Year after year we look at the trends and likely scenarios which will shape the email security landscape. In 2019, radical reorganization of the cryptocurrency market may change the way threat actors make financial demands, while email fraud moves from spoofing identities to using stolen identities, making it more effective and harder to detect.

Sandbox environments are a common feature of many cybersecurity solutions in their fight against advanced malware. Firewalls, endpoint protection, and even next-generation machine learning systems use sandboxes as one of their lines of defense. However, not all sandboxes are created equal.

Today, the healthcare industry has become prone to cyber-attacks, just like in any other sector. One notable fact within all those fields is the similarities in existing as well as emerging threats. At the same time, there is an increasing need for organizations to reassure their customers and regulators that their networks and systems have incorporated adequate security measures. One way of achieving this goal includes complying with various recognized security standards and frameworks.

Companies in highly regulated industries are forced to adopt one or more frameworks in order to meet compliance initiatives. There are over 200 security frameworks, regulations, standards and guidelines to choose from that could impact your business at any given time. In no particular order, below are the top security controls frameworks that are pervasive throughout our security industry along with some unique facts about each framework.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Being a popular tool, I do find it odd that while faults in Zip files have been known for a long time, WinRAR has only just been identified with similar issues. Well, better late than never I suppose.

Deploying an application on Kubernetes can require a number of related deployment artifacts or spec files: Deployment, Service, PVCs, ConfigMaps, Service Account — to name just a few. Managing all of these resources and relating them to deployed apps can be challenging, especially when it comes to tracking changes and updates to the deployed application (actual state) and its original source (authorized or desired state).

Gone are the days when our greatest inklings of insider threats were employees who never wanted to take vacation and did everything to avoid letting others see the financial records they were maintaining. Today, insider threats come in a concerning variety of forms with consequences often exceeding millions of dollars. As time passes, more industries than ever before are feeling the sting of security incidents and breaches stemming from their very own trusted employees and partners.

Given you’re here, you’re likely new to this topic, so please be aware in that fileless malware, fileless malware attack, and fileless attack are different words for the same thing. With that clear, let’s jump in!

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.