Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Whether it’s ransomware, business email compromise (BEC), or phishing attempts, the number of cyber attacks keeps rising year after year. While there’s solid data on the volume, there’s a caveat, which is that organizations don’t want to disclose that they’ve suffered a data breach. According to Arctic Wolf’s “The State of Cybersecurity: 2023 Trends” report, 50% of organizations experienced a breach in the past year — the same odds as flipping a coin.

NorthStar Emergency Medical Services is an ambulance service based in Searcy, Arkansas. The company manages three EMS stations in the surrounding area and helps patients get the emergency help they need rapidly. This service provider takes medical information from patients it serves, and it may have just exposed tens of thousands of its past patients to internet hackers in a recent data breach incident.

Ransomware as a Service (RaaS) has been a growing trend in recent years, enabling anyone with an internet connection to become a hacker. In the past, launching a ransomware attack required a high level of technical expertise, but RaaS has lowered the barrier to entry, making it easier for anyone to launch a ransomware attack. So, how does RaaS work, and what are the implications for businesses and individuals?

A new critical vulnerability impacting Microsoft Outlook (CVE-2023-23397) was recently published by Microsoft. The CVE is particularly concerning as no user involvement is required by the exploit. Once a user receives a malicious calendar invite, the attacker can gain a user’s Active Directory credentials. Microsoft has released a security update that can be found here. Cato Research strongly encourages updating all relevant systems as proof-of-concept exploits have already appeared online.

I’m thrilled to unveil our new identity: Cyberpion is now IONIX, a name that represents our radically different approach to protecting the modern attack surface and its digital supply chain. With IONIX, you’ll discover your organization’s real attack surface, including its sprawling network of asset dependencies – while separating the signal from the noise so your security team gains laser focus on your exploitable risks.

Terraform is the de facto tool if you work with infrastructure as code (IaC). Regardless of the resource provider, it allows your organization to work with all of them simultaneously. One unquestionable aspect is Terraform security, since any configuration error can affect the entire infrastructure. In this article we want to explain the benefits of using Terraform, and provide guidance for using Terraform in a secure way by reference to some security best practices. Let’s get started!

In this episode of SaaSTrana, Venky and Raghu, Co-Founder of Sprinto, discusses why SaaS companies should pay close attention to security measures to become SOC 2 compliant.

The business impact of critical open source vulnerabilities such as Spring4Shell and Log4j illustrate the crucial importance of detecting remediating such vulnerabilities as fast as possible, This is particularly important for the financial technology, which handles vast volumes of sensitive financial data for investors. That was certainly the case for MSCI, who deployed Mend to speedily thwart any potential threats posed by Spring4Shell.

The industrial sector is one of the largest, most diverse and changing segments of the global economy. It is also one of the main targets for cybercriminals. Industrial sites and factories continue to transform and digitize, which means that more and more critical assets and infrastructure are being connected to the Industrial Internet of Things (IIoT). This has raised security concerns about operational technology (OT) in manufacturing, which is increasingly at risk.

Here at 1Password, we’re big fans of two-factor authentication (2FA). It adds an extra layer of protection to your online accounts, making it much harder for attackers to break into them.