Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Ransomware victim hacks attacker, turning the tables by stealing decryption keys

Normally it works like this. Someone gets infected by ransomware, and then they pay the ransom. The victim then licks their wounds and hopefully learns something from the experience. And that’s what happened to Tobias Frömel, a German developer and web designer who found himself paying a Bitcoin ransom of 670 Euros (US $735) after his QNAP NAS drive was hit by the Muhstik ransomware.

The Current State of CCPA - What You Need to Know

In the digital age, more often than not, you can be sure that some enterprise has hold of your personal information. This information could be your name, email, phone number, IP address, country and other details. This can come from submitting a form, subscribing to a newsletter, accepting cookies, accepting the privacy policy or terms and conditions when creating an account or downloading software.

Workplace design tips to help deter hackers

31 percent of companies in the USA have been subjected to cyber attacks and 43 percent of those attacks were aimed at small businesses. When workplaces are designed with cybersecurity in mind, the odds of breaches will decrease. This is good news, because some breaches have the capacity to put companies out of business. These workplace design tips will make it simpler to keep hackers out of workplace networks.

5 Tips for Preventing Ransomware Attacks

You don't need to be a cybersecurity expert to know that ransomware attacks have become one of today's greatest IT security threats. From WannaCry to the attack against the city of Atlanta, major ransomware exploits have become so commonplace in the last few years that they may seem impossible to avoid. Fortunately, preventing ransomware is far from impossible. Let's take a look at a few strategies you can put in place to mitigate your risk of becoming part of the next ransomware statistic.

Survey: 93% of ICS Pros Fear Digital Attacks Will Affect Operations

Digital attackers are increasingly targeting industrial environments these days. Take manufacturing organizations, for instance. Back in late-August, FortiGuard Labs discovered a malspam campaign that had targeted a large U.S. manufacturing company with a variant of the LokiBot infostealer family. It wasn’t long thereafter when Bloomberg reported on the efforts of bad actors to target Airbus by infiltrating its suppliers’ networks.

Protecting your GCP infrastructure at scale with Forseti Config Validator part two: Scanning for labels

Welcome back to our series on best practices for managing and securing your Google Cloud infrastructure at scale. In a previous post, we talked about how to use the open-source tools Forseti and Config Validator to scan for non-compliant tools in your environment. Today, we’ll go one step further and show you another best practice for security operations: the systematic use of labels.

6 Common Phishing Attacks and How to Protect Against Them

Phishing attacks don’t show any sign of slowing down. Per its 2019 Phishing Trends and Intelligence Report, PhishLabs found that total phishing volume rose 40.9 percent over the course of 2018. These attacks targeted a range of organizations, especially financial service companies, email and online service providers and cloud/file hosting firms.

Secure Configuration in Cloud - IaaS, PaaS and SaaS Explained

If I asked you what security products you had in place to manage your risk within your IT organisation 10 years ago, you’d probably have been able to list a half dozen different tools and confidently note that most of your infrastructure was covered by a common set of key products such as antivirus, DLP, firewalls, etc. But in a world with IaaS, PaaS and SaaS, maintaining a comprehensive approach becomes far more difficult.

Automating Secure Configuration Management in the Cloud

For many organizations moving to the cloud, Infrastructure as a Service (IaaS) like AWS EC2, Azure Virtual Machines or Google Compute Engine often forms the backbone of their cloud architecture. These services allow you to create instances of pretty much any operating system almost instantly. Unfortunately, moving your IT infrastructure to the cloud doesn’t relieve you of your compliance or security obligations.