The public sector consists of organizations owned and operated by the government. It provides services deemed necessary for society’s welfare. Most services offered through the public sector are typically for free or at a reduced cost. The public sector does not include organizations that are voluntary or private.
You’ve probably watched at least one movie or TV show where a hacker sneaks into someone’s house, finds a computer, and then guesses the password on the first try. They then declare, “I’m in!” before downloading reams of sensitive data.
In Part 1 of this four-part blog series examining wiper malware, the CrowdStrike Endpoint Protection Content Research Team introduced the topic of wipers, reviewed their recent history and presented common adversary techniques that leverage wipers to destroy system data. In Part 2, the team dove into third-party drivers and how they may be used to destroy system data.
As all software publishers are concerned about their code integrity and reputation, they select the best code signing certificate provider. Still, some search for the free code signing certificate. Now, you must be thinking, is there anything like a free code sign certificate. And, if it is, then from where you can avail of it. Code Signing Certificate is an integral part of executable files. And mainly, a publisher purchases it from an authorized vendor and provider.
2022 began with successful ransomware attacks against global IT and digital transformation providers, no thanks to the notorious LAPSUS$ ransomware gang. Often, any discussion about ransomware impact has mostly centered on affected organizations. Rightly so, as victimized organizations usually suffer significant disruption to their operations. In 2021, the US Federal Bureau of Investigation received 3,729 complaints identified as ransomware.
LockBit (a.k.a. ABCD) emerged in September 2019 and became one of the most relevant RaaS (Ransomware-as-a-Service) groups among others like REvil, BlackMatter, Night Sky, Maze, Conti and Netwalker. The group targets many organizations around the world with a double-extortion scheme, where the attackers steal sensitive data and threaten to leak everything if the ransom is not paid.
On September 12, the FBI released a private industry notification entitled “Unpatched and Outdated Medical Devices Provide Cyber Attack Opportunities.” The notification underscores how a growing number of vulnerabilities in medical devices and Internet of Medical Things (IoMT) assets can be exploited by threat actors to “impact healthcare facilities’ operational functions, patient safety, data confidentiality and data integrity.”
Cyber hygiene has become a highly visible topic in all business segments. Creating software and new features happens at a very fast pace — requiring lots of internal processes and operations to keep this up to date. However, it's also very important to be concerned with the fundamentals of information security in order to keep the company's digital assets protected. In this post, we'll discuss in detail the concept of cyber hygiene and some good practices to follow.
As a developer, DevOps engineer, Infrastructure & Operations lead, or similar, you are on the frontlines of application security. You are also on the frontlines of performance, functionality, stability, user experience…the list goes on. Often it seems like security is just one more requirement, one more box to check, one more obstacle between you, your deadline, and what you really care about. But I see it differently.
