The great thing about working in the world of cybersecurity is that there’s always something new. You may think you’ve seen it all, and then something comes along that completely surprises you. And that’s certainly true of the GoodWill ransomware, which security firm CloudSEK described this week.
The Privacy Management (PMT), Privacy by design (PbD) and Privacy Impact Assessment (PIA) tools, Integration of Data Management and Security, Integration of Extensible Key Management (EKM) and Cloud Key Management as a Service (KMaaS), Data Security as a Service (DSaaS), Data Security Platforms and Cloud Database Activity Monitoring (DAM) are in rapid development.
Trustwave SpiderLabs in early April observed a Grandoreiro malware campaign targeting bank users from Brazil, Spain, and Mexico. The campaign exploits the tax season in target countries by sending out tax-themed phishing emails. Grandoreiro was first detected in 2016 is one of the largest banking trojan families developed to strike targets Latin America.
Read also: GM hit by a cyberattack, the Conti ransomware gang shuts down operation, and more cybersecurity news of the week.
WatchGuard’s Product Security Incident Response Team (PSIRT) has launched our public PSIRT page to provide a consolidated resource where network administrators can find advisories and information about security vulnerabilities in WatchGuard products, as well as WatchGuard’s investigations into industry-wide security issues that may impact our products or services.
When defining security policies, it is critical to know who the user is and what their privileges should be based on their role, and whether the device itself or the state of the device at the time of connection is in a known good state.
During SnykWeek Boston, Simon Maple (Field CTO, Snyk) led a panel discussion about developer adoption of application security. The panelists included: Want the TL;DR? Here are some of our favorite takeaways: Read on to dive deeper into these illuminating insights around organizing security teams, setting security goals, empowering developers, improving compliance, and much more.
Whether you’re a startup, an e-commerce company, or a large corporation, as long as you handle credit card transactions, you need to be aware of and comply with the Payment Card Industry Data Security Standard (PCI DSS). As online commerce and online payment technology continue to grow, they need to be accompanied by new rules and regulations to make sure that both the business and the customers are safe and secure.
An OPA design pattern, as detailed in a previous post, gives you an architectural solution to solve one or more common policy problems. In this blog post, we describe what we call the Offline Configuration Authorization design pattern for OPA. Remember that each OPA design patterns covers the following information.
Kubernetes powers significant automation capabilities for developers in deploying, managing, scaling, and ensuring the availability of containerized apps. Data from 2021 shows that adoption continues to rise with over 5.6 million developers now using the industry’s favored container orchestration engine. However, Kubernetes and containerization introduce new complexities that pose unique security challenges.
