Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

This is the Year We Strengthen Cybersecurity Through Collaboration

Cybercrime pays no regard to international borders, and effectively fighting cybercrime is a process that has always relied upon countries collaborating and sharing data. As geopolitical manoeuvres have cast uncertainty around some of our established mechanisms for collaboration, many in this sector have felt a degree of trepidation heading into this year.

Best Server Monitoring Software Tools

If you don’t know the state of your network and server health every second of the day, you’re like a blind pilot inevitably headed for disaster. Fortunately, the market now offers many good tools, both commercial and open source, for network and Windows Server monitoring. We’ve put together a list of best open source, free and paid Windows Server monitoring tools that have proven their value in networks of many sizes.

What our attack surface study says about top retail applications

Retail and ecommerce web applications are big targets for hackers. Attack surface assessment is important to help build a complete risk profile of web applications and combat opportunistic hackers looking for vulnerabilities to exploit. Here’s how the biggest online retailers fare against the most common application attack vectors

Cloud DLP and Regulatory Compliance: 3 Things You Must Know

It’s well-established that a data breach is an extremely costly event. By some estimates, a data leak can cost a small to medium-sized business more than $7.68 million per incident. Compliance regimes may seem burdensome, but the goal of these policies is to prevent a devastating data breach that can bankrupt a business and cause myriad problems for consumers.

Looking ahead to infosec's biggest challenges in 2021

The Nightfall blog is a resource for information security professionals to learn more about the challenges we face in the industry. Every week, Nightfall publishes news and insights from the world of cloud security to help you stay current with the cybersecurity world and better prepare for threats before they become serious problems. In January, we hosted two additional infosec leaders on the CISO Insider podcast: Compass CISO J.J. Agha and LifeOmic Chief Legal Officer Lisa Hawke.

How to build a malware analysis sandbox with Elastic Security

As a security analyst on Elastic’s InfoSec team, a common scenario we see is users coming to our team and asking: “Is this file safe to open?” Or one user reports a phishing email with an attachment that they didn’t open, but we see from the logs that 10 other users also received that email but didn’t report it and no alerts went off on their systems.

What the CPRA Means for the CCPA

In the fall of 2020, voters in California approved the California Privacy Rights Act (CPRA). Touted as California Consumer Protection Act (CCPA) 2.0, the CPRA is more an addendum and expansion of CCPA rather than an entirely new law. Think of it as an update that fixes unclear parts of the previous law and adds new systems to better handle the existence of the law itself. As there are a few “breaking changes”, the 2.0 moniker is pretty apt for those in the software world.

How to integrate automated AST tools in your CI/CD pipeline

The benefits of application security (AppSec) tool integration in the continuous integration/continuous delivery (CI/CD) pipeline are greater the earlier (the “further left”) you perform them in the process. Development organizations are continuing to shift left to implement security earlier in the CI/CD pipeline. But software security group leaders need to know where AppSec tools should go in the CI/CD workflow, and their purposes in different phases.

Case Study - Spearphishing Compromises Fuel Chain Credit Card Transactions, Ends in Ransomware

Credit card attacks typically target point of sale (PoS) terminals at retail locations such as stores, restaurants and hotels. In the early stages of the COVID-19 pandemic, in-person retail activity greatly diminished, forcing criminals to seek other targets and to virtualize their operations.

ZenGRC Named 2021 Governance, Risk and Compliance Emotional Footprint Award Champion

SAN FRANCISCO – February 4, 2021 – Reciprocity announces today that ZenGRC, the industry-leading information security risk and compliance solution, was named 2021 Governance, Risk and Compliance Emotional Footprint Award Champion by Info-Tech Research Group’s SoftwareReviews. The Champion designation is awarded to the vendors that receive top user scores.