Search Results: Log4j

Should Log4Shell Still Keep CISOs Up at Night?

Invicti's Dan Murphy explains why CISOs shouldn't be worried about Log4Shell's impact, months after the Log4j threat.

June 7, 2022 Dan Murphy Leave a Comment

In December 2021, the Apache Software Foundation disclosed that the popular Log4j framework contained a critical vulnerability that allowed remote code execution (RCE).  It caused a security earthquake, keeping many CISOs up at night. The aftershocks are still felt. The vulnerability, known as Log4Shell, was extremely easy to exploit. Put simply, it allowed any malicious […]

K2 Cyber Security Wins Global InfoSec Award for “Hot Company in Application Vulnerability Detection” at RSA Conference 2022

June 7, 2022 TechDecisions Staff Leave a Comment

SAN JOSE, Calif.–(BUSINESS WIRE)–K2 Cyber Security, pioneer of the next generation in application security, today announced that the Company has been recognized by Cyber Defense Magazine as a “Hot Company in Application Vulnerability Detection.” The K2 Security Platform offers a breakthrough solution to improve application vulnerability detection and remediation during both pre-production testing and application […]

MITRE’s New “System of Trust” Protects Vulnerable Supply Chains

June 6, 2022 TechDecisions Staff Leave a Comment

SAN FRANCISCO–(BUSINESS WIRE)–Tomorrow at the RSA 2022 Conference, MITRE will unveil its new “System of Trust,” a framework to provide a comprehensive, community-driven, knowledge base of supply chain security risks and a customizable, security-risk assessment process for use by any organization within the supply chain ecosystem. For the first time, there’s a free and open […]

Static SBOMs vs Dynamic SBOMs

While more organizations recognize that they need an SBOM, dynamic SBOMS are far superior than static ones.

June 6, 2022 Liran Tancman Leave a Comment

Since the federal government mandate calling for the creation of a software bill of materials (SBOM) to avoid the next SolarWinds or Log4j exposures, software providers have been scrambling to figure out how to create SBOMs that are both effective and dynamic, given that software changes over time. Bills of material have long been standard […]

SimSpace Unveils Expanded Open Cyber Range Platform at RSA Conference

June 6, 2022 TechDecisions Staff Leave a Comment

Platform to Help Validate Cybersecurity Mesh Architecture with expanded environments for Cloud, Critical Infrastructure, and OT/IoT; Increased Coverage of Security Vendors; New Automated Attack Scenarios and Training Options SAN FRANCISCO–(BUSINESS WIRE)–SimSpace, the leading cybersecurity risk management platform company, today unveiled new updates to its award-winning cyber range to deliver the most comprehensive open platform for […]

How the IT Industry is Securing Open-Source Software

The IT industry and the U.S. government have outlined a 10-step plan to secure open-source software and the IT supply chain.

May 16, 2022 Zachary Comeau Leave a Comment

The IT industry and the U.S. government have outlined a 10-step plan to ensure the security of open-source software and the IT supply chain after a series of supply chain attacks and open-source software vulnerabilities were discovered in recent years. The plan is designed to secure the production of open-source software, improve vulnerability discovery and […]

12 Threat Detection Trends IT Pros Should Know

Red Canary's 2022 Threat Detection Report covers the most prominent trends of 2021, and shows major themes that may prelude 2022.

April 29, 2022 TD Staff Leave a Comment

Red Canary, the Denver-based managed detection and response (MDR) provider performed an analysis of emerging and significant trends that its cybersecurity team encountered over the past year. Its annual 2022 Threat Detection Report covers the most prominent trends of 2021 and shows major themes that may prelude into 2022. Last year,  ransomware groups (Sodinokibi/REvil, BlackMatter, […]

Fidelis Cybersecurity Active XDR Platform Expands to Open XDR

April 26, 2022 TechDecisions Staff Leave a Comment

Faster, Stronger Detection, Deception and Response Quickly Neutralizes Advanced Threats BETHESDA, Md.–(BUSINESS WIRE)–#Cybersecurity–Fidelis Cybersecurity, the industry innovator in Active eXtended Detection and Response (XDR) solutions trusted by Fortune 100 firms and government organizations worldwide, announced a more robust and open XDR platform with improvements to its leading Network Detection and Response (NDR) and Deception solutions. […]

DHS’ First Bug Bounty Program Nets 122 Vulnerabilities

Hack DHS, the Department of Homeland Security's first bug bounty program, uncovers 27 critical-rated vulnerabilities.

April 25, 2022 Zachary Comeau Leave a Comment

The U.S. Department of Homeland Security says its first bug bounty program, Hack DHS, has resulted in the disclosure of more than 120 vulnerabilities, and 27 of them were determined to be critical. The Department of Homeland Security (DHS) launched the agency’s first bug bounty program in December 2021 in an attempt to find and […]

Finite State Launches New Solution for Asset Owners, Illuminating Blindspots in the Connected Device Supply Chain

April 18, 2022 TechDecisions Staff Leave a Comment

Maintain continuous software supply chain transparency through automated, comprehensive risk assessments that give teams full-spectrum visibility into the security state of devices MIAMI–(BUSINESS WIRE)–Finite State, the product security leader for connected devices, is launching Finite State for Asset Owners at the S4x22 Conference. The purpose-built solution automates and solves the complex challenges asset owners face […]