ISO 27001 is an international standard that focuses on information security. This standard guides the establishment, implementation, maintenance, and continuous improvement of an information security management system (ISMS).

With the face of cyberthreats in a constant state of flux, it’s nearly impossible for IT and Security teams to manually secure their countless systems, applications, services, and devices, as well as respond to potential and active cyberattacks that manage to flourish despite best efforts.

With the emergence of cryptocurrencies and massive online marketplaces, keeping your financial information private is a bigger concern than ever. In addition to these new and developing areas, in-person purchasing with debit and credit cards continues to grow. From debit transactions to cryptocurrency, millions of transactions are made daily, and it is cybersecurity experts’ jobs to keep us safe.

First identified in 2018, 'Ryuk' is a known malware often dropped on a system by other malware, most notably TrickBot and Bazaarloader by using a Spear Phishing lure or other systems access gains via Remote Desktop Services. Ryuk demands payment via Bitcoin cryptocurrency and directs victims to deposit the ransom in a specific Bitcoin wallet.

Security threats in healthcare relate to safety of the clinical and administrative information systems of hospitals and healthcare service providers. Increasing cyber attacks on healthcare organisations in the last few years have been faster than the improvements in healthcare cybersecurity practices. In this article, we discuss the cyber security threats and vulnerabilities of hospitals and healthcare providers, followed by best security practices aimed at improving security posture.

In the summertime, I shared my thoughts on how Detectify Crowdsource is not your average bug bounty program. Through this, we got some questions from the security community which I’m going to do my best to answer in this follow-up: Finding bugs is fun, but then comes the reporting part which may not be your favorite depending on how much you enjoy admin work.

As the security threat landscape continues to evolve, choosing the best application security testing tools is just the first challenge for organizations investing in AppSec. Next, organizations need to figure out how to best orchestrate the application security testing technologies they are using in order to get the most out of them without losing valuable time. That’s where application security testing orchestration comes in.

Intezer and Microsoft reported on Sept. 9 that TeamTNT hackers are deploying Weave Scope in compromised systems as an auxiliary tool in their intrusions. Weave Scope is a legitimate and powerful tool to manage server infrastructure that, once deployed, makes it easy to control all resources. In this article, we will describe how this tool can be used maliciously, and how to add specific checks in your security set up to look for it.