In April this year, the CISA Secure By Design initiative turned one. The initiative calls for the public and private sectors to work together to challenge and encourage software manufacturing companies to adopt principles to ensure their software is developed and produced as securely as possible. The initiative tracks seven goals that software manufacturers can pledge to develop and transparently track progress towards those goals.

This month, the Vanta team launched new features to help you: ‍

In the ever-evolving field of information security, curiosity and continuous learning drive innovation. This blog series is tailored for those deeply engaged in experimental projects, leveraging Rust's capabilities to push the boundaries of what's possible. The focus on Rust, after exploring various programming languages, has led to the creation of several cutting-edge projects that are highlighted in this report.

On July 19, 2024, CrowdStrike released configuration updates for its Windows sensor, aiming to enhance security and performance. Unfortunately, this update inadvertently led to widespread downtime, manifesting as Blue Screen of Death (BSOD) on millions of machines worldwide. The BSOD, a critical system error screen, halts all operations, rendering affected systems inoperable until resolved.

We’ve talked a lot on this blog about protecting controlled unclassified information, and we’ve mentioned in places some other kinds of information, like classified and secret information, covered defense information, and other protected information. There’s one thing all of this information has in common: it’s generated by the United States government.

Welcome back to the next blog in our Evolution of Scalping series. During our last blog we covered the landmark case that exposed the power of automated purchasing – Wiseguy Tickets. We detailed their operation and their use of bots, which allowed them to snatch up huge volumes of available tickets for high-demand events.

If your organization runs on Microsoft Active Directory, you rely on one or more domain controllers to keep AD operations going. On the surface, Active Directory seems to run on a peer-to-peer models in which every domain controller (DC) has the authority to create, modify, and delete AD objects. That is because every domain controller holds a writable copy of its domain’s partition, the only exception being read-only DCs.

These days, we use Gmail for everything from customer service to telehealth. Over time, your Gmail account might become a treasure trove of sensitive PII, PCI, PHI, and passwords that hackers can leverage. In fact, as of this year, just under half of all data breaches involve email. So, what can you do to protect your inbox? Enter: email encryption.