Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Without a password manager, it’s difficult for IT administrators to have visibility and control over employee password practices. This gap places organizations at a greater risk of suffering password-related cyber attacks which can lead to a devastating data breach. Keeper Password Manager helps IT teams gain complete visibility and control over employee passwords while providing them with best-in-class security, and enabling better collaboration and productivity between team members.

On April 18th, the United States’ Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL) issued an urgent advisory about Akira ransomware’s recently exhibited malicious behavior (as of February 2024). Detailed information about these threats and the associated IOCs and TTPs can be seen on #StopRansomware: Akira Ransomware.

Employee theft isn’t just a financial issue; it can erode trust and damage company morale. These employee theft statistics highlight the prevalence of workplace theft across key categories including data theft, time theft, fraud and embezzlement, insider threats, and retail theft.

On April 15th, Fabian Bäumer and Marcus Brinkmann of Ruhr University Bochum disclosed that PuTTY had a vulnerability that can allow an attacker to compromise private keys, then forge signatures, and log into any remote servers on which those keys are used. PuTTY is a free and open-source terminal emulator, serial console and network file transfer application that supports several network protocols, including SCP, SSH, Telnet, rlogin, serial port and raw socket connections.

Security questionnaires represent the cornerstone of most third-party risk management (TPRM) programs. They allow organizations to responsibly appraise a vendor's security posture before they move forward with onboarding and grant the vendor access to internal systems and data. Nevertheless, most security teams feel burdened by time-consuming and lengthy security questionnaires, especially when faced with additional resource and staffing limitations.

Phishing isn’t what it used to be. Older, popular scams — like grammatically incorrect love letters and mysterious princes who just need a little money — have given way to sophisticated and dangerous social engineering attacks. In fact, phishing has become so prevalent and effective that it is one of the three primary ways hackers compromise credentials.

Clients often conflate Offensive Security with penetration testing, yet they serve distinct purposes within cybersecurity. Offensive Security is a broad term encompassing strategies to protect against cyber threats, while penetration testing is a specific activity where security teams test system vulnerabilities. At its essence, Offensive Security isn't just about reacting to vulnerabilities; it's about actively hunting down and neutralizing potential threats before they wreak havoc.

Software Composition Analysis (SCA) tools have been around since 2002, and they are now more critical than ever for identifying vulnerabilities in your codebase's libraries, frameworks, and third-party components. According to a Capterra report, 61% of businesses have been affected by a supply chain threat in the last year. If you’re one of the lucky 39%, Capterra suggests it really came down to luck - as nearly all companies use at least one third-party vendor.

In the famous book “Code Complete,” published by Microsoft Press, author Steve McConnel emphasized the importance of writing code for people first and computers second for better code readability. This was in 1993, when cyber attacks were practically non-existent. Fast forward to 2023, we have a greater challenge: writing code for tackling hackers first and users second.  This challenge is compounded by the rise of cybersecurity incidents due to security vulnerabilities in code.

The OWASP Top 10 list is the go-to resource to begin understand application security risk for software developers and information security professionals. Most of us don't know we're harboring vulnerabilities in plain sight. During 2020 and 2021, there were an average of 15 vulnerabilities per site, and two out of these fifteen vulnerabilities were of high severity. ‍To protect against vulnerabilities, you first need to be aware of them. That’s where the OWASP Top 10 list comes in handy.