Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

How to Operationalize Web Application Client-Side Security

I might assume that you found this blog while conducting research on how to protect your business from skimming breaches. Let me guess… you just survived a Magecart-type, cross-site scripting (XSS), formjacking, skimming, or other client-side attacks? Now your CISO, CEO, or board are asking you to figure out how to ensure this doesn’t happen again?

16 Countries with GDPR-like Data Privacy Laws

Coming into force on May 25th, 2018, the General Data Protection Regulation (GDPR) was a landmark for data protection. Trading blocs, governments, and privacy organizations took note, and over the last three years, GDPR has inspired new data privacy legislation worldwide.

What is data security breach? Examples and prevention

Many compliance standards focus on protecting individual personal information and sensitive data in a world rife with cyber-attacks and data breaches. Now, companies need to make their systems immune to digital intrusion and prepared to reduce the attack surface for strong information security measures around private information. Data breaches are becoming a norm through the more and more rapid transition of physical businesses to online businesses and more online activities.

REvil/Kaseya Incident Update

Following the July 3, 2021 news of a ransomware attack targeting Kaseya, a US-based software developer that supplies managed service providers (MSP), more information about the incident, including additional indicators of compromise (IOC) have now been shared. Reportedly the "biggest ransomware attack on record" according to some, initial reports suggested that Kaseya themselves were compromised and their network management software, VSA, was compromised to deploy a ransomware threat to their customers.

5 Tips to Improve Threat Report Analysis and Action

Most organizations have more threat intelligence than they know what to do with, from a variety of sources – commercial, open source, government, industry sharing groups and security vendors. Bombarded by millions of threat data points every day, it can seem impossible to appreciate or realize the full value of third-party data.

Cloud Threats Memo: Preventing the Exploitation of Dropbox as a Command and Control

IndigoZebra is a Chinese state-sponsored actor mentioned for the first time by Kaspersky in its APT Trends report Q2 2017, targeting, at the time of its discovery, former Soviet Republics with multiple malware strains including Meterpreter, Poison Ivy, xDown, and a previously unknown backdoor called “xCaon.” Now, security researchers from Check Point have discovered a new campaign by Indigo Zebra, targeting the Afghan National Security Council via a new version of the xCaon backdoor, dubbed

Demoing the Netskope and Mimecast DLP Integration

Protecting the data of an organization is a complex task. Data is the crown jewel of any organization which the adversaries continuously seek to get their hands on. Data is threatened both by external attackers and internal threats. Sometimes the threats are malicious, and in many cases, they are accidental. Both these cases have to be addressed by modern enterprise security departments.

98% of Infosec Pros Say Multi-Cloud Environments Create Additional Security Challenges, Reveals Survey

Organizations have multiple reasons for embracing a multi-cloud strategy. First, it enables them to avoid “vendor lock-in” where they need to rely on a single vendor for all their cloud-based needs. Second, it empowers them to take advantage of the perks offered by several cloud service providers at once. Lastly, such a strategy helps to protect them against data loss and/or downtime, as an issue in one environment won’t necessarily spill over into another.

Lazarus gang targets engineers with job offers using poisoned emails

Security researchers at AT&T Alien Labs report that a notorious hacking group has been targeting engineers working in the defence industry. In recent months there have been a series of reports of malicious emails that use the disguise of a job offer to target defence contractors in the United States and Europe.