The Medibank hack began with the theft of credentials belonging to an individual with privileged access to Medibank’s internal systems. These credentials were sold and purchased on the dark web by an unconfirmed buyer who used them to gain access to Medibank’s internal system.

The modern approach to application security includes strategies and technologies that help development teams prioritize the vulnerabilities they should address and fix. By giving these teams tools that efficiently identify security vulnerabilities that present the biggest risk, they can address them as quickly as possible. Ori Bach, EVP of Product at Mend, and Harry Mower, Director, AWS CodeSuite, got together for a fireside chat to discuss how to implement these strategies.

The awaited OpenSSL 3.0.7 patch was released on Nov. 1. The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786), which affect all OpenSSL v3 versions up to 3.0.6. These vulnerabilities are remediated in version 3.0.7, which was released Nov. 1. The vulnerabilities fixed include two stack-based buffer overflows in the name constraint checking portion of X.509 certificate verification.

We’ve all heard of the “dark web,” but many of us have no idea what it is and even less of how to access it. The Dark Web, a global challenge to law enforcement, is a region of the World Wide Web accessible only through special software permitting anonymity. Your search engine cannot index the Dark Web’s pages. They are not viewable on your standard web browser, requiring special software or configuration for access.

The length of an average SOC 2 audit depends on a lot of variables, but with Vanta, customers can get a SOC 2 Type I report in weeks, and a SOC 2 Type II report within months. ‍ Audit timelines are difficult to project because each organization has different capabilities, resources, and goals. But after helping thousands of businesses tackle SOC 2 audits, we’ve developed a reliable timeline of what most customers can expect. ‍

“Have you backed up your files?” If you had a Dirham for every time you heard this and followed up with immediate action, you’d be a Shiekh by now. But alas, we’re here because you didn’t do your due diligence and now you have to pay the ultimate price—your data has been compromised and you’ll have to decide what to do about it. But don’t feel too bad; data backup at a corporate level is a luxury not everyone gets to enjoy.

Google Play is every Android’s first go-to option for downloading apps. However, even this ever-famous application portal isn’t free from malicious apps directed toward conning the installers. A renowned security firm, Malwarebytes Labs, has warned users against downloading and using these top four applications, which have collectively garnered 1 million downloads. Per the security researchers at the firm, these apps hide Trojans, which serve adware and direct users to phishing sites.

When a data breach appears in the news (which has happened a lot recently), many of us picture a hacker in a black hoodie, trawling through reams of code on a custom-built PC. We often imagine them finding a single mistake – a zero that should be a one, or vice versa – that lets them slip through a company’s defenses.

A denial of service attack is a type of network attack in which an attacker makes the system, machine, or network unavailable to the intended users. There are various types of DOS attacks, like, for instance, a user is trying to reach a webpage but the page redirects the user to another URL or even the user can’t reach its destination i.e. access is blocked.