Covid-19 pushed the boundaries of both healthcare and technology providers, and nudged people to finally embrace telehealth services. In fact, telehealth has proven to be the next frontier for the healthcare industry as it minimizes the need for in-person patient, clinic, or hospital visits which prevents overwhelming our healthcare systems. A McKinsey report shared that the use of telehealth in the US in 2021 surged 38 times compared to pre-pandemic levels.

In March 2021, cybersecurity researcher Le Xuan Tuyen discovered a security bug in Microsoft Exchange Server. The vulnerability, dubbed ProxyToken, lets attackers bypass the authentication process to access victims’ emails and configure their mailboxes.

Rizal Commercial Banking Corporation (RCBC) begun as a small development bank in the Philippines and has grown to encompass a wide range of financial services and branches in the U.S., Europe, Australia and New Zealand. Like any financial institution, it must comply with a host of regulations and is a prime target for malicious actors.

At Torq, we use gRPC as our one and only synchronous communication protocol. Microservices communicate with each other using gRPC, our external API is exposed via gRPC and our frontend application (written using VueJS) uses the gRPC protocol to communicate with our backend services. One of the main strengths of gRPC is the community and the language support. Given some proto files, you can generate a server and a client for most programming languages.

The global pandemic further accelerated a trend toward remote work that was already underway, even in federal, state, and local agencies that previously resisted it. But as agencies continue to offer telework options to employees, they must also rethink their security stack to better mitigate the cybersecurity risks that remote work catalyzes. Traditional, perimeter-based approaches to security will no longer work in a cloud-first environment where data can, and is, accessed from just about anywhere.

It is October 2021, and another Cybersecurity Awareness Month is upon us. With so much having occurred over the last year, we should all be experts in personal cybersecurity protection. After all, when our homes became our primary business location, it all became very personal. I once worked at a company that prohibited me from offering personal cybersecurity advice.

When your customers reach out for help, they send messages to your support team that likely contain personal information. Help desk ticketing systems can often harvest for personally identifiable information (PII) like email addresses and credit card numbers, while healthcare providers using ticketing systems may request protected health information (PHI) like patient names and health insurance claim numbers or phone numbers.

You may have previously heard about TeamViewer if you’ve ever needed to remotely access another device for the purposes of maintenance or general work activities.

At the Rubrik Data Security Summit, leaders from both the public and private sectors discussed an important topic: ransomware. Cyber threats continue to expand in both volume and sophistication with attacks growing at a rate of 150% annually. As attackers increasingly target backups, it will be even more paramount for policies and guidance from government agencies to match the security innovation of private sector businesses to mitigate the risks of this cyber pandemic head-on.

The Splunk threat research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing discovery and reconnaissance tasks within Active Directory environments. In this blog post, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PoshC2 & PurpleSharp to then collect and analyze the resulting telemetry to test our detections.