Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The spread of the remote workforce and the growth of digital transformation has exponentiated the number of login-based attack vectors. While multi-factor authentication (MFA) generally protects against common methods of gaining unauthorized account access, not all multi-factor authentication methods can defend against sophisticated attacks. To achieve full zero-trust access, MFA is being replaced by phishing-resistant MFA and the standards that define it.

Digital transformation has reached all sectors, including non-governmental organizations (NGOs). These organizations have now become more dependent on technology to improve their ability to deliver and scale programs, engage with beneficiaries, and ensure an agile response to populations in need. Although this transformation delivers many benefits for NGOs, it has made them a viable and attractive target for cybercriminals.

NextGen Healthcare is an Atlanta-based healthcare services company that helps hospitals and health practices manage health record data electronically. The company was founded in 1973 and manages data for millions of different patients throughout the United States. With so many patients relying on the same service, this company is a huge security vulnerability since it suffered from a major data breach.

Major data breaches seem to be occurring more and more frequently, and we have some huge names on the list of impacted companies this week, including the US Government, Toyota, and Intel. We were also concerned with services in our hospitals and our schools being breached, giving up patient, student, and teacher data in the process through the breach of companies like SchoolDude and NextGen Healthcare.

The CD Foundation and OpenGitOps communities joined forces in Vancouver to create cdCon + GitOpsCon for a conference about the future of DevOps tools and best practices.

USB, hardware, or cryptographic tokens are portable devices that securely store cryptographic keys. These tokens typically connect to a computer or other devices via USB. USB tokens offer a compact and convenient solution for storing and protecting sensitive cryptographic keys, certificates, and other credentials. They are designed to provide strong encryption, tamper-resistant hardware, and secure key storage.

Nowadays, the final product of most Git repositories is a Docker image, that is then used in a Kubernetes deployment. With security being a hot topic now (and for good reasons), it would be scanning the Docker images you create in the CI is vital. In this piece, I’ll use GitHub Actions to build Docker images and then scan them for security vulnerabilities. The Docker image built in the CI is also pushed to GitHub’s Docker registry.

People who don’t have a password manager often struggle with forgetting their passwords and having to reset them when attempting to log in to their online accounts. This is frustrating, time-consuming and leads to a loss in productivity. A password manager enhances your productivity since it remembers passwords for you, aids you in generating strong passwords and autofills your login credentials, saving you time to focus on more important tasks.

In a previous memo, I mentioned the discovery, made by researchers at Kaspersky, of an active campaign carried out by an advanced threat actor since 2021, targeting multiple organizations in the regions of Donetsk, Lugansk, and Crimea. One of the noteworthy aspects of this campaign was undoubtedly the usage of a new backdoor, called PowerMagic, characterized by the exploitation of the popular cloud storage services, Dropbox and OneDrive, as the command and control infrastructure.

If you use Microsoft SharePoint, OneDrive, or Exchange Online to store and share your business content, you may be wondering how to protect it from unauthorized access, data breaches, or compliance violations. That's where Egnyte comes in. As a source-agnostic data governance and collaboration solution, Egnyte integrates with Microsoft Office Online, Office Mobile, and SharePoint Online to provide a seamless user experience and powerful workflows for opening, editing, sharing, and securing files.