Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Identity and access management best practices dictate that an organization provide one digital identity per individual. That identity can be maintained, monitored, and modified as needed while the user works on different projects and in different roles. However, strong IAM requires the use of tools and platforms, in addition to the principle of least privilege, to keep valuable information secure. [Read: 5 Identity and Access Management Best Practices]

SCADA stands for Supervisory Control and Data Acquisition, and although it’s not likely to be the first thing to come to mind when discussing cyber security, it certainly should be. As its name implies, it is a type of software designed to supervise – controlling and monitoring – and collect data and well as analyze data for industrial processes.

The simplest way to ensure the safety of all the open source (OSS) components used by your teams and sites, is with a software composition analysis (SCA) tool. You need an automated and reliable way to manage and keep track of your open source usage. With JFrog Xray, you can set up vulnerability and license compliance scanning built into your software development lifecycle (SDLC).

Following high profile headlines of critical vulnerabilities affecting Microsoft Exchange servers, as detailed in our previous blog/bulletin[1], proof-of-concept exploits have become publicly available and appear to have been utilized by a financially-motivated threat actor in the seemingly manual deployment of a new ransomware threat dubbed 'Dearcry'.

It’s hard to ignore the GDPR these days, with headline-making fines and regular news updates on the continuing impacts of data protection post-Brexit. Most business will be aware of what they have to do for the GDPR, with increasing numbers actively doing something about it. But there is another privacy regulation that UK businesses must comply with.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Who knew this would happen right?

Not even seven days after its public release, the American Rescue Plan Act has already been exploited by cybercriminals. This is the latest example of using a relief measure as bait for phishing or malware delivery.

On 16th March Netacea sponsored the virtual Cyber Security Digital Summit where, alongside speakers from Blackberry, Thycotic and Disney, Netacea’s Head of Threat Research, Matthew Gracey-McMinn hosted a session for attendees. During the showcase, Matthew explored “Lessons Learned From An Invite Only Bot Group & Developing A MITRE-Style Framework for Bots”.

David Klopp, Managing Director in the Cyber Risk practice of Kroll, recently spoke at the first session of PARIMA’s Confident Response Series 2021. The series aims to fine-tune incident response preparedness and help risk managers understand the latest tactics, techniques and procedures from the most successful cybercriminals, leading to deeper collaboration with business partners and mitigation of technical, legal and reputational risks.

The last 12 months have seen massive upticks in the frequency, sophistication, and intensity of cyberattacks. This comes at a time when business operations have changed drastically with shifts to more cloud resource use in order to increase access, availability, productivity, and profits.