Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

User Identity Mapping In a Hybrid Environment, Part 1

A Guide to User and Resource Access In any system, the access or denial of resources is determined by the identity of the entity that attempts to use the resource. Therefore, identity mapping plays a very crucial role in ensuring that access to resources is as broad as it needs to be, but is limited only to those who are authorized to have access and protecting resources from unauthorized access.

New PayPal phishing scam seeks to go beyond login credential information

Up until now, some of PayPal users’ greatest fears in terms of cybersecurity were phishing scams aimed at obtaining their login credentials. In January of this year, PayPal confirmed a high-severity bug affecting the login form, with PayPal security investigator, Alex Birsan, finding a javascript file with what looked like a CSRF token and a session ID – which makes login information vulnerable to attackers.

Sizing up the CCPA: How the USA's new privacy regulation measures up against the GDPR

The California Consumer Protection (CCPA) act took effect on January 1, 2020, and companies across the globe are scrambling to get their act together to avoid non-compliance penalties. Although enforcement of the CCPA doesn’t officially begin until July 2020, the California Attorney General’s office will still be able to penalize violations that occurred between implementation on January 1 and official enforcement in July.

Recovering from OneDrive for Business ransomware attacks

Ransomware has been a growing threat in recent years, and experts now estimate the cost of these attacks at $7.5 billion in the USA alone in 2019. The affected institutions include 966 government agencies, educational establishments, and healthcare providers. Since most ransomware attacks stem from a small mistake made by one end user, either through phishing emails or stolen credentials, the threat is only expected to increase in the years to come.

How to Manage Third-Party Risk

Engaging with third-party vendors for the provision of goods and services isn't new. The level of digital transformation, paired with the number of third-party relationships and business partners the average organization has is. Third-party risk management programs need to evolve the manage this ever evolving type of risk exposure. Enterprise-wide organizations rely on third and fourth-party vendors. And many of them have access to sensitive data.

Why is Third-Party Risk Management Important?

Globalization and increasing regulatory pressure means more organizations need to examine their third-party vendors, service providers and supply chain in order to assess the level of risk, inform decisions and comply with laws. Failure to adequately assess third-party and fourth-party risk exposes organizations to reputational risk, operational risk, cyber risk, government inquiry, monetary penalties and criminal liability, Ignorance is no longer a valid defense.

The HTTP Status Codes You Need to Know

Working on the web means coming into contact with HTTP responses. Whether you spend your time primarily on the client or on the server, you're likely familiar with the popular ones like 200, 404, and 500. While memorizing all the codes using cat memes as a mnemonic can be helpful, let's dive deeper into what some of the most common codes mean.

Best Practices in Cyber Supply Chain Risk Management

Cyber supply chain risk management touches all aspects of a business. Supply chain risk management (SCRM) is not solely the responsibility of cybersecurity, but instead a partnership between sourcing, vendor management, cybersecurity, and transportation. The National Institute of Standards and Technology (NIST) released a set of best practices for cyber supply chain risk management in 2016.

No Relief for Cybersecurity Teams in Sight, Reveals Tripwire's Latest Skills Gap Report

You’ve seen the high-level stats on the cybersecurity skills gap, but I’ll remind you of some of the main ones from the (ISC)2 Cybersecurity Workforce Study: As the gap persists, Tripwire continues to keep a pulse on how the skills gap issue is actually being felt by the security experts who are responsible for defending their organizations from cyber attacks every day.