Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Malicious Actors and Medical Data: Where Are We Heading?

Data is the hottest commodity in town, particularly on the dark web. But there’s one type of file that hackers are most interested in: your medical data. Whereas a credit card number or Social Security number can net a criminal $1-$15 depending on the data type, medical records can sell for the equivalent of $60 each (in Bitcoin). What’s more, the theft of these files isn’t uncommon. Despite U.S.

15 Considerations for Cybersecurity Risk Management

Each year brings new cybersecurity threats, data breaches, attack vectors, and previously unknown vulnerabilities. Even with zero-day vulnerabilities like EternalBlue, the approach to dealing with cyber threats is the same: sound risk management framework with a systematic approach to risk assessment and response. Cybersecurity risk management takes the idea of real-world risk management and applies it to cyber risks.

Phishing attacks exploit YouTube redirects to catch the unwary

Attackers are increasingly exploiting the fact that email gateways turn a blind eye to links to popular sites such as YouTube, in order to phish passwords from unsuspecting computer users. Researcher Ashley Trans of Cofense highlighted the threat in a blog post describing a recent phishing campaign. In the attack, an unsuspecting user receives an email which purports to come from SharePoint, claiming that a new file has been uploaded to his company’s SharePoint site.

Build your own API client in Node.js

When you interact with a REST API, are you making calls directly or are you using a client from the API provider? Many APIs now provide clients, wrappers, or SDKs. These terms all mean the same thing in this context. What happens if the API you are using doesn't offer a client? Do you even need one? Is there any benefit? In this article, we will explore some of the reasons you may want to build one.

Inherent Risk in the Retail Industry: What You Should Know

The retail industry is undergoing an incredible transformation as emerging technologies, omnichannel shopping, as well as digital and social media, compel organizations to figure out how to operate more efficiently and better accommodate customers. Leaders of companies in the retail industry understand the importance of the digital forces at work in the sector and are looking more closely at the inherent risks these digital forces present.

CASB vs Cloud SIEM for SaaS Security

Today’s businesses spend more money on SaaS tools than on laptops. On average, today’s employees use a minimum of eight different SaaS tools. The security implications of this robust cloud landscape cannot be neglected and we trust you are fully aware of it already. As an IT leader, you are responsible for keeping your company’s cloud infrastructure secure, but with the multitude of cloud apps businesses use on a daily basis, you have less and less control of that security landscape.

What is Role-Based Access Control (RBAC)? Examples, Benefits, and More

Role-based access control (RBAC), also known as role-based security, is an access control method that assigns permissions to end-users based on their role within your organization. RBAC provides fine-grained control, offering a simple, manageable approach to access management that is less error-prone than individually assigning permissions. This can reduce cybersecurity risk, protect sensitive data, and ensures that employees can only access information and perform actions they need to do their jobs.

The Expert's Guide on Tackling the Cybersecurity Skills Gap

The skills gap is weighing heavily on the minds of digital security team members. In a survey of 342 security professionals, Tripwire found that 83% of infosec personnel felt more overworked in 2020 than they did a year earlier. An even greater percentage (85%) stated that it had become more difficult for their organizations to hire skilled security professionals since then.

MITRE Releases an Update to The Common Weakness Enumeration (CWE)

MITRE has been doing exceptional work in advancing cybersecurity as a public good, and it is an excellent resource for security professionals. Possibly best known for their ATT&CK Framework, a rich source of adversarial tactics and techniques and their mitigations, MITRE is also known for another resource: the Common Weakness Enumeration (CWE). The CWE is a community initiative sponsored by the Cybersecurity and Infrastructure Security Agency (CISA).