With cyberattacks growing in scale and complexity, it has never been more difficult to figure out where to invest your time and defensive resources. This remains the core challenge of optimizing an effective security organization. A good prioritization approach should be data-driven, and informed by real attacker activity.

Over the years, there have been countless cases of HIPAA (Health Insurance Portability and Accountability Act) violations, which can result in significant financial penalties. Most are directly linked not to accidental employee misconduct or malicious intent but to a lack of understanding of HIPAA standards by healthcare organizations. Most cases involve poor implementation of security controls or lack of risk assessment auditing, to save money and avoid costly auditing.

Red Hat OpenShift is an enterprise Kubernetes container platform. It lets you build Docker images and use them to deploy your applications on a cloud-like environment (even if it’s not really on the cloud, rather a simulated cloud environment). Images built in OpenShift can be easily pushed into JFrog Artifactory – JFrog’s leading universal repository manager.

On December 9, 2021, Apache upended the cybersecurity industry by publishing a zero-day vulnerability (CVE-2021-44228) for its ubiquitous Log4j logging utility. Dubbed Log4Shell, the remote code execution flaw (CVSS score:10) allows an attacker to take control of a connected device and run malicious code, access sensitive data or alter its configuration. Because Logj4 is free and easy-to-use, it’s embedded (often deeply) in Java applications used by IT and OT platforms worldwide.

Recent advancements in machine learning, the latest on Black Proxies, and the DHS Cyber Safety Board’s plan to review Lapsus$ gang’s hacking tactics.