Newly developed cybersecurity guidelines from the U.S. Department of Treasury, Cybersecurity and Infrastructure Security Agency, National Security Agency, and the FBI tackling open source software usage in industrial control systems and operational technology environments have recommended not only up-to-date patches and security updates for all OT and IT systems but also the application of "secure-by-design" and "secure-by-default" philosophies in software development, reports SecurityWeek.
What if all these recommendations to shift left were more about shifting focus? It's all too easy to become preoccupied with vulns, whether figuring out how to find them earlier in the SDLC or spending time fixing them within specific number of days. Successful DevSecOps approaches can be so much more than just vulns and so much more than just tool...
Anticipating Curl's upcoming patch for a high severity flaw, the Looney Tunables flaw in Glibc, ShellTorch flaw hits PyTorch and lots of AI, lessons from some X.Org security patches, eBPF security, and more!
On this week's news segment, we go down a bit of a rabbit hole on data lakes and have a GREAT conversation about where security data wrangling might or might not go in the future. We also discuss Nord Security's funding and $3B valuation, try to figure out what Synqly is doing, and discuss IronNet's demise.
We also find out which email solution is...
Microsoft's Teams, Edge, and Skype have been given emergency updates to address zero-day vulnerabilities impacting the WebP code library or lilwebp, tracked as CVE-2023-4863, and the libvpx video codec library, tracked as CVE-2023-5217, both of which could be exploited to achieve arbitrary code execution, reports BleepingComputer.
Communication is a skill that doesn't appear on top 10 lists, rarely appears as a conference topic, and doesn't appear enough on job requirements. Yet communication is one of the critical ways that security teams influence developers, convey risk, and share knowledge with others. Even our own Security Weekly site falls a little short with only a po...