It is easy to think of cybercrime as a phenomenon only impacting the digital space. However, as trends are showing, digital attacks have a very real and very physical impact. According to the FBI, there has been a surge in rental and real estate property scams conducted via digital means, whether that’s the insertion of rogue actors into the property purchase chain, or hijacking of legitimate websites to promote false, money scamming listings.

Welcome to the first post of the malicious software packages series for the DevOps and DevSecOps community. Each Monday, this technical series will focus on various malicious packages and their effects on the software supply chain, all published over the next four weeks. We’ll dive deeper into malicious packages in each post, including Here we go. Let’s discuss malicious software packages in your software supply chain.

Unpatched software vulnerabilities continue to be the most widely used attack vector. There are several factors behind this: SMBs are implementing new software applications in their infrastructure more than ever to simplify business operations and be more efficient. But this reality is changing their organizational landscape, adding more complexity to their security posture.

The NIST Cybersecurity Framework was meant to be a dynamic document that is continuously revised, enhanced, and updated. These upgrades allow the Framework to keep up with technological and threat developments, incorporate lessons learned, and transform best practices into standard procedures. NIST created the Framework in 2014 and updated it with CSF 1.1 in April 2018.

Law firms owe their clients several types of duties, such as the duty of care, duty to provide competent representation, as well as other ethical responsibilities. Their duties even extend to former clients and must be upheld long after they no longer have a formal attorney-client relationship. More specifically, lawyers have a duty to not disclose any information about a client or prospective client, unless that individual consents, or an exception is dictated by law.

Keeping track of your employee’s password habits can be almost impossible when you haven’t already implemented a password management solution in your business. Organizations need a business password manager to have complete control and visibility over their employee’s password practices. Onboarding and offboarding employees will become a seamless process. Read on to learn what a password manager is and how it can benefit your organization.

Trustwave's Co-Managed SOC (Security Operations Center) is a powerful offering that has a tremendous track record of helping organizations maximize the value realized from their SIEM (Security Information and Event Management) investment, reducing alert noise by up to 90%, while maintaining a position of “your SIEM, your content.” The service has just received a major enhancement with the addition of Trustwave’s one-of-a-kind cybersecurity collaboration platform, Security Colony, whic

If you’re a public sector organization, security is top of mind. One of the best ways you can secure your data and systems is through a modern SIEM platform, which many government agencies and education institutions are using as a critical piece of their Zero Trust cybersecurity architecture. SIEM technology and strategy is constantly changing, and keeping up with the latest updates and requirements can be challenging.

Log management maturity and cybersecurity maturity often mirror one another. In today’s highly connected world, companies need to live with risk. Organizations need to balance the risks they’re willing to accept and compare that to the amount of money they’re willing to spend. Centralized log management is often a way to get the security monitoring that you need. As you mature your log management strategy, you’ll often find that you mature your security posture as well.

Throughout my career, I’ve seen a lot of change in the realm of cybersecurity. Whether in private- or public-sectors, from pre- to post-pandemic, I’ve witnessed the struggles of agencies coming to terms with digital transformation and cybersecurity. What I’ve found is that federal agencies are expected to keep pace with their civilian counterparts while abiding by mandates to add an extra layer of security to digital operations.