Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Vitality Group, LLC, a business-to-business vendor that provides employee benefit services to GuidePoint Security, experienced a security vulnerability on May 30, 2023 relating to the third-party file transfer program called MOVEit. The zero-day vulnerability became known in established security networks and channels late on May 31, 2023, and was specifically picked up and identified by internal Vitality security personnel on June 1, 2023.

By now you’ve heard about the new cybersecurity rules from the U.S. Securities and Exchange Commission (SEC) requiring public companies to report material cybersecurity incidents and disclose critical information related to cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

DevSecOps best practices are increasingly being adopted to secure software supply chains. The challenge is finding ways to optimize these processes. Here are seven key considerations to help you adopt a successful and secure DevSecOps methodology.

GhostSec has reported a successful breach of the FANAP Behnama software, which they describe as the “Iran regime’s very own Privacy-invading software”. This breach has resulted in the exposure of approximately 20GB of compromised software. The group alleges that the Iranian government employs the software for citizen surveillance, representing a significant advancement in the nation’s surveillance capabilities.

In today’s hybrid environments, delivering a consistent application experience across clouds, securely, and reliably has become an imperative. The A10 Thunder® Application Delivery Controller (ADC), which comes in multiple form factors, provides the security, performance and availability required for applications in a hybrid cloud infrastructure.

What do you know about how to use Google SIEM? You can read about implementing these managed security services into your company's network protocols.

As the number and severity of cybersecurity attacks rise each year, organizations are compelled to look for measures to protect sensitive data. The abundance of cybersecurity solutions on the market may create confusion and pressure, as choosing the wrong one may lead to security gaps. Many companies turn to data loss prevention (DLP) systems, since they have been on the market for years. But is a DLP system enough to protect your data?

Many API-related breaches do not result from sophisticated attackers or diligent security researchers but stem from improper API design and implementation. Recent incidents at Clubhouse, John Deere, and Experian serve as examples, highlighting the consequences of neglecting basic API security practices. To safeguard against security risks, comprehensive API security testing becomes essential, ensuring APIs align with published specifications and are resilient to malicious inputs and attacks.

TL;DR - The future of finance is intertwined with artificial intelligence (AI), and according to SEC Chair Gary Gensler, it's not all positive. In fact, Gensler warns in a 2020 paper —when he was still at MIT—that AI could be at the heart of the next financial crisis, and regulators might be powerless to prevent it. AI's Black Box Dilemma: AI-powered "black box" trading algorithms are a significant concern.

Law firms are being targeted by a large number of social engineering attacks involving the Gootloader malware delivery tool, according to researchers at Trustwave. “Recently, we’ve seen a noticeable surge in malware cases linked to a malicious payload delivery system known as Gootloader,” the researchers write. “The group behind this malware is believed to operate a malware-as-a-service operation, exclusively providing a malware delivery service for other threat actors.