Security Boulevard

It may feel like beating a dead horse to say it, but the threat of software supply chain attacks is increasing at an alarming rate. And, in fact, it can’t be said too often.

Two recent reports illustrate this point: The "2024 Verizon Data Breach Investigation Report" (DBIR) found that breaches stemming from third-party software development skyrocketed by 68% from what was reported in Verizon’s 2023 report. And ReversingLabs’ "State of Software Supply Chain Security 2024" report chronicled the dramatic rise in threats from open-source repositories (1300%), as well as a string of high-profile attacks on commercial software — from SolarWinds' Orion update that was released to thousands of firms and federal agencies in 2020 to the exposure of CircleCI users’ software secrets and the hack of VoIP vendor 3CX in 2023. 

As software producers, enterprise buyers, and other key stakeholders prepare their cybersecurity and risk management efforts for 2025, they should be looking for ways to prevent and quickly mitigate any and all software supply chain attacks. But modern enterprise security programs suffer from a sprawl of uncoordinated tools and continually fail at achieving software supply chain security (SSCS). This calls for a new era of SSCS management, one in which universal controls can prioritize the mitigation of these threats.

ReversingLabs is now introducing the Software Assurance Foundational Evaluation (SAFE) report as a part of RL Spectra Assure. This report is much more than the simple list of components that a software bill of materials (SBOM) provides, offering much-needed visibility into the risks and threats in the entire application or software binary, in context.

Here’s how Spectra Assure’s new SAFE Report works — and why the time for SAFE is now.

The post Why SAFE. Why Now. appeared first on Security Boulevard.

Authors/Presenters:Yiming Zhang, Yuxin Hu, Zhenyu Ning, Fengwei Zhang, Xiapu Luo, Haoyang Huang, Shoumeng Yan, Zhengyu He

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – SHELTER: Extending Arm CCA with Isolation in User Space appeared first on Security Boulevard.

2 min read Journey with us through the identity cosmos, where understanding and safeguarding both humans and non-humans is mission-critical.

The post The Enterprise Identity Universe: Users, Non-Humans, and Consumers [Infographic] appeared first on Aembit.

The post The Enterprise Identity Universe: Users, Non-Humans, and Consumers [Infographic] appeared first on Security Boulevard.

A primer on how to best prepare for the migration to PQC The United Nations has proclaimed 2025 the International Year of Quantum Science and Technology—and for good reason. Across the globe, the quantum community is making monumental strides toward building stable, commercially viable quantum computers. As the vision of quantum technology entering mainstream applications […]

The post 8 Essential Considerations for Post-Quantum Cryptography Migration appeared first on Security Boulevard.

MEDIA ADVISORY Presenters at Microsoft Booth 1240 will also show how Strata’s Maverics  “Disconnected Mode” enables identity continuity and maintains uninterrupted access to apps when internet connectivity is unavailable BOULDER, Colo., Aug. 1, 2024 — Strata Identity, the Identity Orchestration company, today announced that as a member of the Microsoft Intelligent Security Association (MISA) it...

The post Strata Identity to Demonstrate How to Modernize Legacy Identity Systems to Microsoft Entra ID at Black Hat 2024 appeared first on Strata.io.

The post Strata Identity to Demonstrate How to Modernize Legacy Identity Systems to Microsoft Entra ID at Black Hat 2024 appeared first on Security Boulevard.

This article is the fifth in a series of five covering key API security topics and provides some answers to common questions we often get when talking to potential customers. The series will cover the following topics: API Discovery API Posture Management Attack Protection API Security Testing Attack Detection and Threat Hunting (this article) API […]

The post Attack Detection and Threat Hunting – Common Topics We’re Asked About appeared first on Cequence Security.

The post Attack Detection and Threat Hunting – Common Topics We’re Asked About appeared first on Security Boulevard.

The post The Cyber Fallout: Navigating the Aftermath of a Credit Union Breach appeared first on Votiro.

The post The Cyber Fallout: Navigating the Aftermath of a Credit Union Breach appeared first on Security Boulevard.

