Recently I received a call on my personal cellphone. The call started out as many do; with a slight pause after I answered. Initially I assumed this pause was caused by whatever auto-dialer software the spammer was using to initiate the call before their text-to-speech software starts talking about my car’s extended warranty. Once the pause was over, however, I was surprised by a very human voice.

We know how complicated and resource-consuming it can be to comply with the standards set up by the PCI (Payment Card Industry) Security Standards Council. It’s not surprising that less than 1 in 5 businesses (around 18%) assess their PCI DSS controls more frequently than is required by the regulation. However, things become a lot easier and streamlined with PCI DSS gap assessment.

Starting today, we’re adding JumpCloud to the list of popular enterprise identity providers compatible with the 1Password SCIM bridge, making it easier for more teams to provision and manage their users. We’re thrilled to add JumpCloud’s easy-to-use and highly rated service to our growing list of integrations.

In a previous blog post, we took a look at Java’s custom serialization platform and what the security implications are. And more recently, I wrote about how improvements in Java 17 can help you prevent insecure deserialization. However, nowadays, people aren’t as dependent on Java’s custom serialization, opting instead to use JSON. JSON is the most widespread format for data serialization, it is human readable and not specific to Java.

True Login phishing kits are continuously being developed by threat actors to improve their TTPs in luring victims. By using true login kits, the phishing operators have a higher chance of making potential victims believe they are logging into the real website. True login kit developers are abusing publicly available APIs of the banking company to be able to query login information to be shown to potential victims, in turn luring the victim even further into the operations.

2021 was a challenging year for manufacturers, energy producers, and utilities. A chaotic pandemic year created an opportunity for threat actors to take advantage of disruption to infrastructure integrity and IT to OT operational dependencies, something they achieved with frightening rapidity and effectiveness.

This is part 2 of Trustwave’s 2022 Cybersecurity Predictions blog series. In 2021, the cybersecurity industry was truly tested. Most notably, we uncovered the deeper fallout from the SolarWinds attacks, combatted the proliferation of advanced ransomware gangs and a surge in vulnerability exploitation, and saw fragile supply chain and critical infrastructure more targeted by attackers than ever.

You work at a SaaS provider, and now you need to pass a FedRAMP audit. If that describes you, read on. This post will tell you (almost) everything you need to know about how to pass a FedRAMP Audit. For the rest, reach out to us. We will put you in touch with one of our Solution Engineers like me who have helped some of the largest SaaS providers in the world pass their FedRAMP audit prior or after IPOing. It’s what we do.

There’s a lot of upside to becoming an application-centric business. You can increase collaboration, work more effectively with your data, deliver an optimal customer experience, and much more. One major downside, though, is that your network and security operations teams are under intense pressure to provision new applications both quickly and securely.