Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Keep infrastructure as code secure with Synopsys

Infrastructure as code is a key concept in DevOps for cloud deployments. Learn how to secure it using Rapid Scan SAST. It was not long ago when we needed to submit an IT support ticket to help launch infrastructure configurations (virtual machines, networks configurations, load balancers, databases, etc.) every time we needed to deploy a new application. It worked when we needed those less frequently, but it was not easily scalable.

What is HECVAT and Why is it Important?

Higher education has increasingly been attracting the attention of cybercriminals. In March, the FBI released an advisory in response to a barrage of ransomware attacks on schools, and Inside Higher Education recently reported that colleges and universities are becoming favorite victims of bad actors. It's not just colleges themselves that are being targeted; their vendors and third parties are being attacked in the hopes of compromising an institution’s data.

AT&T Cybersecurity announces enhanced, simplified MSSP Partner Program

At AT&T Cybersecurity, we believe in the exceptional expertise of our managed security service provider (MSSP) partners. That’s why we are delighted to announce the launch of our new, simplified MSSP Partner Program that will help enhance your business. Our aim is to enable our MSSP partners to successfully monetize security capabilities and achieve exceptional growth and profits by delivering superior, next-generation managed security services to customers.

How To Build A Secure Open Source API Program

API security is one of the most important aspects of cybersecurity. The rise of new technologies like microservices, cloud-native applications, IoT devices, single-page applications, serverless, and mobile has led to increased use of APIs. Any internal application elements are now APIs connecting with one other through a network. A game API lets your applications and web services communicate with one another and share information such as rules, settings, specs, and data.

How to publish Node.js Docker images to Docker Hub registry using GitHub Actions

In a previous post, we presented a step-by-step tutorial on how to publish Node.js Docker images to GitHub Packages registry using GitHub Actions. In this post, we’ll focus on publishing the Docker image that we build to the public Docker Hub registry. Why is this useful you might ask? The Docker command line application docker has a default registry setting for docker.io which points to the Docker Hub registry.

Top 5 Security Testing Types with Tools & Examples

Technology has shaped the world magnificently and has become a driving force for businesses and organisations. From academia to big enterprises, everyone is enjoying the perks of technological advancement in the form of applications, IoT devices, online shopping and businesses, portals, etc. including amateur to non-technical people, everyone now utilises some form of a networked-enabled communication system such as email, social media, etc.

What is Doxing? How to protect yourself from internet humiliation.

Doxing is the act of publishing private or identifying information about an individual or organization on the internet. Doxing is short for Dropping Dox (documents), and it only has negative connotations. The intention of doxers is to harass victims by revealing information that's either incriminating, defamatory or just immensely embarrassing. Doxing is sometimes spelled as Doxxing.

What is PGP encryption? How it works and why it's still reliable.

PGP encryption (Pretty Good Encryption) is a data encryption program used to authenticate and provide cryptographic privacy for data transfers. PGP encryption is used to secure all forms of data and digital transmissions. It's capable of encrypting and decrypting: PGP is a quick-to-implement and cost-effective encryption method.

How Tripwire State Analyzer Can Help You to Comply with NERC CIP

Are you an organization that operates a Bulk Power System (BPS) in the United States? If so, you understand the need to comply with the Critical Infrastructure Protection (CIP) standards. Developed by the North American Electric Reliability Corporation (NERC), CIP is a set of requirements through which in-scope entities can protect themselves against digital attacks, thereby strengthening the reliability of the U.S. electric grid overall.

Getting Application Security Back on the Rails

In its Interagency Report 7695, the National Institute of Standards and Technology (NIST) defined an application as “a system for collecting, saving, processing, and presenting data by means of a computer.” This broad term covers enterprise applications, consumer applications, and even phone apps. Security is important in all these types of applications, but the focus is not always the same. Let’s explore how below.