Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A new phishing campaign is exploiting the eSignature platform Yousign. There have been plenty of phishing attacks that leverage legitimate platforms to help establish credibility with security solutions – including online email services, web hosting, payment processors and more.

A phishing campaign is spreading the DarkGate malware using new techniques to evade security filters, according to researchers at Cisco Talos. “The DarkGate malware family is distinguished by its covert spreading techniques, ability to steal information, evasion strategies, and widespread impact on both individuals and organizations” the researchers explain.

Single sign-on (SSO) used to be enough. It’s not anymore.

You’re confident in your development chops—confident enough to know the apps you’ve built aren’t completely free of security and configuration flaws. You’ve also researched the deep ecosystem of scanning tools available and perhaps got overwhelmed by the sheer volume of choice. What’s the right “portfolio” of open-source app security tools to identify vulnerabilities in your dependencies, Infrastructure as Code (IaC) configurations, containers, and more?

With AI finding adoption throughout all stages of the development process, the SDLC as we know it is becoming a thing of the past. Naturally, this has many implications for the field of software testing. This article will discuss how the SDLC has evolved over time, going into detail on the impact that AI adoption is having on both software development and software testing.

With the alarming number of data breaches and vulnerabilities today, security is now a primary concern for organizations and their customers, but knowing how to efficiently develop and scale secure applications is still a problem. Tackling this challenge requires considering the potential security risks of a new feature or service much earlier in the development cycle, an idea that is foundational to the Secure by Design approach.

Over the past month, the Vanta team launched new product capabilities.

As cybersecurity threats become more sophisticated, organizations have to continually find new solutions to resist bad actors. Enter MITRE D3FEND, a framework designed to complement the MITRE ATT&CK framework by focusing on defensive cybersecurity techniques.

Protecto, a leader in data security and privacy solutions, is excited to announce its latest capabilities designed to protect sensitive enterprise data, such as PII and PHI, and block toxic content, such as insults and threats within Databricks environments. This enhancement is pivotal for organizations relying on Databricks to develop the next generation of Generative AI (Gen AI)applications.

The recent cyberattack on Ascension Medical, Change Healthcare and several UK hospitals is a stark reminder of the vulnerabilities within the healthcare sector. The May 8, 2024, attack disrupted access to Electronic Health Records (EHR) for two weeks across Ascension's 140-hospital system, forced some hospitals to divert ambulances and rely on manual record-keeping, and has led to patient class-action lawsuits regarding potential data exposure.