Privileged passwords should be used wisely. These credentials, also called secrets, provide a user with access to protected accounts, systems, networking hardware, cloud instances, and applications. Since privileged accounts also have elevated permissions, passwords to these accounts are often targeted by cybercriminals. In fact, weak, reused, and compromised passwords are the cause of 81% of all data breaches according to the Verizon 2019 Data Breach Investigations Report.

Simply put, DevOps is a software methodology that includes security automation. Software engineering teams often equate DevOps and automation as synonymous. Most security experts believe that automation is the most quantifiable benefits for organizations. In this article, we will explore how DevOps security automation helps in achieving better software security.

Managing security incidents can be a stressful job. You are dealing with many questions all at once. What’s the scope? Who do I need to engage? How do I manage all of this? As an Incident Commander (IC), you have many responsibilities. You’re responsible for driving an incident to resolution as quickly as possible, creating the resources necessary to document, collaborate, and communicate while helping identify, engage, and orient the right people.

Historically, common detection methods have used file hashes (MD5, SHA1, and SHA256)—unique signatures based on the entire contents of the file—to identify malware. Modern threat actors have increased in sophistication to a point where every instance of a given malware will have a different hash, and that hash will vary from machine to machine.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Blockchain is trendy, has been for a while, and to be honest its not something I’ve had time to look at myself. All I tend to hear about are companies trying to find uses for that and/or machine learning, and the often shouted response of others saying its a solution looking for a problem outside it’s original sphere.

GLBA refers to Gramm-Leach-Bliley Act (also known as the Financial Services Modernization Act of 1999) which aims to protect the private information of consumers. In this article, we took a closer look at GLBA requirements.

I was in a medical office the other day, and when the doctor came into the room, he needed to unlock his phone to contact a pharmacy. I couldn’t help but notice that his home screen had a photo of an infant. It was an adorable infant, and I asked “how old is your child?” The doctor reflexively answered, “10 months”, but then became a bit shocked, and asked me ‘how do you know I have a child?".

As part of digital transformation, the adoption of a wide range of devices for work is on the rise. A unified endpoint management (UEM) solution is capable of enforcing management policies and configurations, as well as securing endpoints. In a previous blog, we reviewed the capabilities of a good UEM solution. In this instalment, we look at UEM security features.

The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) establishes a set of national standards for the protection of patients' rights and certain health information. Its standards address the use and disclosure of individuals' health information, known as protected health information or PHI by organizations subject to the Privacy Rule, as well as standards for an individual's rights to understand and control how their health data is used.

HTTP Strict Transport Security (HSTS) is a web security policy mechanism that enables web sites to declare themselves accessible only via secure connections. This helps protect websites and users from protocol downgrade and cookie hijacking attacks.