Why supply chain risk management is a top priority

Thursday, June 30, 2022

If you’re selling to the federal government, you need to take a closer look at your supply chain risk management process. The software supply chain is, as most of us know by now, both a blessing and a curse. It’s an amazing, labyrinthine, complex (some would call it messy) network of components that, when it …

Tech tales: Achieving PCI compliance with application security testing

Thursday, June 16, 2022

In our new tech tales series, we discuss how Synopsys customers use our products and services to uncover security risks in their organization. Synopsys customers span every industry—from small to large enterprises across financial services, automotive, public sector, medical and healthcare, and much more. One thing they all have in common is building trust into their software. Synopsys offers integrated …

2022 OSSRA report

2022 OSSRA discovers 88% of organizations still behind in keeping open source updated

Thursday, May 05, 2022

Open source is everywhere, as is the need to properly manage it. Get the latest open source trends from the 2022 OSSRA report. It’s the time of the year when Spring is springing, and we release the annual Synopsys Open Source Security and Risk (OSSRA) report, with the 7th edition of OSSRA out this week. This year’s …

Apache log4j uses

How Lattix handled the Log4j security vulnerability

Thursday, March 03, 2022

“The log4j vulnerability is the most serious vulnerability I have seen in my decades-long career”, Jen Easterly US Cybersecurity and Infrastructure Security Agency Director Log4j is a Java-based logging utility part of the Apache logging services. This is a popular logging tool used in tens of thousands of software packages. Google estimates that 8% of Maven Central Repository was …

Fintech cybersecurity

Cybersecurity Trends in Fintech

Thursday, March 04, 2021

The year 2020 will go down in history as being a year of uncomfortable changes. Just about everyone was forced to approach aspects of personal and professional life differently, from buying groceries to conducting business to maintaining safe interactions with others. Fortunately, existing technology and service offerings allowed us to make adjustments and work through …

Solarwinds Hack Timeline

A Timeline of the Solarwinds Hack: What We’ve Learned

Thursday, January 28, 2021

The SolarWinds hack was a major security breach that affected over 3,000 SolarWinds customers, including major corporations like Cisco, Intel, Cox Communications, and Belkin. Also impacted were multiple US states and government agencies including the US Department of State and the US Department of Homeland Security. The attack, dubbed SUNBURST, involved inserting malicious code into SolarWinds’s Orion Platform software. This …

Firmware vulnerabilities

What Makes Firmware Vulnerabilities So Deadly?

Tuesday, November 03, 2020

Simply put, firmware is low-level software usually stored in a near-silicon form (ROM, EEPROM, or flash memory) that is used during the initial steps of bootstrapping and starting up a computer, printer, or some other kind of electronic device. Alternatively, firmware may serve to drive device-level communications with other components in a computer or other …

web app security

The Cyberthief’s New Best Friend: Web Apps

Thursday, September 03, 2020

Web apps are now one of the top favorites—if not the absolute favorite—means of attack by cyberthieves, based on the latest Verizon Data Breach Investigations Report, which examined 41,686 security incidents, including 2,013 confirmed data breaches. The data came from 73 sources of data accessed by the carrier, only seven of which were internal to …

looking into a crystal ball

Cybersecurity Predictions for 2020

Thursday, July 09, 2020

Just like New Year’s resolutions, a lot of people make predictions — but not everyone follows up on them. Last year, we looked into the 2019 crystal ball and tried to predict the trends concerning cybersecurity for that year. Now that it’s 2020, let’s review those predictions to see how well we did, and make some new …

Kiuwan cybersecurity tool

Cybersecurity: How Safe are Voice Assistants?

Thursday, June 04, 2020

This new age in Artificial Intelligence is fascinating- and terrifying too. From ubiquitous digital assistants like Siri and Alexa to usage on factory floors, the impact of AI is by all means dizzying. Your cell phone mostly features a voice assistant. At best, Apple’s Siri- for instance- may seem like a “naïve” helper that can check weather …