Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks are a constant and evolving threat across all sectors with 2023 seeing a resurgence in data breaches and ransomware attacks with popular variants like Clop, LockBit, and ALPHV, among others, terrorizing businesses and exploiting system vulnerabilities. The 2021–2022 financial year saw an increase in cybercrime, with over 76,000 reports made to the Australian Cyber Security Centre (ACSC), with no signs of slowing down.

What makes a good website penetration testing tool? Speed, agility, efficiency, or cost benefits? How about all of them? Hackers use automated tools to scan websites and apps before manually trying to exploit security loopholes. As the first step towards securing assets, you should do the same – only with better resources and before them.

Mobile devices have become critical endpoints for accessing enterprise applications, systems and data. Adversaries know this all too well, as evidenced by the growing numbers of attacks that target mobile devices. Verizon’s 2022 Mobile Security Index found almost half (45%) of enterprises had recently suffered a mobile-related compromise involving devices in the last 12 months — almost double the amount compared to the year prior.

‍Cybersecurity has become crucial for businesses and government entities in today's ever-changing digital landscape. While various frameworks and guidelines are available, the Australian Signals Directorate's "Essential Eight" is an effective and practical approach to strengthening an organization’s security against cyber attacks and threat actors.

When organizations hear “third-party risk management,” they often consider the processes needed to mitigate risks when working with a third-party vendor. These can include procurement risks and risks associated with starting new vendor relationships, often referred to as "onboarding,”—but what about when a working relationship ends?

On Wednesday, October 18, 2023, we discovered attacks on our system that we were able to trace back to Okta – threat actors were able to leverage an authentication token compromised at Okta to pivot into Cloudflare’s Okta instance. While this was a troubling security incident, our Security Incident Response Team’s (SIRT) real-time detection and prompt response enabled containment and minimized the impact to Cloudflare systems and data.

The Kroll Detection and Response Maturity Model analyses 1,000+ security programs from organisations around the world to identify their actual maturity, the ROI of mature programs and what security leaders can do to elevate their detection and response capabilities. The report leverages data uncovered in our The State of Cyber Defense 2023: The False-Positive of Trust, which looked at responses from 1,000 global security decision-makers.

AIDS Alabama Incorporated (AAI) serves over 8,000 Alabama residents, assisting them with emotional and medical support where possible. They are a clinic of humanitarian advocates, helping community members with housing and food; AAI is also an outspoken supporter of Black Lives Matter, substance abuse help, and preventative education. Your data may be at risk if you’ve received services or assistance from AAI.

This week, we noticed increased targeting of medical information; surgeries, health centers, and clinics were all made victims by successful hacking plots. The most recent attack involved Chicago’s Cook County Health. Alabama and Virginia also had specialized assaults, resulting in three data breaches across the states. Shadow PC also suffered a breach, which may have put thousands of gamers around the globe at risk.

The integration of cloud-native technologies like Kubernetes with public cloud platforms like Amazon EKS has ushered in a new era of scalable and efficient application deployments. However, this combination brings forth unique security challenges, especially concerning container images. Enter Calico Cloud’s Image Assurance – a comprehensive tool designed to bolster the security of your containerized applications on Amazon EKS.