risks and providing actionable remediation advice.

CISA launched a new version of Logging Made Easy, a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA's version reimagines technology developed by the United Kingdom's National Cyber Security Centre, making it available to a broader audience on GitHub.