It is hard to believe, but ransomware is more than three decades old. While many would think that the ransomware mayhem started with the WannaCry attack of 2017, that is simply the most publicized example. Since then, dozens of ransomware strains have been utilized in a variety of cyberattacks.
As software engineers, we are incredibly busy. We’re designing new features, writing tests and implementing code, debugging, opening pull requests, and performing code reviews. That’s not to mention all of the DevOps stuff that our teams have us doing nowadays, too. Oh yes, and then there are stand-ups, check-ins, one-on-ones, and all-hands. The thing is: you don’t have time to waste. If there is wasted time in your workweek, it’s worth looking into how to recapture that time.
These security websites will help your team up-to-date on the latest cybersecurity scams. It is important to keep up with the latest cyber security threats and how to protect your company from them. With so many websites and articles out there on the topic, it can be difficult to know which ones are worth reading.
Automation is like running a marathon. It sounds like a great and noble pursuit until you actually go out and start pursuing it. At that point, it's easy to fail if you don't prepare yourself ahead of time for the challenges that are inherent to the process. Indeed, although automation can provide a number of awesome benefits, whether you actually reap those benefits depends on how easy it is to implement and manage automation tools. And, as many teams discover, doing these things may be harder than it often seems.
File integrity monitoring (FIM) started back in 1997 when Gene Kim launched Tripwire and its “Change Audit” solution. Just a few years later, Change Audit became FIM; this rebranded tool worked with the 12 security controls identified in Visa’s Cardholder Information Security Program (CISP). CISP became PCI DSS 1.0, and things continued to evolve after that. Which brings us to the present day.
AT&T Alien Labs has discovered a new malware targeting endpoints and IoT devices that are running Linux operating systems. Shikitega is delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist.
Before the world transitioned to digital-first onboarding due to cellphones, high-speed internet, and a pandemic; Banks, financial institutions, and other organisations could verify identities by physically comparing a person’s face to a photo ID. Of course, one could hardly just accept the certification at face value—no pun intended.
You’ll probably agree that there are barely any organizations left that don’t use some form of cloud computing in their daily operations. In fact, the cloud computing market is booming, with various sources expecting a worth of upwards of $600 billion within the next two years. And it makes sense: Cloud computing is the cheaper, scalable, easier-to-manage young cousin of yesteryear’s private server.
As cyberattacks continue to grow relentlessly, enterprises have to continue improving their cyber defenses to stay one step ahead of the adversaries. One area that CISOs have recently started paying more attention is identity threat protection. This is not surprising considering 80% of modern attacks are identity-driven leveraging stolen credentials. In fact, identity threat detection and response is highlighted as one of the top trends in cybersecurity in 2022 by Gartner.
