April 13, 2023

The Week in Security: 3CX attackers identified as North Korean, CISA pushes Secure by Design

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: 3CX attackers identified as North Korean, CISA pushes Secure by Design

The Week in Security: 3CX attackers identified as North Korean, CISA pushes Secure by Design

April 11, 2023

Has public USB ‘juice jacking’ made it into the wild?

Déjà vu, but carry protection, dev teams traveling with credentials: Public-USB hacks could finally have gone rogue, per the FBI.

Read More about Has public USB ‘juice jacking’ made it into the wild?

Has public USB ‘juice jacking’ made it into the wild?

April 11, 2023

Why 'shift left' is now a dirty term in some security circles

Here's why some security practitioners question the term — and what they think app sec teams should focus on instead.

Read More about Why 'shift left' is now a dirty term in some security circles

Why 'shift left' is now a dirty term in some security circles

April 10, 2023

What went wrong with the 3CX software supply chain attack — and how it could have been prevented

Experts break down the incident, and explain how app sec tools are evolving to detect and prevent such attacks.

Read More about What went wrong with the 3CX software supply chain attack — and how it could have been prevented

What went wrong with the 3CX software supply chain attack — and how it could have been prevented

April 6, 2023

The Week in Security: Social engineering-attacks up with the rise of AI tools, Genesis Market seized

Research connects the rise of AI tools and an increase in social engineering attacks. Also: A stolen credentials site is seized.

Read More about The Week in Security: Social engineering-attacks up with the rise of AI tools, Genesis Market seized

The Week in Security: Social engineering-attacks up with the rise of AI tools, Genesis Market seized

April 5, 2023

CISA Cybersecurity Performance Goals update: Key changes and additions

CPGs are now better aligned with NIST's Cybersecurity Framework (CSF), and supply chain goals have been added. MFA guidance is also new.

Read More about CISA Cybersecurity Performance Goals update: Key changes and additions

CISA Cybersecurity Performance Goals update: Key changes and additions

April 5, 2023

With Twitter code in the wild, DevSecOps doubts surface

First, Twitter's source code was leaked. Then it open-sourced its ranking algorithm. Should we worry about the unintended consequences of “transparency”?

Read More about With Twitter code in the wild, DevSecOps doubts surface

With Twitter code in the wild, DevSecOps doubts surface

April 4, 2023

Docker's BuildKit adds attestation: How it works and key limitations

Here's what you need to know about BuildKit and its Supply Chain Levels for Software Artifacts (SLSA) provenance capabilities for SBOMs.

Read More about Docker's BuildKit adds attestation: How it works and key limitations

Docker's BuildKit adds attestation: How it works and key limitations

April 4, 2023

The 3CX breach was targeted — but the plan was broader

The compromise was limited to their app. But there's a bigger lesson: Supply chain security complacency comes with a cost.

Read More about The 3CX breach was targeted — but the plan was broader

The 3CX breach was targeted — but the plan was broader

April 3, 2023

Integrate threat hunting into SOC triage to mitigate software supply chain risk

Here's how robust threat hunting and malware analysis can enhance your triage process — and help you get a handle on software supply chain security.

Read More about Integrate threat hunting into SOC triage to mitigate software supply chain risk

Integrate threat hunting into SOC triage to mitigate software supply chain risk

March 30, 2023

Red flags flew over software supply chain-compromised 3CX update

The VOIP software company missed signs that its client had been tampered with before it pushed the update to customers.

Read More about Red flags flew over software supply chain-compromised 3CX update

Red flags flew over software supply chain-compromised 3CX update

March 30, 2023

The Week in Security: Twitter gets subpoena for source code leak, 3CX supply chain attack surfaces

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: Twitter gets subpoena for source code leak, 3CX supply chain attack surfaces

The Week in Security: Twitter gets subpoena for source code leak, 3CX supply chain attack surfaces

March 29, 2023

Do you trust AI to find app sec holes while you sleep?

Purr-fect? Or cat-astrophe? Microsoft wants you to cat nap as its Security Copilot combats software security threats.

Read More about Do you trust AI to find app sec holes while you sleep?

Do you trust AI to find app sec holes while you sleep?

March 28, 2023

How bulk pull requests help scale open source bug fixes

Flaws quickly spread across the supply chain. Here's how researchers at Alpha Omega and beyond are automating fixes.

Read More about How bulk pull requests help scale open source bug fixes

How bulk pull requests help scale open source bug fixes

March 27, 2023

VS Code hack shows how supply chain attacks can extend to other software development tools

A Visual Studio Code Extensions Marketplace flaw highlights the risk potential. Here's how the VS Code IDE can proliferate to npm.

Read More about VS Code hack shows how supply chain attacks can extend to other software development tools

VS Code hack shows how supply chain attacks can extend to other software development tools