Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

January 2023

Cyber Insurance Companies Require Enhanced Security from Clients

The political and economic uncertainty throughout the world today is growing. The danger of malicious hacking is increasing as more and more parts of daily life simultaneously transition to the digital realm. An attack on another country or region by a state or an individual could have catastrophic results. Possible targets include utilities like power plants and communications networks.

CISO Interview Series: Brian Haugli

It’s a rare treat when you get the opportunity to speak with someone who has worked as an ethical hacker, has also worked in top secret military settings, and then transferred to the private sector, rising to the highest cybersecurity level in the corporate chain. We had the opportunity to speak with Brian Haugli, CEO of SideChannel. Brian is also the author of a book about the NIST Cybersecurity Framework.

ShinyHunters suspect extradited to United States from Morocco, could face 116 years in jail if convicted

A 22-year-old suspected of being "Seyzo", a member of the ShinyHunters cybercrime gang, has been extradited from Morocco to the United States, where - if convicted - he could face up to 116 years in prison. Sebastien Raoult, a French national, was arrested at Rabat international airport in Morocco on May 31 2022, while trying to take a flight to Brussels.

Financial Firms In The European Union Are Facing Strict Rules Around Cloud Based Services

In today's hyper-connected world, most of us now take care of our daily tasks with the help of digital tools, which includes online banking. Whether we're reviewing our account balances, transferring money, applying for payment cards, or simply paying our bills, banking has become more digital, and requires financial firms to adapt to this new world of transacting business. This adaptation has seen EU-based financial firms adopting and relying more heavily on cloud services.

Job scams: How they persuade and how to protect yourself

With so many companies currently reducing their workforce, jobs scams have become a serious and widespread problem for those who are looking for work. Stories from people who came across these scams on LinkedIn talk about scammers asking for their IDs, possibly to commit identity fraud or theft.

5 Long-term Benefits of Adopting Zero Trust Architecture

For the past several years we’ve all been sold the benefits of moving to Zero Trust, and it’s worked. We’re sold. But what now? At this point, companies have decided to embark on a long and committed journey – Zero Trust (ZT) isn’t built in a day. Keeping a clear eye on the finish line is necessary to maintain enthusiasm and buy-in as ZT architecture is put into place, divisions are shuffled around, and resources are fortified.

API Security Fundamentals: Everything You Need To Know

In the world of cybersecurity, the spotlight often shines on protecting applications, networks, and individual accounts. Application programming interfaces (APIs), on the other hand, present their own set of challenges to secure. APIs account for a significant portion of internet traffic and handle massive amounts of information from a wide variety of programs and applications; consequently, they make for an appealing target in the eyes of cybercriminals.

5 Reasons Why Your Business Needs Penetration Testing

Penetration testing is a vital part of cybersecurity strategy development, evaluating the strength of an organization’s infrastructure. To prevent attackers from exploiting security flaws in your software or networks, you want to discover them as soon as possible. Penetration testing is becoming increasingly common because it anticipates attacks instead of waiting for them to happen, allowing people to be more proactive in their security initiatives.

Cybersecurity Crisis Management and Business Continuity

The massive increase in cyberattacks and the rapid evolution of advanced criminal techniques requires every single business in any sector to take protective measures to strengthen its cyber perimeter and minimize risk. To deal with this peril, businesses must incorporate security measures and comply with security standards and regulations to improve their cybersecurity defenses for their assets, revenue, and reputation.

Data Classification: Your 5 Minute Guide

It’s old news, but data is – and will remain for the foreseeable future – king. It has to be dealt with and handled responsibly, assigned to the right boxes, and stored properly. Why? Because everyone wants it, and there are increased efforts to obtain it by ever-more sophisticated and subtle bad actors. You wouldn’t put a piece of junk mail in a high security vault. Nor would you trust a crown jewel to a locked desk drawer.

The prevalence of RCE exploits and what you should know about RCEs

Recent headlines have indicated that some major companies were affected by Remote Code Execution (RCE) vulnerabilities, just in the month of October. RCE flaws are largely exploited in the wild, and organizations are continually releasing patches to mitigate the problem. RCE is a type of an Arbitrary Code Execution (ACE) attack where the threat actor executes malicious commands on the target’s device.

