Developers are spending significantly more time, and companies are spending 28K per developer each year on security-related tasks, such as manual application scan reviews, context switching, and secrets detection, among other things. This was revealed by JFrog, the Liquid Software company and developers of the JFrog Software Supply Chain Platform. The company released the results of an IDC survey called: “The Hidden Cost of DevSecOps: A Developer’s Time Assessment,” sponsored by JFrog. It showed that 50% of senior developers, team leaders, product owners and development managers experienced a significant increase in the number of hours spent weekly on software security-related tasks, detracting from their ability to innovate, build,…
Author: ISB Staff Reporter
In the dynamic world of software development, security challenges are advancing at a rapid pace. Black Duck’s 2024 “Global State of DevSecOps” report examines the evolving trends and concerns in application security, drawing insights from a survey of over 1,000 professionals across diverse industries and countries. Key DevSecOps Security Priorities The report identifies three primary security priorities for organizations: A Heightened Focus on Sensitive Data Protection As security threats grow in complexity, protecting sensitive data remains a primary concern for entities handling critical information. The report highlights that 43% of applications in software development, 46% in finance, and 38% in…
VIPRE Security Group, a cybersecurity, privacy, and data protection company, has debuted a combined VIPRE Endpoint EDR+MDR package. This managed protection package provides organisations of all sizes with cost-effective, advanced, and around-the-clock endpoint security. For managed service providers (MSPs), this solution provides a genuine opportunity for portfolio expansion to offer Managed Detection & Response (MDR) services to customers. With this solution, entities receive top-tier Endpoint Detection & Response (EDR) capabilities such as threat detection, DNS protection, ransomware rollback, patch, and vulnerability management – alongside a fully managed threat incident response led by an experienced forensics team. This includes 24x7x365 coverage…
Akamai researchers have identified a critical vulnerability in the Common Unix Printing System (CUPS) that could allow malicious actors to initiate powerful distributed denial-of-service (DDoS) attacks with minimal resources. Approximately 58,000 exposed devices are potentially at risk, posing a serious threat to internet stability. This discovery adds to the growing list of vulnerabilities in outdated technology that can be abused by malefactors. The Akamai team revealed that over 198,000 devices connected to the internet are vulnerable to this type of attack, with around 34% of these, or roughly 58,000 devices, susceptible to DDoS abuse. Exploit Details and Impact The exploit,…
CloudSEK, a provider of AI-driven cybersecurity solutions, has debuted Deep Fake Detection Technology, which is now available for free. The company says this initiative is part of its commitment to providing society with resources to combat cybercrime. Advanced Deep Fake Detection Technology CloudSEK has developed an advanced DeepFake Detector designed to identify and mitigate the risks of deep fake content. The technology calculates an overall Fakeness Score by integrating several sophisticated analyzers: Promoting Cybersecurity Awareness By offering this technology for free, CloudSEK aims to enhance the cyber resilience of the digital world and help people and companies protect themselves against the growing…
Check Point Software, a cybersecurity solutions provider, has acquired Cyberint Technologies, a company specializing in external risk management solutions. This marks Check Point’s third startup acquisition within the past year. Through this acquisition, Check Point will enhance its Security Operations Center (SOC) capabilities and broaden its managed threat intelligence services, strengthening its ability to protect organizations from a broader range of threats. According to reports, the acquisition is valued at around $200 million in shares and cash. Cyberint employs over 170 people across Israel, the USA, and Asia, and once the deal is closed, which is expected to close by…
A staggering 80% of manufacturing companies have critical vulnerabilities, putting them at heightened risk of cyberattacks. This was one of the findings of Back Kite’s 2024 report, The Biggest Third-Party Risks in Manufacturing. Black Kite is a third-party cyber risk intelligence business. The findings stem from an analysis of nearly 5,000 companies across 10 manufacturing sub-industries, highlighting the extensive third-party risk landscape in the sector. As manufacturing rapidly adopts digital technologies, it has become a prime target for cyberattacks. Cybercriminals are exploiting the sector’s expanding digital footprint, with defense strategies often lagging behind the growing attack surface. Given the sector’s…
In a significant move against one of the world’s most notorious cybercrime groups, the UK has sanctioned 16 individuals linked to Evil Corp, a criminal organization with ties to the Russian state. Among those newly exposed is a key affiliate of the LockBit ransomware group. Australia and the United States have also imposed sanctions, with the US unsealing an indictment against a prominent member of the group. The UK’s National Crime Agency (NCA) played a pivotal role in uncovering Evil Corp’s extensive criminal network. Once a Moscow-based family financial crime group, Evil Corp expanded into cybercrime, reportedly extorting at least…
University Medical Center (UMC) is still grappling with the aftermath of a ransomware attack that occurred last Thursday. The attack caused a widespread IT outage and forced the diversion of emergency and non-emergency patients to nearby facilities. While some services have been restored, the full impact of the attack remains uncertain as the hospital works to recover. The ransomware attack, first detected on 26 September, has left UMC’s systems crippled, impacting critical operations, including the diversion of ambulances away from the hospital’s emergency room, despite the ER remaining open to the public. “Out of an abundance of caution, we are…
A recent investigation by Bitsight TRACE has uncovered several critical 0-day vulnerabilities in six Automatic Tank Gauge (ATG) systems from five different vendors. These vulnerabilities are substantial real-world threats, with the potential for exploitation by malicious actors, leading to severe consequences such as physical damage, environmental harm, and financial losses. Even more alarming is that, despite repeated warnings, thousands of ATGs remain online and directly accessible via the internet, making them highly vulnerable to cyberattacks, particularly in sabotage or cyberwarfare contexts. Industrial Control Systems (ICS) form the backbone of modern critical infrastructure, with ATG systems playing a key role in…