Security News

Securing software repositories leads to better OSS security
2024-03-04 11:53

Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. The security capabilities of public software package repositories plays a crucial factor in securing the open-source software supply chain.

Integrating software supply chain security in DevSecOps CI/CD pipelines
2024-03-04 05:00

NIST released its final guidelines for integrating software supply chain security in DevSecOps CI/CD pipelines. In this Help Net Security video, Henrik Plate, Security Researcher at Endor Labs, talks about this report, which provides actionable measures to integrate the various building blocks of software supply chain security assurance into CI/CD pipelines to enhance the preparedness of organizations to address supply chain security in the development and deployment of cloud-native applications.

Enhancing security through proactive patch management
2024-03-04 04:00

Despite its importance, patching can be challenging for organizations due to factors such as the sheer volume of patches released by software vendors, compatibility issues with existing systems, and the need to balance security with operational continuity. To ensure effective patch management, organizations should establish clear policies and procedures for patching, automate patch deployment where possible, regularly scan for vulnerabilities, prioritize patches based on risk, and conduct thorough testing before deployment.

Keeping one step ahead of cyber security threats
2024-03-01 09:05

Webinar Dealing with cyber security incidents is an expensive business. Each data breach costs an estimated $4.35 million on average and it's not as if the volume of cyber attacks is falling - last year, they rose by 38 percent according to Google Cloud.

Chinese 'connected' cars are a national security threat, says Biden
2024-02-29 19:01

Concerned over the chance that Chinese-made cars could pose a future threat to national security, Biden's administration is proposing plans to probe potential threats posed by "Connected" vehicles made in the Middle Kingdom. The US president said he's putting the onus for sussing out the reality of the threat posed by Chinese automobiles on the Department of Commerce, which today said it issued an advanced notice of proposed rulemaking seeking public comment on the matter.

How organizations can navigate identity security risks in 2024
2024-02-29 05:30

What are the most pressing identity security risks and threats for organizations in 2024? To address these complexities, organizations need business users and security teams to collaborate on an identity management and governance framework and overarching processes for policy-based authentication, SSO, lifecycle management, security and compliance.

Anycubic 3D printers hacked worldwide to expose security flaw
2024-02-28 23:06

According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks. This vulnerability allegedly enables potential attackers to control any Anycubic 3D printer affected by this vulnerability using the company's MQTT service API. The file received by the impacted devices also asks Anycubic to open-source their 3D printers because the company's software "Is lacking."

GDPR Security Pack
2024-02-27 16:00

A credit card or PayPal account is required for purchase. You will be billed the total shown above and you will receive a receipt via email once your payment is processed.

It’s time for security operations to ditch Excel
2024-02-26 05:30

Security teams are hiding an embarrassing secret from the outside world: despite their position at the vanguard of technology, security risks and threats, their actual war plans are managed on spreadsheets. Using these spreadsheets requires security operations to chase down every team in their organization for input on everything from the mapping of exceptions and end-of-life of machines to tracking hardware and operating systems.

Security is hard because it has to be right all the time? Yeah, like everything else
2024-02-25 16:09

Systems Approach One refrain you often hear is that security must be built in from the ground floor; that retrofitting security to an existing system is the source of design complications, or worse, outright flawed designs. Is there something about security that explains our challenges? Or, to put it another way, is there anything about security that makes it fundamentally different from scalability, availability, or any other design requirement when we talk about large systems such as the Internet?