Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

The CPRA Clearly Explained (Includes a Compliance Guide)

The California Privacy Rights Act (CPRA) is a privacy law that was passed in California in 2020. It strengthens the security standards of the California Consumer Privacy Act (CCPA), making California's consumer privacy laws more aligned with the General Data Protection Regulation (GDPR). The CCPA gives California residents the right to know what personal data is being collected by companies and whether it will be sold or disclosed to other parties.

CISA Top Malware Summary

This blog summarizes the Splunk Threat Research Team’s (STRT) recent review of the CISA Top 10 Malware strains for the year 2021 report. While many of these payloads have been covered in our past and present research (available at research.splunk.com), these malware families are still active in the wild. Notably, five malware families we analyzed in this article can still be seen in the ANY.RUN Malware Trends Tracker.

How To Do AppSec: The Application Security Guide

Modern applications are sophisticated, with different third-party software and hardware components and complicated integrations compared to legacy applications. With these complications, there is an increase in exploitable vulnerabilities in the application layer. Thus, application security is one of the most critical aspects organizations should focus on to secure their applications from cyberattacks.

The impact of cyber fouling and how scavengers might capitalize on it

The cyber landscape is ever-evolving. Organizations have started moving their resources to the cloud excessively to scale up their deliverables. The hybrid work culture and BYOD policies have made an organization’s network increasingly perimeter-less. With organizations adopting different policies to increase operational efficiency, SOCs scramble to ensure security in the network. As for attackers who are opportunists by nature, the hybrid work model introduces a lot of opportunities.

An ethical hacker's perspective on EASM

Gunnar Andrews discusses how ethical hackers can look to EASM techniques to help increase their ethical hacking skills. For organizations, this article gives insight into the methods and types of information that ethical hackers or even malicious attackers will collect to increase knowledge about an organization’s assets.

Four Resolutions for Security Leaders to Keep in Mind for 2023

Starting off a new year often comes with a re-energized sense of taking stock of big changes you want to make and how you want to accomplish them. And, as we come off of “prediction season”, there’s also a sense of the hot topics and challenges that are already on the horizon for the security community.

Preventing Cyberattacks Against Marketing Teams

In promoting a company and its products, marketing oversees critical points of contact between the business and its customers. Marketing teams make sure a company and its products are known in the broader market, gain the interest of potential customers and guide customers through the buying process. Just as importantly, marketing teams promote and steward a company’s brand — one of its most valuable assets.

Three easy steps to dramatically improve your AWS security posture: Step 1, set up IAM properly

Have you ever heard the saying that the greatest benefit of the cloud is that limitless resources can be spun-up with just a few clicks of the mouse? If so, you would be best served by forgetting that saying altogether. Just because cloud resources can be spun-up with a few clicks of the mouse does not mean that they should be. Rather, prior to launching anything in the cloud, careful consideration and planning are a necessity.

Protecting Data and Promoting Collaboration During Times of Change

When it comes to the way we work, change is now the status quo — and it often happens so quickly that security teams have a tough time keeping up. Organizations that try to keep using their perimeter-based security solutions are hindering their workers’ ability to collaborate while also losing a handle on their data.