Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Data security policies are most often targeted around insider threats and external attackers, but your distributors can equally put intellectual property (IP) protection and other sensitive data at risk. IP is arguably a business’s most valuable asset and can take the form of product designs, software code, media content, etc. Protecting your IP is important because it allows your business to maintain a competitive edge in the market and generate revenue from your innovation.

Threat modeling is a critical part of building high-performing, secure systems. It is responsible for “analyzing representations of a system to highlight concerns about security and privacy characteristics.”1 Creating an effective threat model involves two main steps: system modeling to map out all existing system components and the relationships between them, and threat elicitation to identify areas in the system that could be vulnerable to a security issue.

Cybercriminals are sneaky. They know that the weakest link in an organization’s cyber defenses is its supply chain. In fact, supply chain attacks are now the avenue of choice for hackers. Consider the facts.

Your best mobile apps might turn into the worst ones if you neglect the security domain during the development of your app because the vulnerabilities that creep in make the apps more prone to attacks. Cybersecurity Ventures predicts that if cybercrime were an independent country, it would become the world's third-largest economy by 2025.

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The California Privacy Rights Act (CPRA) was passed in November 2020. It amends the 2018 California Consumer Privacy Act (CCPA) introduced in response to rising consumer data privacy concerns.

Software-as-a-service (SaaS) applications have become an integral part of modern enterprise operations. According to a recent report by Gartner, the worldwide public cloud services market is projected to grow to $591.8 billion in 2023, up 20.7% from $490.3 billion in 2022, with SaaS being the largest market segment representing about 33% of the market.

CrossLock is a ransomware group that emerged in April 2023, targeting a large digital certifier company in Brazil. This ransomware was written in Go, which has also been adopted by other ransomware groups, including Hive, due to the cross-platform capabilities offered by the language. CrossLock operates in the double-extortion scheme, by threatening to leak stolen data on a website hosted on the deep web if the ransom isn’t paid by the victim.

If you have opened this blog post, you are surely seeking an answer to what is Code Signing. Code Signing Certificates are digital certificates used to authenticate the identity and company of the software publisher; to confirm the integrity of the software. Public Key Infrastructure (PKI) technology is used to secure the digital distribution of software. PKI also safeguards other executable files by signing them with a digital signature.

There are about 90 DNS resource record types (RR) of which many of them are obsolete today. Of the RR’s used, DNS TXT record offers the most flexibility in content by allowing user defined text. The TXT record initially designed to hold descriptive text (RFC 1035) is widely used for email verification, spam prevention and domain ownership verification.

Think of all the different points within your organization that provide access to information. That could be your website, the mobile version of your application, your Slack instance, and so much more. It’s a list that gets very long, very quickly. All of those endpoints, both physical and digital, make up the attack surface of your organization.