In this Help Net Security interview, William Booth, director, ATT&CK Evaluations at MITRE, discusses how CISOs can integrate regulatory compliance with proactive risk management, prioritize spending based on threat-informed... Read more »
Dependency-Check is an open-source Software Composition Analysis (SCA) tool to identify publicly disclosed vulnerabilities within a project’s dependencies. The tool analyzes dependencies for Common Platform Enumeration (CPE) identifiers. When... Read more »
Advanced Data Protection (ADP) secures iCloud data with end-to-end encryption. This ensures that no one, not even Apple, can access the encrypted data, which remains secure even in the... Read more »
11 state-sponsored APTs exploit malicious .lnk files for espionage and data theft, with ZDI uncovering 1,000 such files used in attacks. At least 11 state-sponsored threat groups have been... Read more »
Google’s agreement to buy cloud security startup Wiz will face antitrust scrutiny amid Alphabet’s ongoing legal battles. Read more »
Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government organizations. Cybersecurity firm Veriti reports that threat actors are... Read more »
Static Application Security Testing (SAST) found favor among security teams as an easy way to deploy security testing without really engaging developers. With the ability to analyze source code... Read more »
CyCognito announced new capabilities designed to improve both security operations automation and risk visibility. These new features speed security operations by making assets easier to identify and attribute to... Read more »
Whistic announced the next generation of its Assessment Copilot, a third-party risk management (TPRM) solution that integrates AI into the vendor assessment process for a fully automated workflow. With... Read more »
