Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

What our attack surface study says about top retail applications

Retail and ecommerce web applications are big targets for hackers. Attack surface assessment is important to help build a complete risk profile of web applications and combat opportunistic hackers looking for vulnerabilities to exploit. Here’s how the biggest online retailers fare against the most common application attack vectors

Cloud DLP and Regulatory Compliance: 3 Things You Must Know

It’s well-established that a data breach is an extremely costly event. By some estimates, a data leak can cost a small to medium-sized business more than $7.68 million per incident. Compliance regimes may seem burdensome, but the goal of these policies is to prevent a devastating data breach that can bankrupt a business and cause myriad problems for consumers.

Looking ahead to infosec's biggest challenges in 2021

The Nightfall blog is a resource for information security professionals to learn more about the challenges we face in the industry. Every week, Nightfall publishes news and insights from the world of cloud security to help you stay current with the cybersecurity world and better prepare for threats before they become serious problems. In January, we hosted two additional infosec leaders on the CISO Insider podcast: Compass CISO J.J. Agha and LifeOmic Chief Legal Officer Lisa Hawke.

How to build a malware analysis sandbox with Elastic Security

As a security analyst on Elastic’s InfoSec team, a common scenario we see is users coming to our team and asking: “Is this file safe to open?” Or one user reports a phishing email with an attachment that they didn’t open, but we see from the logs that 10 other users also received that email but didn’t report it and no alerts went off on their systems.

What the CPRA Means for the CCPA

In the fall of 2020, voters in California approved the California Privacy Rights Act (CPRA). Touted as California Consumer Protection Act (CCPA) 2.0, the CPRA is more an addendum and expansion of CCPA rather than an entirely new law. Think of it as an update that fixes unclear parts of the previous law and adds new systems to better handle the existence of the law itself. As there are a few “breaking changes”, the 2.0 moniker is pretty apt for those in the software world.

How to integrate automated AST tools in your CI/CD pipeline

The benefits of application security (AppSec) tool integration in the continuous integration/continuous delivery (CI/CD) pipeline are greater the earlier (the “further left”) you perform them in the process. Development organizations are continuing to shift left to implement security earlier in the CI/CD pipeline. But software security group leaders need to know where AppSec tools should go in the CI/CD workflow, and their purposes in different phases.

Case Study - Spearphishing Compromises Fuel Chain Credit Card Transactions, Ends in Ransomware

Credit card attacks typically target point of sale (PoS) terminals at retail locations such as stores, restaurants and hotels. In the early stages of the COVID-19 pandemic, in-person retail activity greatly diminished, forcing criminals to seek other targets and to virtualize their operations.

ZenGRC Named 2021 Governance, Risk and Compliance Emotional Footprint Award Champion

SAN FRANCISCO – February 4, 2021 – Reciprocity announces today that ZenGRC, the industry-leading information security risk and compliance solution, was named 2021 Governance, Risk and Compliance Emotional Footprint Award Champion by Info-Tech Research Group’s SoftwareReviews. The Champion designation is awarded to the vendors that receive top user scores.

Features to check for in a network scanner for enterprise networks

Network scanners have become an integral part of every IT admin’s first line of defense against security breaches. Using the right network scanner tool to conduct effective network reconnaissance and diagnosis enables you to pinpoint network issues that can escalate to security risks and network mishaps. A typical network scanner would allow you to scan a range of IP addresses sequentially, and display the active devices within that address block.

Card-Not-Present fraud (CNP): Five things retailers can do to protect themselves from CNP attacks

Cybercriminals have been well ahead of the curve when it comes to cybersecurity in the online retail industry. Specifically, criminals have been exploiting changes in purchasing behavior that favor online transactions and adapting their methods to take advantage of the authentication challenges arising when a card is not present (CNP) at the time of the transaction.