An Advanced Persistent Threat is a sophisticated (rarely) multi-staged attack carried out by skilled and well-organised threat actors such as organised cybercrime syndicates and nation-state actors. The majority of the times, Advanced Persistent Threats (APT) are nothing more than a fancy name with much more media frenzy around the topic of cyber attacks.

Over the last year and a half, we all went through the monumental disruption of having just about everyone work from remote locations. We strained VPN infrastructure and out of necessity split tunnels became the norm, not the exception. Even if it meant the users were a bit more exposed, you really had no choice, as Zoom/Webex/Teams meetings can eat up bandwidth like nobody’s business. But now the users are starting to come back into the office, what’s the big deal?

Our latest State of Software Security: Open Source Edition report just dropped, and developers will want to take note of the findings. After studying 13 million scans of over 86,000 repositories, the report sheds light on the state of security around open source libraries – and what you can do to improve it. The key takeaway? Open source libraries are a part of pretty much all software today, enabling developers to work faster and smarter, but they’re not static.

In my previous post, I disclosed that SonicWall had quietly released vulnerability fixes over the course of several days before vulnerability advisories were published for CVE-2020-5135. Rather than properly fixing CVE-2020-5135, SonicWall’s fix introduced a new vulnerability in the same code. SonicWall was aware of the new vulnerability but deferred the small fix until the next release, more than 6 months later.

Supply chain cybersecurity is important at all times, but arguably even more so during the COVID-19 crisis. If a hack compromises the speedy delivery of vaccines, medical equipment, or drugs used to treat people suffering from the virus, everyone involved could face devastating consequences. Here are some proactive steps people can take to keep their sensitive supply chain data safe.

Modern drug discovery and clinical trials produce a volume of data that can quickly overwhelm local storage and bandwidth capacity. Sequencing data, scanned source files, biostatistical (SAS, R, SPSS) databases, and DICOM imaging are all hard to store and collaborate on, especially with a distributed workforce. Egnyte’s platform has been facilitating secure sharing of files for over a decade, accelerating the ability to collaborate without sacrificing security.

Organizations in the life sciences industry need to maintain regulated data in compliance with a number of global data privacy laws. Ideally, compliance is automatically ensured, and data is easily categorized. But we all know that this is not always the case in a decentralized, dynamic environment. So, how are the leading biotechs efficiently and securely managing collaboration and data?

An application programming interface (API) enables communication and data exchange between two separate software systems. The application (or service) layer sits between the presentation and database layers and lays out the rules of how users can interact with services, data or functions of the application. API testing is a software testing practice that tests the functionality, reliability, performance and security of an API.

Kroll’s 2021 Data Breach Outlook has identified a 140% increase in data breach notification cases from 2019 to 2020. Industries such as healthcare, education and financial services, which were the most impacted in 2019, continued to be hard hit in 2020 and, so far, in 2021 too. However, the greatest increases occurred in industries that were generally spared in 2019. Data attacks became broader and deeper during the COVID-19 pandemic, a trend that has continued throughout the recovery.

Kroll experts have noticed an increase in distributed denial of service (DDoS) attacks by cybercriminals seeking to turn a profit in two distinct incident types. First, many ransomware operators are now threatening and conducting DDoS attacks as an additional pressure tactic during the ransom negotiation process. Second, also known as ransom denial of service (RDoS), attackers threaten DDoS attacks that will take down an organization’s public-facing services unless a ransom is paid.