Wallarm introduced its ongoing Open Source API Firewall project to the world at the recently concluded Blackhat Asia 2024 conference in Singapore. The open-source API Firewall by Wallarm is a free, lightweight API Firewall designed to protect REST and GraphQL API endpoints across cloud-native environments using API schema validation. By relying on a positive security model, our API Firewall only allows calls that match a predefined API specification while rejecting everything else.

From Uber in 2016 to Okta in 2023 to Sisense in 2024, it’s evident that there’s a pattern behind the tech industry’s most devastating breaches: Data sprawl. Let’s dive into how data sprawl played a part in last week’s Sisense breach, as well as how security teams can be proactive in defending against similar attacks.

This is the final installment of our Microsoft Copilot for Security blog series. Over the past eight weeks, our weekly blog helped various cyber security groups see possible use cases for Microsoft Copilot for Security. This final blog explores how AI and Microsoft Copilot for Security can assist external auditors and consultants in interacting with Microsoft Purview. Azure Policy and Microsoft Purview work together to ensure the proper governance and compliance of data assets.

Developers are responsible for mitigating risk of web applications through secure software development. This requires a culture of secure software development, which can be promoted with tactics that engage developers in the security process.

As businesses transition to hybrid and multi-cloud setups, vulnerabilities arising from misconfigurations and security gaps are escalating, attracting attention from bad actors. In response, the US National Security Agency (NSA) issued a set of ten recommended mitigation strategies, published earlier this year (with support from the US Cybersecurity and Infrastructure Security Agency on six of the strategies).

Penetration testing, or pen testing for short, is a critical way to protect IT systems and sensitive data from malicious activity proactively. This guide provides a comprehensive overview of how this technique works, business benefits, its types, methodologies, costs, and everything in between.

A malicious code, commonly known as malware is simply a software created to harm computer systems and applications, make changes to networks, and the victim completely unaware. Unlike accidental security flaws and applications’ configuration failures, which are occurring because of irrelevant mistakes like coding mistakes or other mistakes during development activities, deliberate code is purposely designed in order to cause some harm.

Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and cost-effective platform that helps businesses drive growth and innovation. However, as organizations migrate to the cloud, they face a complex and growing threat landscape of sophisticated and cloud-conscious threat actors.

This is Part 8 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here. If your organization has computers, and I’m sure it does, then it's likely it has an Endpoint Detection and Response (EDR) solution installed. Since the capabilities of EDR solutions have changed over the years, it’s recommended to re-evaluate the solution’s features periodically to ensure it is up to date.

A new survey of physicians details the devastating impact of the Change Healthcare cyber attack on the healthcare sector. In February, a cyber attack on Change Healthcare brought much of the U.S. healthcare system to a halt. The revenue and payment cycle management provider is central to connecting payers, providers and patients within the U.S. healthcare system to ensure payments are made.