Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CrowdStrike customers tend to stay with CrowdStrike, typically starting with endpoint detection and response (EDR), then expanding to other attack surfaces as they consolidate their cybersecurity with the CrowdStrike Falcon® platform. But what happens when a business that uses and trusts CrowdStrike is forced to adopt Microsoft Defender due to a divestiture? That’s exactly what happened to this CrowdStrike customer, a major American retailer.

Cyberattacks evolve daily, and defenders are forced to adapt at the same rate. Cybersecurity best practices, however, are updated and codified much less frequently. There is broad experimentation in the field, and it takes some time for authoritative working groups to sort out which new practices and controls are practical and consistently effective for a large cross-section of users. Some guidelines and standards are updated every year or two and others much less frequently.

If you didn't trust contactless payment processors before, you really won't after hearing about this recent scam. The Aurora Police Department Economic Crimes Unit posted this tweet last week with a warning: Source: Twitter In a statement by Aurora Police Sergeant's Dan Courtenay on how cybercriminals obtain the user data to FOX31, “Now they have Bluetooth, where they can just sit in the parking lot of the gas station and it feeds right onto their laptop,” Courtenay said.

Threat actors continue to use generative AI tools to craft convincing social engineering attacks, according to Glory Kaburu at Cryptopolitan. “In the past, poorly worded or grammatically incorrect emails were often telltale signs of phishing attempts,” Kaburu writes. “Cybersecurity awareness training emphasized identifying such anomalies to thwart potential threats. However, the emergence of ChatGPT has changed the game.

On September 7, 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) impacting macOS, iOS, iPadOS, and watchOS products that was used in a zero-click exploitation chain by the NSO Group. Shortly after, on September 11, 2023, Google released an update to fix a buffer overflow vulnerability (CVE-2023-4863) in Google Chrome, which was reported by Apple’s Security Engineering and Architecture (SEAR) and Citizen Lab.

On September 27, 2023, Progress Software released a security advisory detailing multiple vulnerabilities in their WS_FTP Server product, including two with a critical severity rating. CVE-2023-40044 (CVSS 10) is a deserialization vulnerability that affects the Ad Hoc Transfer module and could allow a threat actor to obtain remote code execution if successfully exploited.

A New World: The Cloud and Statistical Computing For biotechs, statistical computing has traditionally required complex on-premises infrastructure. Configuring servers and storage for data science became cumbersome and fluctuating project needs made scaling a headache. An immediate solution was needed, especially considering the complex needs of biostatisticians and data scientists alike. Enter The Cloud Enter the cloud revolution.

In an era of rapid digital transformation, where remote work, cloud adoption, and IoT proliferation are reshaping the modern enterprise landscape, the need for a robust and flexible network infrastructure has become paramount. Enter secure access service edge, or SASE, a revolutionary approach that seamlessly integrates network and security functions to meet the demands of the modern business environment.

The safest way to send your Social Security number (SSN) is by using a password manager. A password manager is a tool used to keep passwords and other sensitive data secure at all times. A little-known benefit to password managers is that in addition to generating and storing strong passwords, they also aid users in securely sending sensitive information such as Social Security numbers, MFA codes, home deeds, identification cards and more.

Getting compliant can be a time-consuming and tedious process when done manually. That’s why thousands of businesses use Vanta to automate up to 90% of the work needed to comply with security and privacy frameworks. ‍ Why do companies choose Vanta? They’re looking to unlock business growth and expand into new markets or larger accounts, streamline their compliance processes, and strengthen their security posture to earn trust with stakeholders.