Q4 2023 presented a complex security landscape with a mix of both positive and negative trends On the one hand, activity associated with larger ransomware-as-a-service (RaaS) operations, such as LOCKBIT and BLACKCAT, declined due to the success of major takedown operations. However, negative patterns also continued, like the ongoing focus of threat actors on the professional services industry.

Read our highlights from SCaLE 21x, where the community focused on all things open source, not just Linux, with over 270 sessions on DevOps, cloud tech, and security.

GitHub Actions and the GitHub GraphQL API are powerful tools for automating and optimizing workflows. GitHub Actions, released in 2018 brings CI/CD directly into the GitHub ecosystem and automates general project management using YAML files. Whereas, a 2-year earlier-released GraphQL API provides a more efficient way to fetch and manipulate data.

In today's digital landscape, where cyber threats are ever-evolving and data breaches can have devastating consequences, zero-trust security has emerged as a robust approach to protect organizations and their critical systems. At its core, zero-trust challenges the traditional notion of inherent trust within network boundaries, advocating for a holistic security posture that treats every entity as a potential threat until proven trustworthy.

Trust is vital to success in our industry. Whether you’re creating and managing software for use internally, by other businesses, or direct-to-consumer, you need to be able to create trust with your end users. This can be accomplished, in part, by showing evidence of security measures, bringing the right people and tactics to the table, and working collaboratively to address challenges.

All industries are at risk of credential stuffing and account takeover (ATO) attacks. However, some industries are at a greater risk because of the sensitive information or volume of customer data they possess.

The growing inter-connectedness of digital systems, combined with the alarming ingenuity of financial criminals, has led to a convergence between payment fraud, cybercrime, and AML. As financial transactions increasingly occur online and real-time payments have expanded to over seventy countries, cybercriminals are exploiting these trends by developing sophisticated schemes to target vulnerabilities in digital payment systems.

Managing configurations in a complex environment can be like playing a game of digital Jenga. Turning off one port to protect an application can undermine the service of a connected device. Writing an overly conservative firewall configuration can prevent remote workforce members from accessing an application that’s critical to getting their work done.

As the primary financial services regulator of the Cayman Islands, the Cayman Islands Monetary Authority (CIMA) is responsible for managing and protecting the assets of all Cayman Islands banks, which includes its cybersecurity and risk management strategies. CIMA does this mainly through the Rule and Statement of Guidance – Cybersecurity for Regulated Entities, which establishes regulatory laws and guidelines to safeguard the security posture of its regulated entities.

Keeper Security is excited to announce that it now supports passkeys for mobile platforms on iOS and Android. This update extends passkey management functionality in the Keeper Vault beyond the Keeper browser extension support for Chrome, Firefox, Edge, Brave and Safari announced in June 2023. Passkeys have seen rapid adoption since their introduction in 2022 and Keeper is proud to enable their use across devices, bringing users a more secure and streamlined authentication experience.