Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Social engineering has long been a popular tactic among cybercriminals. Relying exclusively on information security tools does not guarantee the safety of an IT infrastructure these days. It is critically important to enhance the knowledge of employees regarding information security threats. Specifically, there is often a pressing need to educate employees about phishing. But how could phishing awareness training go wrong, and what can be done about it?

When working with security teams and application security analysts, the new world of low-code/no-code development presents new questions that invariably begin with ‘where do we start?’ With so many new applications, automations, and more that are introduced to the corporate environment, it can seem like an endless pit of concerns about data flows, user permissions and potential security risks introducing my organization that need to be analyzed and brought under management.

IBM Security has released its annual Cost of a Data Breach Report, revealing that the global average cost of a data breach reached $4.45 million in 2023. This marks a significant increase of 15% over the past 3 years, making it the highest recorded cost in the history of the report. Notably, detection and escalation costs have seen a substantial rise of 42% during the same period, indicating a shift towards more complex breach investigations.

While perhaps new to AI researchers, supply chain attacks are nothing new to the world of cybersecurity. For those in the know, it has been best practice to verify the source and authenticity of downloads, package repositories, and containers. But human nature usually wins. As developers, our desire to move quickly to improve ease of use for users and customers can cause us to delay efforts to validate the software supply chain until we are forced to by our peers in compliance or security organizations.

Ransomware impersonates Sophos, FIN8 group uses modified backdoor to deliver BlackCat ransomware, and Chinese espionage actors continue to evolve.

In today’s digital landscape, the need for real-time communication has never been greater. For engineers in IT teams and service desk analysts, the ability to exchange information swiftly and effortlessly can make all the difference in resolving critical issues, brainstorming solutions, and fostering a productive work environment.

Microsoft have renamed its cloud-based identity provider from Azure Active Directory to Microsoft Entra ID. Alongside this announcement, Microsoft also introduced Entra Internet Access and Entra Private Access services, which are currently available for public preview. The purpose of this rebranding effort by the tech giant is to streamline the product names and create a cohesive product family.

The National Student Clearinghouse is a verification tool used by educational establishments around the country to verify students are who they say they are. More than 3,600 colleges rely on the services of the organization founded in 1993. A huge number of students rely on the organization to process their information, and some of that data was taken in a recent breach.

Modern enterprises are fraught with dangers and vulnerabilities that were rare even a decade ago. Cyber threats are becoming more frequent and sophisticated, and even the most secure organizations are falling victim to their attacks. In this landscape, a proactive security stance is crucial. That is where the 3Rs of enterprise security — Rotate, Repave, and Repair — offer your organization a critical advantage.

On June 15, 2023, the residents of Spring Valley, IL woke up to the sobering news that St. Margareth’s Health hospital, one of only a few hospitals in the region, would be closing. The cause of the closure? A devastating cyberattack. After falling prey to cybercriminals, the hospital’s personnel were unable to submit claims to insurers, Medicare or Medicaid for months, which ultimately spelled its financial doom. The St. Margareth’s incident is not an outlier.