Teaching an Old State Analyzer Some New Tricks

Tripwire’s Energy and NERC Compliance Working Group virtual event offered some enlightening information, not only from industry experts but also some candid thoughts from current Tripwire customers. Even the most cogent summary of the keynote, as well as two of the sessions, simply cannot do proper justice to the knowledge that was shared during the event.

6 Common Phishing Attacks and How to Protect Against Them

Going into 2023, phishing is still as large a concern as ever. “If it ain’t broke, don’t fix it,” seems to hold in this tried-and-true attack method. The 2022 Verizon Data Breach Investigations Report states that 75% of last year’s social engineering attacks in North America involved phishing, over 33 million accounts were phished last year alone, and phishing accounted for 41% of social engineering compromise overall.

The Heightened Importance of Cybersecurity in Mobile App Development

Mobile device use is pervasive, and has eclipsed traditional computing. We often hear how various malicious mobile apps are released into circulation. For these reasons, mobile app development needs to focus on cybersecurity just as much as it does on functionality and flexibility, if not more so. It’s an inevitable aspect of app development that must be taken more seriously, as the very real threats to business proliferate.

AI-generated phishing attacks are becoming more convincing

It's time for you and your colleagues to become more skeptical about what you read. That's a takeaway from a series of experiments undertaken using GPT-3 AI text-generating interfaces to create malicious messages designed to spear-phish, scam, harrass, and spread fake news. Experts at WithSecure have described their investigations into just how easy it is to automate the creation of credible yet malicious content at incredible speed.

Healthcare Supply Chain Attacks Raise Cyber Security Alarm

The healthcare sector has become a popular target for cybercriminals and is one of the most targeted industries by cyber criminals. In 2022, 324 attacks were reported in the first half of the year. As bad actors continue to target the healthcare industry, cybersecurity experts and healthcare administrators should be aware that attacks are frequently impacting smaller companies. These numbers point to unusual trends occurring in the healthcare industry.

C-Suite Security: How IT Teams Improve Security Culture

Every person in an organisation has the potential to enhance security. Physical office barriers were removed during the pandemic, exposing companies to countless vulnerabilities as attack avenues have multiplied. However, this does not mean that all was lost. What it signals is the importance of promoting a culture of security across the entire corporate environment, no matter how broadly that environment lies.

Is a Shift Left Approach Hurting Software and Supply Chain Security?

As the cyber threat evolves, adversaries are increasingly targeting non-publicly disclosed vulnerabilities in the software supply chain. Attackers are able to stealthily travel between networks because to a vulnerability in the supply chain. To combat this risk, the cybersecurity community must center its efforts on protecting the software development lifecycle.

How an Intrusion Detection System Can Save Your Business

The world of cybersecurity is extremely diligent. In a terrain that is ever-evolving, security experts need to combat a growing population of threat actors by deploying increasingly cultivated tools and techniques. Today, with enterprises functioning in an atmosphere that is more challenging than ever, Intrusion Detection Systems (IDS) play a vital role. As threats become more critical across the board, an Intrusion Detection System can save your business.

Why You Need an Offensive Security Solution

Cybersecurity professionals are always looking to keep up with new and changing threats, as well as developing new tactics and technologies to guard against cyberattacks. Traditional approaches to security are focused on defensive or reactive measures, generally blocking attacks from coming in, or responding to attacks once they happen. Unfortunately, these methods may not be enough to satisfactorily address the threats in question.

LockBit ransomware gang says sorry, gives free decryptor to SickKids hospital

Do ransomware gangs actually have a heart? Perhaps... Just days before Christmas, on the night of Sunday 18 December 2022, Canada's Hospital for Sick Children (better known as SickKids) was hit by a ransomware attack. The Toronto-based teaching and research hospital reported that the attack had impacted its internal systems, phone lines, and website.

What are sandboxes? How to create your own sandbox

In the language of technology, a sandbox is a safe testing environment that is isolated from the rest of your network or system. Developers use sandboxes to test their code before deployment. In cybersecurity, suspicious and potentially unsafe programs, software, and attachments are executed in sandboxes to detect malware and to avoid any harm implicated by them. The use of a sandbox enables you to safely download, open, examine, or run unknown files, providing an additional layer of security.

CISOs and their Boards of Directors: Viewing Cyber Risk Differently

CISOs – the senior level executives responsible for developing and implementing cybersecurity programs for corporations and other organizations – are not happy campers these days. And it’s not just because they are chronically understaffed and under constant pressure.