Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Here we provide an overview of the ISO 27001 audit process, so companies can embark on it with a clear idea of what it entails, and how they stand to benefit.

These days, we use Gmail for everything from customer service to telehealth. Over time, your Gmail account might become a treasure trove of sensitive PII, PCI, PHI, and passwords that hackers can leverage. In fact, as of this year, just under half of all data breaches involve email. So, what can you do to protect your inbox? Enter: email encryption.

If your organization runs on Microsoft Active Directory, you rely on one or more domain controllers to keep AD operations going. On the surface, Active Directory seems to run on a peer-to-peer models in which every domain controller (DC) has the authority to create, modify, and delete AD objects. That is because every domain controller holds a writable copy of its domain’s partition, the only exception being read-only DCs.

Welcome back to the next blog in our Evolution of Scalping series. During our last blog we covered the landmark case that exposed the power of automated purchasing – Wiseguy Tickets. We detailed their operation and their use of bots, which allowed them to snatch up huge volumes of available tickets for high-demand events.

We’ve talked a lot on this blog about protecting controlled unclassified information, and we’ve mentioned in places some other kinds of information, like classified and secret information, covered defense information, and other protected information. There’s one thing all of this information has in common: it’s generated by the United States government.

On July 19, 2024, CrowdStrike released configuration updates for its Windows sensor, aiming to enhance security and performance. Unfortunately, this update inadvertently led to widespread downtime, manifesting as Blue Screen of Death (BSOD) on millions of machines worldwide. The BSOD, a critical system error screen, halts all operations, rendering affected systems inoperable until resolved.

In the ever-evolving field of information security, curiosity and continuous learning drive innovation. This blog series is tailored for those deeply engaged in experimental projects, leveraging Rust's capabilities to push the boundaries of what's possible. The focus on Rust, after exploring various programming languages, has led to the creation of several cutting-edge projects that are highlighted in this report.

This month, the Vanta team launched new features to help you: ‍

In April this year, the CISA Secure By Design initiative turned one. The initiative calls for the public and private sectors to work together to challenge and encourage software manufacturing companies to adopt principles to ensure their software is developed and produced as securely as possible. The initiative tracks seven goals that software manufacturers can pledge to develop and transparently track progress towards those goals.

The Security of Critical Infrastructure (SOCI) Act in Australia mandates that organizations operating within critical infrastructure sectors implement robust cybersecurity measures to protect against an increasingly diverse and sophisticated range of cyber threats. These sectors, which include energy, water, communications, healthcare, transport, and other essential services, are vital to national security, public safety, and economic stability.