Where to Begin With thousands of unfilled positions reported year over year, why is it so hard to get a […]

The post One Does Not Simply … Get a Cybersecurity Job appeared first on Security Boulevard.

Nisos
Building Trustworthy AI: Contending with Data Poisoning

As Artificial Intelligence (AI) and Machine Learning (ML) systems are adopted and integrated globally, the threat of data poisoning attacks remains...

The post Building Trustworthy AI: Contending with Data Poisoning appeared first on Nisos by Nisos

The post Building Trustworthy AI: Contending with Data Poisoning appeared first on Security Boulevard.

Revolutionizing security testing with continuous security validation.

The post Democratizing Defense: AttackIQ Flex 2.0 Empowers Every Organization appeared first on AttackIQ.

The post Democratizing Defense: AttackIQ Flex 2.0 Empowers Every Organization appeared first on Security Boulevard.

In the ultramodern, mercurial sphere of cybersecurity, somehow a 1700-year-old quote from Helena of Constantinople still deeply resonates. Even with seemingly robust defenses, the smallest vulnerability can be an open invitation for threats like AsyncRAT to infiltrate your system, underscoring the importance of continuous testing to ensure that your existing controls - your rat traps - are functioning effectively.

The post Rat Traps: Emulating AsyncRAT with AttackIQ Flex appeared first on AttackIQ.

The post Rat Traps: Emulating AsyncRAT with AttackIQ Flex appeared first on Security Boulevard.

One of the critical challenges that leading fintech companies like PayPal, Square, Google and many others face in this digital age is fraud. Traditionally, fraud detection relies on each company analyzing its own user data in a centralized manner. These systems often lack visibility into fraud attacks occurring on other platforms, resulting in reactive rather..

The post Join the Fight: Calling Fintech Leaders to Unite With Federated Learning for Superior Fraud Detection appeared first on Security Boulevard.

Season 3, Episode 11: Vulnerability management is critical to any Zero Trust strategy, but you probably already know that. Fortra’s Tyler Reguly breaks down severity vs. risk.

The post Applying Vulnerability Management to Zero Trust: Insights from Fortra’s Tyler Reguly appeared first on Security Boulevard.

Artifact integrity is crucial in maintaining software security and trustworthiness. High-profile breaches like SolarWinds, CodeCov, 3CX, and JumpCloud have shown how altering artifact contents can lead to significant security vulnerabilities, enabling attackers to infiltrate and compromise software supply chains. This is the first in a series of blog posts about the importance of artifact integrity, ... Read more

The post Securing Artifacts: Keyless Signing with Sigstore and CI/MON appeared first on Cycode.

The post Securing Artifacts: Keyless Signing with Sigstore and CI/MON appeared first on Security Boulevard.

In October 2023, Google announced the launch of kvmCTF, a new vulnerability reward program (VRP) designed to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor. This innovative program comes with bounties of up to $250,000 for full VM escape exploits, marking a significant step in fortifying virtual machine (VM) environments against zero-day vulnerabilities. […]

The post kvmCTF: Google’s $250K Bounty for KVM Zero-Day Vulnerabilities appeared first on TuxCare.

The post kvmCTF: Google’s $250K Bounty for KVM Zero-Day Vulnerabilities appeared first on Security Boulevard.

This Article Insider Risk Digest: July was first published on Signpost Six. | https://www.signpostsix.com/

Welcome to this month’s Insider Risk Digest. This month, we explore a range of insider threats affecting sectors from government to entertainment and pharmaceuticals. Highlights include potential espionage in critical infrastructure projects, a former CIA analyst’s espionage charges, and significant corporate breaches at Disney and Roche. We also examine ethical controversies at OpenAI and organized […]

This Article Insider Risk Digest: July was first published on Signpost Six. | https://www.signpostsix.com/

The post Insider Risk Digest: July appeared first on Security Boulevard.

Two-plus decades of enduring wave after wave of mobile app malware and fraud has finally taken its toll on users.

