Shell is one of the largest oil and gas companies in the world today. The organization is based in London, England, and has branches in many countries throughout the world, including the United States. Shell has an estimated annual revenue of $381.3 billion USD and employs approximately 86,000 people. The company was recently added to the list of victims of the large-scale MOVEit data breach. Details are still fuzzy, but it appears that many individuals could be compromised.

Healthcare companies and insurance providers were hard hit this week in a slew of data breaches. Some of the breaches happened long ago, while others are fresh, but either way, it's clear that medical companies are being targeted heavily by hackers. The list of companies includes the Charles George VA Medical Center, ARx Patient Solutions, Advanced Medical Management, and Imagine360 LLC. We also can't skip over the fact that oil giant Shell was hit by a breach as well.

CVE-2023-2868, a vulnerability in the Barracuda ESG was announced on May 23. On June 15th, a report surfaced, attributing the exploitation of this vulnerability to a threat actor group tracked as UNC4841, which analysts believe is conducting espionage on behalf of the Chinese government. SecurityScorecard’s STRIKE Team consulted its datasets to identify possibly affected organizations.

Infrastructure as code (IaC) has changed how we deploy and manage our cloud infrastructure. Instead of having to manually configure servers and networks with a large operations team, we can now define our service architecture through code. IaC allows us to automate infrastructure deployment, scale our entire fleet of servers, document a history of changes to our architecture, and test incremental changes to the network.

Every employee in an organization has access to email, creating a vulnerability that cybercriminals seek to exploit through phishing attacks. There are many different types of phishing attacks that bad actors use to achieve their goals, and it is important to have the right processes and security solutions in place to prevent employees from falling victim.

Emojis are now the widely understood language of our digital world.These tiny icons that add color and life to our messages are designed to enhance online interactions by letting us express emotions and thoughts in an easy way. But hackers are seeing them as an opportunity to infect devices and exploit our personal data.

Two web-scale companies have recently shared how they solved mission-critical authorization challenges using Open Policy Agent (OPA). These accounts validate the value of what we’ve built with OPA and give important blueprints for engineers looking to address similar challenges. We consider these required reading for anyone considering or using OPA at scale. In this post we review these two case studies to highlight common patterns and important differences.