Linux Security Study Reveals When, How You Patch Matters
Computer security only happens when software is kept up to date. That should be a basic tenet for business users and IT departments. Apparently, it isn’t. At least for some Linux users who ignore installing patches, critical or otherwise.
Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here's how we think of them at GitHub.
Amazon Web Services (AWS) Lambda, serverless computing's poster child, is over seven years old and only now has experienced the first malware specifically targeting Lambda, Denonia
When few developers see security it as their responsibility, how do you build a culture to support a zero trust strategy in your organization? #security #DevSecOps #zerotrust
PKI has created a global trust framework for the web. But the war in Ukraine has shone a light on its weaknesses. Hierarchies are not good architectures for building robust, trustworthy, and stable digital systems.
Provisional authenticity and confidentiality can help us manage the trade offs between privacy and authenticity to support online accountability along with functional privacy.
Software Supply Chain Security: Tearing Down the Silos
Both application and infrastructure security are required to keep a cloud native system safe. A single solution can integrate both to foil hackers. #DevSecOps #security
The 3 S’s of Software Supply Chain Security: SBOMs, Signing, Slimming - The New Stack
At Slim.AI, the cloud-native startup I founded with my longtime colleague and creator of the DockerSlim open-source project Kyle Quest, we believe we must address the problem of WHAT gets shipped to production, not just how fast or how frequently teams can deploy.
Report: Recent 10x Increase in Cyberattacks on Ukraine
As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks…
Conti Ransomware Group Diaries, Part IV: Cryptocrime
Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. The candid messages revealed how Conti evaded law enforcement and intelligence agencies,…
Conti Ransomware Group Diaries, Part III: Weaponry
Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang dealt with its own internal breaches. Part II explored what it's like to be an employee of Conti's sprawling organization. Today's…
Conti Ransomware Group Diaries, Part II: The Office
Earlier this week, a Ukrainian security researcher leaked almost two years’ worth of internal chat logs from Conti, one of the more rapacious and ruthless ransomware gangs in operation today. Tuesday’s story examined how Conti dealt with its own internal…