Israel-based startup Oligo Security is exiting stealth mode with the public launch of its namesake software, offering a new wrinkle in library-based application security monitoring, observability, and remediation. Utilizing a technology called extended Berkeley Packet Filter (eBPF), it is able to provide agentless code security coverage.

Given the prevalence of open source code in modern software — Oligo contends that it accounts for something like 80% or 90% — there is a need for software composition analysis solutions that can check code for potential vulnerabilities. The current generation of solutions, however, is “noisy,” according to Oligo. It tends to produce a lot of false positives, and doesn’t contextualize alerts within a given runtime. The latter tendency is unhelpful for setting remediation priorities.

To read this article in full, please click here

Read More

Persistent cybercrime and industry trends will likely continue to drive increases in prices for cyber insurance. Here’s what this means for you.

Read More

As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work that would otherwise require significant effort and potentially drain in-house resources to those who can do it for you.

The use of third-party services can also come with significant—often unforeseen—risks. Third parties can be a gateway for intrusions, harm a company’s reputation if a service malfunctions, expose it to financial and regulatory issues, and draw the attention of bad actors from around the world. A poorly managed breakup with a vendor can also be perilous, resulting in the loss of access to systems put in place by the third party, loss of custody of data, or loss of data itself.

To read this article in full, please click here

Read More

Towards the end of last year, malicious hackers broke into the systems of Pepsi Bottling Ventures, the largest privately-owned bottler of Pepsi-Cola beverages in the USA, and installed malware.

For almost the month the malware secretly exfiltrated personally identifiable information (PII) from the company’s network.

Read more in my article on the Hot for Security blog.

Read More

Descope has launched its first product, a platform designed to help developers add authentication and user management capabilities to their business-to-consumer and business-to-business applications. The software as a service is available now. Developers can access the product free of charge for up to 7,500 monthly active uses for B2C applications and up to 50 tenants for B2B apps. Beyond these there is a US$0.10 per user and US$20 per tenant.

The Descope platform aims to make it easier to build passwordless authentication, according to the company. Descope says the new product allows organizations to:

Create authentication flows and user-facing screens using a visual workflow designer.
Seamlessly add a variety of passwordless authentication methods to apps such as magic links, biometrics and passkeys (based on WebAuthn), authenticator apps, and social logins.
Validate, merge, and manage identities across the user journey.
Get business apps enterprise-ready with single sign-on (SSO), access control, tenant management, and automated user provisioning.
Enhance user protection by easily enabling multi-factor authentication (MFA), step-up, or biometric authentication within applications.

Descope’s platform offers different integration options: a no-code workflow builder and screen editor, a set of client and backend SDKs, and comprehensive REST APIs.

To read this article in full, please click here

Read More

Cameras are getting smaller and smaller, changing the scale and scope of surveillance.

Read More