As organizations transition from monolithic services in traditional data centers to microservices architecture in a public cloud, security becomes a bottleneck and causes delays in achieving business goals. Traditional security paradigms based on perimeter-driven firewalls do not scale for communication between workloads within the cluster and 3rd-party APIs outside the cluster.
The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018. The new standard, version 4.0, is set to generally go into effect by 2024, but there are suggested updates that are not going to be required until a year after that. This, of course, creates a couple of problems for those who want to phase in the new standard.
Securing sensitive data in today’s digital world has become increasingly complex and challenging, especially if parties practice poor data management, network security, encryption methods, or endpoint protection. As cyber attacks continue to grow, it’s absolutely necessary to maintain stronger cybersecurity practices.
Generating a generic content security policy is easy. Manually managing those policies to ensure they operate effectively and provide the right level of security is an entirely different issue. For businesses willing to make the shift, an automated content security policy can significantly ease the policy management burden.
The volume and frequency of ransomware attacks have increased significantly this past year. In fact, the number of ransomware attacks has nearly doubled in 2021 as compared to 2020. The impact of a breach is multi-fold and stretches well beyond the commonly acknowledged risks of downtime cost, impact on the brand, and the actual ransom paid. This has prompted a paradigm shift in how organizations and system integrators look at their cybersecurity strategy.
It’s been over two years since offices around the world closed their doors, sending employees to work from home to ride out a series of pandemic lockdowns. Those two years saw a succession of commands to close, reopen, close again, and reopen again, during which office workers in many industries embraced remote work and the benefits of eliminating the commute and providing a better work-life balance.
A few weeks ago, a new version for Fastjson was released (1.2.83) which contains a fix for a security vulnerability that allegedly allows an attacker to execute code on a remote machine. According to several publications, this vulnerability allows an attacker to bypass the “AutoTypeCheck” mechanism in Fastjson and achieve remote code execution. This Fastjson vulnerability only recently received a CVE identifier – CVE-2022-25845, and a high CVSS – 8.1.
An organization’s security protocols are vital to maintaining transparency, compliance with government regulations, and trust with customers. On April 28, 2022, the Indian Computer Emergency Response Team (CERT-In) released updated directions for compliance requirements for all India-based companies and organizations with Indian clients.
Losing money to cybercriminals is the financial industry's biggest threat today. Billions of dollars have been lost in 2022 alone due to cyber security incidents. This money is unrecoverable and can be blamed on one thing - poor cybersecurity practices. The money goes straight to the pockets of hackers so they can build bigger and better ways to hack and steal our money.
In our new threat briefing report, Forescout’s Vedere Labs presents the most detailed public technical analysis of Industroyer2 and INCONTROLLER (also known as PIPEDREAM), the newest examples of ICS-specific malware that were disclosed to the public almost simultaneously, on April 12 and 13. Thankfully, both Industroyer2 and INCONTROLLER were caught before causing physical disruption.
