The automotive industry constantly evolves, particularly in software development. From electronic control units and hardware security modules to advanced driver-assistance systems (ADAS), the complexity and functionality of automotive software have increased exponentially. This has opened new frontiers in efficiency, safety, and user experience but also introduced significant security threats.

‍This blog is part of a series about how to use Vanta and AWS to simplify your organization’s cloud security. To learn more about how to use Vanta and AWS, watch our Coffee and Compliance on-demand webinar. ‍‍ Amazon Web Services, or AWS, is one of the most popular cloud providers for organizations today — providing one of the most flexible and secure cloud environments available.

One study found that 65% of SaaS applications in use are unsanctioned. And 59% of IT professionals find SaaS sprawl challenging to manage. In other words, shadow IT risks are growing—but that’s just the tip of the iceberg when it comes to hidden risks across today’s expanding attack surface. Missed software patches, outdated certificates, and stealth malware are some examples. Many security teams still struggle to keep their networks safe from ever-growing digital supply chains.

The Internet of Things (IoT) refers to the network of physical objects – “things” – that connect and share data with the internet, other IoT devices and the cloud. IoT devices are often embedded with sensors, software and other technologies to exchange data with other devices and systems when connected to the internet. IoT devices include smart home devices like doorbell cameras and light bulbs.

BlackCat is and has been one of the more prolific malware strains in recent years. Believed to be the successor of REvil, which has links to operators in Russia, it first was observed in the wild back in 2021, according to researchers. BlackCat is written in the Rust language, which offers better performance and efficiencies than other languages previously used. BlackCat is indiscriminate in how it targets its victims, which range from healthcare to entertainment industries.

We are excited to announce that KnowBe4 has been named a leader in the Winter 2024 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the eleventh consecutive quarter! The latest G2 Grid Report compares Security Orchestration, Automation, and Response (SOAR) Software vendors based on user reviews, customer satisfaction, popularity and market presence.

The latest consumer alert posted by the federal trade commission (FTC) signals that the upticks in QR code-based scams are being seen by cybersecurity vendors are indeed a valid growing problem. You won’t need to go very far before you find a QR code. Restaurants commonly use QR codes to point you to a menu, parking lots use them to point you to a website to pay for parking, and according to the FTC, scammers use them to engage you in scams.

Microsoft was the most impersonated brand last quarter, accounting for a third (33%) of all brand phishing attempts in October, November, and December 2023, according to Check Point’s Brand Phishing Report for Q4 2023. Check Point notes, “The technology sector stood out as the most targeted industry overall, with Amazon securing second place with 9% and Google in third at 8%.

Trained security awareness professionals are aware that whatever someone says about themselves and personal experiences can be used against them in a social engineering scam. It is always good to share that message, at least once a year with co-workers, family members, and friends. I was reminded of this latest news story discussing a recent Instagram and TikTok trend. Basically, users are sent (or send) a “survey” that asks the receiver to describe themselves.

Data lineage and data provenance are related terms, but different. Lineage focuses on the origins and movements of data over time, while provenance focuses on the transformations and derivations of data from original sources. Provenance helps teams to follow the source of data and verify its authenticity, surfacing any potential risks or vulnerabilities. In other words, lineage is more about “where” data travels, and provenance is more about the “what” of data history.