Yet another company has been found lacking when it comes to securing its consumers’ data. Utah-based InfoTrax Systems provides back-end services to multi-level marketing companies (MLMs) such as dōTERRA, ZanGo, and LifeVantage, providing website portals where individuals can register as a distributor, sign-up new distributors, and place orders for themselves and end consumers.
Vendor risk management is the practice of governing third-party access to company data. This is a critical aspect of an organization since vendors view your business information when providing their services. For some, this can turn into a severe vulnerability that can lead to data breaches. In fact, in the past five years, vendors like Home Depot and Target were responsible for those incidents, as reported by Forbes.
I really enjoy Shira Rubinoff's videos, and captured one of them in case you prefer reading to watching videos. Please find snippets of this commentary in the AT&T Cybersecurity video series with Shira Rubinoff interviewing me recently.
It’s not easy for an organization to implement the International Organization for Standardization (ISO) 9001 and obtain an ISO certification for the standard. But just because you’ve achieved ISO 9001:2015 (the latest version) certification, doesn’t mean your work is done. That’s because your company has to be continually audited to ensure it still meets the requirements of the ISO 9001 standard.
Google Cloud Run is a serverless compute platform that automatically scales your stateless containers. In this post we are going to showcase how to secure the entire lifecycle of your Cloud Run services. Sysdig provides a secure DevOps workflow for Cloud Run Platforms that embeds security, maximizes availability and validates compliance across the serverless lifecycle. Sysdig Secure Devops Platform is open by design, with the scale, performance and usability enterprises demand.
Data security is the process of protecting sensitive data from unauthorized access and corruption throughout its lifecycle. Data security employs a range of techniques and technologies including data encryption, tokenization, two-factor authentication, key management, access control, physical security, logical controls and organizational standards to limit unauthorized access and maintain data privacy.
If you work in IT – and even if you don’t – you’re probably aware of the huge shortage of cybersecurity professionals. Most companies are desperate for analysts trained to protect their valuable data from theft. On the surface, then, the future of the job market for cybersecurity seems bright. Look a little deeper, though, and you’ll see that this headline hides a lot of complexity.
Threat hunting practices are gaining much more importance as hackers and cyber threats focus on improving their stealth. As a result, it is essential for organizations to take on a proactive stance on threat hunting. Continue reading to learn how you can manage that. What is threat hunting? Threat hunting is one of the fundamental cyber security practices. It aims to detect stealthy attacks and threats that go undetected by the traditional security measures.
Researchers have detected a new ransomware family they’re calling “PureLocker” which attackers are using to target enterprises’ production servers. Intezer detected a sample of the ransomware masquerading as the Crypto++ C++ cryptography library. In their analysis of the sample, they noticed something unusual when they saw that alleged library contained functions related to music playback.
How many times has a vendor released a critical cybersecurity patch for an operating system that is in “end of life” (EOL), or the lifecycle period where the vendor no longer issues patches for bug fixes, operational improvements and cybersecurity fixes free of charge? So if a vendor takes the time and resources to break this freeze and issue a patch for an EOL operating system like it did in response to BlueKeep, what does it tell you?