Now comes a global survey from Appdome and OWASP that reveals the vast majority of consumers are fed up.

I … (more…)

The post Black Hat Fireside Chat: Consumers demand secure mobile apps; it’s high time for brands to deliver first appeared on The Last Watchdog.

The post Black Hat Fireside Chat: Consumers demand secure mobile apps; it’s high time for brands to deliver appeared first on Security Boulevard.

If you’ve landed here, chances are you know just how challenging getting SOC 2 certification can be. Dealing with manual processes, spreadsheets, and endless piles of documentation can feel like a never-ending battle.  I get it—it’s overwhelming and inefficient. In your search for a more streamlined approach, you’re likely looking for a solution beyond SOC […]

The post Best 5 SOC 2 Compliance Software in 2024 appeared first on Centraleyes.

The post Best 5 SOC 2 Compliance Software in 2024 appeared first on Security Boulevard.

As per recent media reports, two Russian nationals have pleaded guilty in a United States (US) court for affiliate participation in the LockBit ransomware attacks. The two individuals part of the LockBit ransomware scheme have been identified as Ruslan Magomedovich Astamirov and Mikhail Vasiliev. In this article, we’ll dive into the details of the plea […]

The post LockBit Ransomware: Two Russians Plead Guilty For Attacks appeared first on TuxCare.

The post LockBit Ransomware: Two Russians Plead Guilty For Attacks appeared first on Security Boulevard.

Stay Safe Online: 5 Essential Tips for World Wide Web Day
josh.pearson@t…
Thu, 08/01/2024 - 07:00

World Wide Web Day is celebrated each year on the first of August, marking the day the Internet was first made available to the public in 1991. The day provides an opportunity to reflect on the web's impact on our lives and to celebrate the creativity and genius of Sir Tim Berners-Lee and the many others who have contributed to its development.

However, it's also a crucial reminder to ensure our online safety. As our digital lives increasingly intertwine with our real-world identities, we leave a trail of personal information on the internet. Cyber threats such as phishing, identity theft, and malware attacks are ever-present dangers that can compromise our privacy and security.

Data Security Identity & Access Management Compliance Insider Threat Andrew Gertz | Senior Manager, Web and Digital Marketing, Thales
More About This Author >

World Wide Web Day is celebrated each year on the first of August, marking the day the Internet was first made available to the public in 1991. The day provides an opportunity to reflect on the web's impact on our lives and to celebrate the creativity and genius of Sir Tim Berners-Lee and the many others who have contributed to its development.

However, it's also a crucial reminder to ensure our online safety. As our digital lives increasingly intertwine with our real-world identities, we leave a trail of personal information on the internet. Cyber threats such as phishing, identity theft, and malware attacks are ever-present dangers that can compromise our privacy and security.

So, as we celebrate World Wide Web Day, let's reflect on the importance of protecting ourselves in the digital landscape and explore five essential tips to secure our personal information.

Weaving a Cyber Safety Net

Having a robust anti-malware solution is vital. As we celebrate the power of the internet to connect people and share information, we must also acknowledge the vulnerabilities that come with this connectivity. Cyber threats like viruses, spyware, and ransomware constantly evolve, posing significant risks to personal data, privacy, and device functionality.

An effective anti-malware solution is a critical defense, safeguarding our digital environments from malicious attacks. By ensuring robust protection against malware, we can enjoy the benefits of the web while maintaining the security and integrity of our online presence.

Two is Better Than One

Two-factor authentication (2FA) is one of the most effective ways to enhance online security. It adds an extra layer of protection to your accounts by requiring two forms of verification before granting access.

Typically, this involves using two of the three common authentication mechanisms: something you know (like a password), something you have (like a smartphone), and something you are (like a fingerprint).

By enabling 2FA, even if a bad actor manages to obtain your password, they will still need the second factor to access your account. Many online services, including email providers, social media platforms, and financial institutions, offer 2FA options. Activating this feature dramatically cuts the risk of unauthorized access and helps safeguard your personal information.

