11 matches found
Bluspark BLUVOYIX 安全漏洞
Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from a flaw in the design of the email sending API, which could lead to an attacker sending unsolicited emails to anyone on behalf of the...
Bluspark BLUVOYIX 安全漏洞
Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. A security vulnerability exists in Bluspark BLUVOYIX that stems from the exposure of sensitive internal API documentation, which could lead to an attacker abusing internal functionality to compromise the...
What is DevSecOps and Why is it Essential for Secure Software Delivery?
Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle either right before or after a service is deployed, the ensuing process of compiling and fixing vulnerabilities creates massive...
Cybercrime (and Security) Predictions for 2023
Threat actors continue to adapt to the latest technologies, practices, and even data privacy laws—and it's up to organizations to stay one step ahead by implementing strong cybersecurity measures and programs. Here's a look at how cybercrime will evolve in 2023 and what you can do to secure and...
Scribe Platform: End-to-end Software Supply Chain Security
As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever to build transparent trust in the software they deliver or use. In fact, in Gartner recently published their 2022 cybersecurity predictions - not only do they...
No Damsels in Distress: How Media and Entertainment Companies Can Secure Data and Content
Streaming is king in the media and entertainment industry. According to the Motion Picture Association’s Theatrical and Home Entertainment Market Environment Report, the global number of streaming subscribers grew to 1.3 billion in 2021. Consumer demand for immediate digital delivery is...
What Are Shadow IDs, and How Are They Crucial in 2022?
Just before last Christmas, in a first-of-a-kind case, JPMorgan was fined $200M for employees using non-sanctioned applications for communicating about financial strategy. No mention of insider trading, naked shorting, or any malevolence. Just employees circumventing regulation using, well, Shado...
Securing the software supply chain, with Kim Lewandowski: Lock and Code S03E13
At the start of the global coronavirus pandemic, nearly everyone was forced to learn about the "supply chain." Immediate stockpiling by an alarmed and from a smaller share, opportunistic public led to an almost overnight disappearance of hand sanitizer, bottled water, toilet paper, and face masks...
The New Frontier of Enterprise Risk: Nth Parties
By Ran Nahmias, Co-Founder and CBO, Cyberpion The concept of risk in enterprise IT is constantly evolving. And considering recent findings, it’s clear that there’s a risk frontier that’s been underestimated – Nth party risk. Traditional enterprise risk management has focused on two domains:...
Rooster Teeth Attack Showcases New Magecart Approach
The online store for the Rooster Teeth video-streaming service has been hit with a malicious web redirect attack by Magecart, which allowed the cybercriminals to harvest users’ payment-card details. The attack marks a slight departure from the group’s typical tactics. Rooster Teeth, which offers...
Save Time by Streamlining Vendor Risk Assessments in the Cloud
As your organization enthusiastically adopts cloud and mobile services from multiple new vendors, are your already-busy security and compliance teams scrambling to assess the risks of using these new providers’ products? Are you still using a manual process for conducting these vendor evaluations...