On August 9, 2022, we released a blog post about a phishing campaign where attackers were abusing Google Sites and Microsoft Azure Web Apps to steal cryptocurrency wallets and accounts from different targets, namely Coinbase, MetaMask, Kraken, and Gemini. The attackers were abusing SEO techniques to spread the pages and using advanced techniques to steal data, such as using live chats to interact with victims.

Security infrastructure as a service (SIaaS) is an engineering-centric, infrastructure-first approach to cybersecurity—and is at the heart of everything we do at LimaCharlie. In this post, we’ll explain more about what SIaaS is, why it’s important, and how it differs from legacy models of cybersecurity.

Security and compliance has a major role in every organization. Businesses are nothing without the trust and loyalty of their customers, and for many companies — from early-stage startups to multinational corporations — winning that trust starts by demonstrating that you have the correct security controls in place. Internationally-recognized compliance standards, such as ISO 27001, PCI-DSS, and SOC 2, make up the industry-standard goals that most businesses and organizations pursue.

A VPN, or a virtual private network, is a service that protects your internet connection. It encrypts your data, protects your online identity by masking your IP address and allows you to use public WiFi hotspots safely. VPNs create a private, encrypted network within the public network providing an extra, and known, layer of security and privacy.

With the overwhelming amounts of data, security teams need dynamic, real-time visualization capabilities to quickly make sense of the data they need to manage so they can take action where needed and convey the status of their security posture. Devo makes these objectives easy to accomplish using Activeboards.

The White House and the Executive Office of the President have just issued a memorandum for the heads of U.S. government and federal executive departments and agencies for enhancing the security of the software supply chain through secure software development practices.

On April 28, 2022, the Indian Computer Emergency Response Team (CERT-In) published the CERT-In_Directions_70B_28.04.2022 — a new document that imposes strict requirements on service providers, organisations, and cybersecurity teams. The new directions caused many controversies, leading to CERT-In publishing two supplemental documents: frequently asked questions on cybersecurity directions and No. 20(3)/2022 CERT-In.

The financial industry is no stranger to data breaches. Financial institutions have access to millions of personally identifiable information (PII) records, which they must secure to the highest standard. The value of this data is open knowledge – hackers will actively search for existing cybersecurity weaknesses to gain unauthorized access to customers’ financial information.

Hundreds of thousands of websites and applications are targeted and attacked every day. SANS institute finds that 60% of cyber attacks have targeted web apps. Most web applications have urgent and critical vulnerabilities. Automatic vulnerability scanners are geared toward evaluating the security posture of the organization. Do you think your automatic scanner alone can cover all aspects of security assessment?