Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Using credibility-building imagery and creating a need for the user to click what may or may not be perceived as an image is apparently all it takes to engage potential phishing victims. Phishing attacks only need two things: something to create a sense of urgency and something to establish a sense of credibility.

There are many ways to be socially engineered and phished, including email, websites, social media, SMS texts, chat services, phone calls and in-person. These days, it is hard to sell something online, date or rent a vacation home without being scammed. Scams are everywhere! If there is a way to communicate between two parties, some scammer will try to take advantage of it.

Build a developer portal from scratch with Backstage, an open platform. In this tutorial, learn how to create a secure-by-default software catalog for bootstrapping GitHub projects.

After completing an ISO 27001 audit, there may be some critical responses you must undertake based on the recommendation in your audit report. This step-by-step guide will ensure you don’t miss any of the outstanding follow-up tasks that need to be addressed after the audit process is over. Learn how UpGuard simplifies Vendor Risk Management >

This NIST CSF questionnaire template will help you understand the degree of each vendor’s alignment with the high-level function of the NIST CSF framework - Identity, Protect, Detect, Respond, and Recover. Though this assessment only offers a superficial understanding of compliance, it’s sufficient for getting a sense of a prospective vendor’s security posture, especially when coupled with an external attack surface scanning solution.

The Idaho Department of Health and Welfare is a government organization that offers free or low-cost services to Idaho citizens to provide for their health and well-being. This includes things like Medicaid, food programs, and more. The organization is a government agency that manages a huge amount of data for different people.

Healthcare services offered by the government and private agencies took a serious hit this week with breaches against Johns Hopkins, Essen Health Care, Atrium Health at Wake Forest, and the Idaho Department of Health and Welfare. Patients lost a significant amount of both personal and health information in this breach as a result. The Bank of NY Mellon was also a breach victim this week. Read below for the details.

SIEMs play a crucial role in the modern SOC: They allow you to collect, correlate and analyze log data and alerts for security and compliance. Yet, despite their value, SIEMs have struggled to keep up with today’s logging performance and scalability requirements. Given that adversaries are operating faster than ever, organizations must prioritize the capabilities that help them identify and respond to threats quickly.

Arctic Wolf’s The State of Cybersecurity: 2023 Trends report revealed a painful, yet unsurprising statistic: 68% of organizations identified staffing-related issues as their number one threat to achieving their security objectives. Breaking that down further, 32% of organizations are having difficulty with hiring and retaining staff. The remaining 36% feel their existing security team lacks the necessary expertise.

On June 23, 2023, Fortinet disclosed a critical Remote Code Execution (RCE) vulnerability (CVE-2023-33299) affecting FortiNAC, a network access control solution utilized by organizations to manage network access policies and compliance. This vulnerability is the result of the deserialization of untrusted data. Deserialization vulnerabilities such as this one are dangerous because a threat actor can insert a modified serialized object into the system which leads to unauthenticated RCE.