Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Vanta deepens HITRUST partnership with MyCSF integration

As the security expectations of customers grow and the regulatory landscape gets more complex, businesses are recognizing the value of investing in and demonstrating security. As the demand for proving compliance grows, so does the demand for HITRUST, given its reputable assessment process. ‍ Achieving HITRUST certification involves demonstrating compliance with a detailed set of controls designed to manage and mitigate information security risks.

SOC Visibility Triad: R.I.P. or Rebirth?

The SOC Visibility Triad was defined by Dr. Anton Chuvakin at Gartner almost 10 years ago when the cloud was in its early stages. As the shift to highly dynamic, multicloud environments became mainstream over the last few years, some have argued that the “Triad” should be put to rest since it no longer can ensure the visibility needed to maintain effective security across these modern architectures.

How to Prevent and Defend Against Spoofing Attacks

In this age of computers and the internet, cyber risks like spoofing attacks are getting smarter and more harmful. Spoofing is when cybercriminals pretend to be legitimate entities, like companies, people, or websites, in order to trick people into giving up private information or doing malicious activities. Spoofing has big effects, ranging from losing money to having a bad image. Over 90% of phishing attacks happen because of email spoofing alone.

How Bots Exploit Seasonal Bot Traffic to Bypass Defenses

The battle between bots and anti-bot tools is a relentless arms race. Bot operators constantly develop new ways to outsmart defenses, and defenders adapt to counter those tactics. As one side evolves, the other quickly follows suit. This ongoing conflict has grown more intricate over the years. Initially, bots mimicked traits like browsers, IPs, user agents, and mouse and keyboard inputs used by human visitors. These tricks sufficed to bypass primitive defenses.

Become The Master Of Disaster: Disaster Recovery Plan for DevOps

Ensuring business continuity requires more than just robust pipelines and agile practices in DevOps. A well-designed Disaster Recovery Plan is critical to mitigate risks, recover swiftly from failures, and ensure your data and infrastructure integrity. Contents hide 1 Are there any myths related to DR in DevOps?

API Security is Not a Problem You Can Solve at the Edge

In today’s interconnected digital ecosystems, traditional security mechanisms like Web Application Firewalls (WAFs), API gateways, and Content Delivery Networks (CDNs) act as enforcement points. Think of them as bouncers at the entrance of a high-profile nightclub—they decide who gets in and who doesn’t. However, relying solely on these edge solutions to secure APIs is like assuming a bouncer can stop someone sneaking in through a side door or an open window.

New Yokai Side-loaded Backdoor Targets Thai Officials

DLL side-loading is a popular technique used by threat actors to execute malicious payloads under the umbrella of a benign, usually legitimate, executable. This allows the threat actor to exploit whitelists in security products that exclude trusted executables from detection. Among others, this technique has been leveraged by APT41 to deploy DUSTTRAP and Daggerfly to deliver Nightdoor backdoor.