Are We Doomed? Not If We Focus on Cyber Resilience
Here’s how to doom a cybersecurity program: Think of cybersecurity as a war against an attacker that must be fought to the finish, invest in threat tracking technology for threats your organization has no capabilities to defend against, and let the sunk cost effect determine how you spend your security budget. In reality, cybersecurity is…
API management (APIM): What It Is and Where It’s Going
So, where does this leave businesses that want to leverage the power of APIs? For starters, they need to invest in an API security strategy that covers all their bases. A robust strategy will be held up by a number of different tools and methodologies, including API management (APIM). In this article, we’re taking a…
CISA to Open Supply Chain Risk Management Office
The US Cybersecurity and Infrastructure Security Agency (CISA) plans to open an office focused on helping the public and private sectors protect their software and IT supply chains. The new office will help organizations implement recently issued CISA policies and guidance related to managing cybersecurity supply chain risk, including issues stemming from malicious functionality, counterfeit…
Snyk CEO Peter McKay on Making Defense Easier for Developers
The nearly $200 million it raised in December will allow Snyk to consolidate the developer security market through organic investment and acquisitions, says CEO Peter McKay. Snyk has focused on giving clients a 360-degree view of applications by integrating open-source security, container security, infrastructure-as-code security and cloud security together, he says. The company’s buy of…
Poser Hackers Impersonate LockBit in SMB Cyberattacks
A recent spate of cyberattacks against small to midsize businesses (SMBs) across Northern Europe was initially believed to be the handiwork of LockBit, but following further investigation, it turns out that a copycat group is using leaked LockBit malware for campaigns of its own. According reports from Belgium’s Computerland publication, the “wannabes,” while not as…
Will Cybersecurity Remain Recession-Proof in 2023?
We’ve recently seen substantial layoffs across the tech sector, to the tune of around 140,000 redundancies made by big names such as Amazon, Salesforce, Microsoft, and Tesla. As the recession bites, falling stock prices and further contraction in the market, together with merger and acquisition activity, are expected to force businesses to reduce head count…
Nvidia targets insider attacks with digital fingerprinting technology
Nvidia today announced that a digital lab playground for its latest security offering is now available, letting users try out an AI-powered system designed to monitor individual user accounts for potentially hazardous behavior. The idea, according to the company, is to leverage the large amounts of data that many organizations compile anyway about login and…
Norton LifeLock Warns on Password Manager Account Compromises
Norton LifeLock customers have fallen victim to a credential-stuffing attack. Cyberattackers used a third-party list of stolen username and password combinations to attempt to break into Norton accounts, and possibly password managers, the company is warning. Gen Digital, owner of the LifeLock brand, is sending data-breach notifications to customers, noting that it picked up on…
What Are Some Ways to Make APIs More Secure?
Businesses of all sizes and across all industries routinely rely on internal APIs to unite their line-of-business apps, and on external APIs to share data or services with vendors, customers, or partners. Because a single API may have access to multiple applications or services, compromising the API is an easy way to compromise a broad…
C2A Security To Showcase Automotive Cybersecurity DevOps Platform at CES In Las Vegas, January 5-8
C2A Security, a leading provider of automated cybersecurity solutions for connected, autonomous, and electric vehicles will showcase its flagship product, EVSec, during the Consumer Electronics Show (CES 2023) taking place in Las Vegas, January 5-8, 2023. EVSec’s innovative automated cybersecurity DevOps platform helps C2A Security customers and partners including Thundersoft, NTT Data, Marelli, MIH, and…
