Our threat intelligence have shared several threats they’ve uncovered through monitoring our B2B platform, in our recent report: Keeping pace with emerging threats: Summer 2022 roundup. One of the standout threats to keep your users aware of is a rise in sextortion emails using fake threats to blackmail people into paying cryptocurrency ransoms.
The RSA Conference has been a key date on the IT security calendar for 31 years, billing itself as the place ‘where the world talks security’. After being forced into a virtual event last year due to the pandemic, RSAC was back live in 2022 for a face-to-face event at the Moscone Center in San Francisco. This year’s event welcomed around 26,000 attendees, over 600 speakers, and more than 400 exhibitors. So how did a face-to-face RSAC 2022 stack up after the virtual event in 2021?
Read also: security flaw in Travis CI API exposes user access tokens, small botnet launched a record-breaking DDoS attack and more.
If you don’t work in IT or security, there’s no need to fret about every detail of every online danger. Nevertheless, it’s worth having awareness of the strategies and techniques that criminals are using to achieve their goals online.
CIS Control 8 Center for Internet Security (CIS) version 8 covers audit log management. (In version 7, this topic was covered by Control 6.) This security control details important safeguards for establishing and maintaining audit logs, including their collection, storage, time synchronization, retention and review. Two types of logs are independently configured during system implementation.
Control 10 of CIS Critical Security Controls version 8 is focused on malware defenses. It describes safeguards to prevent or control the installation, spread and execution of malicious applications, code and scripts on enterprise assets. (In CIS version 7, this topic was covered by Control 8.) Malware, especially ransomware, has become a pressing security issue in recent years.
Contractors, freelancers, and other temporary workers have become essential parts of the modern enterprise. For IT and security teams, these individuals present unique challenges compared to full-time workers—and potential risks. The ‘offboarding’ process for these contractors is often less formal than bringing them on. Meaning, many just stop using their entitlements and accounts without actually closing them. These dormant accounts can pose serious risks to the organization.
In today’s data-driven world, skilled developers are much sought out for their ability to build applications that serve the Big Data needs of organizations. The sheer size, complexity, and diversity of Big Data requires specialized applications and dedicated hardware to process and analyze this information with the aim of uncovering useful business insights that would otherwise be unavailable.
New state-level data privacy laws just keep coming. By the end of 2023, California will transition to the CPRA, and residents of Virginia, Colorado, Utah, and Connecticut will be covered by more expansive state privacy laws. With 10% of U.S. states covered by data privacy legislation by the end of next year, it’s clear there’s a need for federal legislation as well. I’m pleased to see reports of positive momentum on this topic in Washington.