Safeguard Your Digital Self

Your digital identity is a combination of personal information, such as your name, address, birth date, and social security (or another form of government ID) number, used to identify you online. Protecting this information is key to preventing identity theft and fraud.

To protect your digital identity, avoid sharing sensitive information on public forums or social media platforms. Be cautious of unsolicited requests for personal details and verify the source's legitimacy before providing any information.

Remember that attackers are cunning and use clever social engineering techniques to exploit human psychology and manipulate us into giving out confidential information. This trick can often be recognized by unsolicited requests for sensitive data, an urgent tone, or an offer that seems too good to pass up. Follow the rule of thumb that if something looks too good to be true, it is.

Click with Caution

Cybercriminals have many weapons in their arsenal. They use phishing tactics to trick people into clicking on malicious links or opening malware-ridden attachments. Learning to recognize suspicious activity is crucial for protecting yourself online.

Be wary of unexpected emails, messages, or phone calls requesting personal information or urging you to click on a link. Look for red flags such as poor grammar, generic greetings, and unfamiliar sender addresses. If something seems off, verify the authenticity of the communication by contacting the organization directly through official channels.

Understanding common cyber threats can help you identify and avoid scams. Trust your instincts and always err on the side of caution when dealing with unsolicited communications.

Scrub the Cyber Grime

Good cyber hygiene is key. It involves adopting regular practices and habits to maintain the security and health of your online environment. These practices can significantly reduce your vulnerability to cyber threats.

Start by using strong, unique passwords for each of your accounts. Avoid using easily guessable information, such as birthdays or common words, and consider using a mix of letters, numbers, and symbols.

Regularly change your passwords and avoid reusing old ones. Consider using a password manager if you feel you will become overwhelmed with a large number of complex passwords that need to be securely stored and easily accessible. Additionally, it's wise to gradually transition to using passkeys, as more and more service providers support this authentication method.

Keeping your software up to date is vital for maintaining online security. Software updates often include patches for security vulnerabilities that malefactors can exploit. Whether it's your operating system, web browser, or any other application, staying updated ensures you have the latest protections against cyber threats. Enable automatic updates whenever possible to ensure you don't miss critical patches.

Enjoying the Digital World

As we celebrate World Wide Web Day, we must remember the importance of online safety. The internet offers immense benefits, but it also presents significant risks. You can enjoy the digital world by implementing robust solutions, enabling 2FA, protecting your digital identity, updating software regularly, recognizing suspicious activity, and practicing good cyber hygiene while keeping your personal information secure.

Thales offers an extensive portfolio of solutions designed to help you safeguard your digital lives. Its advanced encryption technologies, secure authentication methods, and data protection services ensure that sensitive information remains safe from unauthorized access. Thales' solutions are trusted by businesses worldwide to secure everything from financial transactions to personal communications.

Additionally, Thales integrates Imperva’s robust anti-malware protections, providing an extra layer of security against malicious attacks. Together, these comprehensive security measures empower individuals and companies to protect their digital identities and assets with confidence.

Stay safe, stay informed, and take proactive steps to protect yourself online. Happy World Wide Web Day!

Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"headline": "Stay Safe Online: 5 Essential Tips for World Wide Web Day",
"description": "In celebration of World Wide Web Day, Thales shares five essential tips to ensure online safety, covering topics from anti-malware solutions to two-factor authentication and good cyber hygiene.",
"datePublished": "2024-08-01",
"author": {
"@type": "Person",
"name": "Andrew Gertz",
"url": "https://cpl.thalesgroup.com/blog/author/agertz",
"sameAs": "https://www.linkedin.com/in/andrewgertz/"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.facebook.com/ThalesCloudSec",
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"mainEntityOfPage": {
"@type": "WebPage",
"@id": "https://cpl.thalesgroup.com/blog/data-security/stay-safe-online-5-essential-tips"
}
} studio THALES BLOG Stay Safe Online: 5 Essential Tips for World Wide Web Day

August 1, 2024

The post Stay Safe Online: 5 Essential Tips for World Wide Web Day appeared first on Security Boulevard.