News July 19, 2023

The MOVEit breach impact and fallout: How can you respond?

4 min read - The MOVEit breach could be the most devastating exploitation of a zero-day vulnerability ever, and the effects continue to ripple across the globe. The widely used file-transfer program’s vulnerability has led to new victims coming forward weekly. Recently, the New…

Application Security July 17, 2023

The top 10 API security risks OWASP list for 2023

5 min read - As more organizations rely on the automation and scale that web applications and connected services provide, application programming interface (API) security has become imperative. In just the last year alone, unique attackers targeting customer APIs grew by 400%, proving that…

Risk Management June 28, 2023

A software bill of materials helps secure your supply chain

6 min read - The software supply chain involves developing, maintaining and distributing software to end users. To enhance the functionality of the software being developed, developers frequently depend upon open-source components and libraries. These can be sourced from external vendors like Docker images…

Network June 23, 2023

Easy configuration fixes can protect your server from attack

4 min read - In March 2023, data on more than 56,000 people — including Social Security numbers and other personal information — was stolen in the D.C. Health Benefit Exchange Authority breach. The online health insurance marketplace hack exposed the personal details of Congress…

Risk Management June 14, 2023

CISA’s known vulnerabilities impact 15M public services

4 min read - CISA’s Known Exploited Vulnerabilities (KEV) catalog is the authoritative source of information on past or currently exploited vulnerabilities. In a new report, the Rezilion research team analyzed vulnerabilities in the current KEV catalog. The results revealed a whopping 15 million…

News May 22, 2023

Google’s bug bounty hits $12 million: What about the risks?

4 min read - Bug bounty numbers have never been better. In 2022, Google rewarded the efforts of over 700 researchers from 68 different countries who helped improve the security of the company’s products and services. The total amount of awards grew from $8.7…

Risk Management May 18, 2023

Is patching the holy grail of cybersecurity?

4 min read - A proactive approach to cybersecurity includes ensuring all software is up-to-date across assets. This also includes applying patches to close up vulnerabilities. This practice minimizes risk, as it eliminates outdated software versions in the process. Does this make patching a…

Data Protection March 23, 2023

Cybersecurity 101: What is attack surface management?

3 min read - There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface…

Risk Management February 24, 2023

With 40% of Log4j downloads still vulnerable, security retrofitting needs to be a full-time job

4 min read - Vulnerabilities like Log4j remain responsible for security breaches a full year after the discovery of the flaw. In the months after widespread reporting about the vulnerability, 40% of Log4j downloads remained vulnerable to exploitation. Rapid response — by both security…

Risk Management January 23, 2023

Log4j forever changed what (some) cyber pros think about OSS

4 min read - In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath…