Whether it’s ransomware, business email compromise (BEC), or phishing attempts, the number of cyber attacks keeps rising year after year. While there’s solid data on the volume, there’s a caveat, which is that organizations don’t want to disclose that they’ve suffered a data breach. According to Arctic Wolf’s “The State of Cybersecurity: 2023 Trends” report, 50% of organizations experienced a breach in the past year — the same odds as flipping a coin.

NorthStar Emergency Medical Services is an ambulance service based in Searcy, Arkansas. The company manages three EMS stations in the surrounding area and helps patients get the emergency help they need rapidly. This service provider takes medical information from patients it serves, and it may have just exposed tens of thousands of its past patients to internet hackers in a recent data breach incident.

In this age of technology, software companies are quickly shifting towards a strict compliance posture. You may ask yourself, why is that and what has changed over the last several years? This can be due to multiple factors but can mainly be boiled down into four categories.

Ransomware as a Service (RaaS) has been a growing trend in recent years, enabling anyone with an internet connection to become a hacker. In the past, launching a ransomware attack required a high level of technical expertise, but RaaS has lowered the barrier to entry, making it easier for anyone to launch a ransomware attack. So, how does RaaS work, and what are the implications for businesses and individuals?

Chief information security officers (CISOs) have both internal- and external-facing roles. Externally, they must constantly scan the horizon for potential threats. Internally, they must implement, communicate, and champion best practices for security at their enterprises. In a time of sprawling global supply chains and growing automation, the role of the CISO is more complex than ever. To carry out this role effectively, CISOs must learn the importance of trust management.

A new critical vulnerability impacting Microsoft Outlook (CVE-2023-23397) was recently published by Microsoft. The CVE is particularly concerning as no user involvement is required by the exploit. Once a user receives a malicious calendar invite, the attacker can gain a user’s Active Directory credentials. Microsoft has released a security update that can be found here. Cato Research strongly encourages updating all relevant systems as proof-of-concept exploits have already appeared online.

I’m thrilled to unveil our new identity: Cyberpion is now IONIX, a name that represents our radically different approach to protecting the modern attack surface and its digital supply chain. With IONIX, you’ll discover your organization’s real attack surface, including its sprawling network of asset dependencies – while separating the signal from the noise so your security team gains laser focus on your exploitable risks.

Terraform is the de facto tool if you work with infrastructure as code (IaC). Regardless of the resource provider, it allows your organization to work with all of them simultaneously. One unquestionable aspect is Terraform security, since any configuration error can affect the entire infrastructure. In this article we want to explain the benefits of using Terraform, and provide guidance for using Terraform in a secure way by reference to some security best practices. Let’s get started!

In this episode of SaaSTrana, Venky and Raghu, Co-Founder of Sprinto, discusses why SaaS companies should pay close attention to security measures to become SOC 2 compliant.