Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

A Typo Shouldn't Impact Your Company's Future

With all the email, documents, Slack messages, and other artifacts that come through my purview each day, I think the language gods will forgive me for a few typos. But I would hate to think that a keystroke error could result in an irrecoverable breach of my company’s most private data. Seems a bit dramatic, no? According to a recent Forbes article, Dropbox users face this very issue when sharing sensitive data.

Part Two: The Current State of Bot Attacks

We recently carried out a survey of 200 UK enterprises across e-Commerce, financial services, entertainment and travel. Amongst our objectives, we wanted to discover the state of bot attacks in the surveyed industries. We now know that many businesses use some sort of bot mitigation, and the few that don’t are in the process of doing so. In part 2 of our blog series, we find out which bot attacks represent the greatest risk to businesses.

ISO 27001 Firewall Security Audit Checklist

Because of additional regulations and standards pertaining to information security, including Payment Card Industry Data Security Standard (PCI-DSS), the General Data Protection Regulation (GDPR), Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA), California Consumer Privacy Act (CCPA) and ISO 27001, organizations are putting more emphasis on compliance as well as the auditing of their cybersecurity policies and cybersecurity controls.

IoT security explained

The Internet of Things (IoT) is a term used to describe a system of interconnected computing devices that use the internet to send and receive data without requiring human to computer or human to human coordination. The world of IoT encompasses a wide variety of technologies, vendors, and connectivity methods. While cameras, smart kitchen appliances and smart locks often come to mind, IoT devices are prevalent in all industries.

Amazon scammers are becoming oddly specific

A friend contacted me the other day about a scam call purporting to come from Amazon’s customer support department. She wasn’t home at the time, so the scammer left a message stating that a charge of $749 appeared on her account. Of course, she didn’t actually order anything for that price, and, although she suspected it was a scam, something about it caught her attention, so she called the phone number displayed on her caller I.D.

Blogspot Serves as a COVID-19 Scamming Hotspot

Attackers were quick to exploit the COVID-19 pandemic, with coronavirus-themed phishing campaigns, Trojans delivering ransomware and backdoors, and other scams. Netskope Threat Labs have been keeping a close eye on the threat landscape and tracking COVID-related campaigns throughout this unprecedented time.

One Veracoder's Tips for Setting Up a Successful Security Champions Program

My name is Seb and I’m an application security (AppSec) engineer, part of the Application Security Consultant (ASC) team here at Veracode. My role is to help remediate flaws at scale and at pace, and to help you get the most out of the Veracode toolset. With a background as an engineering lead, I’ve run AppSec initiatives for government and global retailers. I’ve found that successful AppSec is all about people.

ExpertOps Federal: Managed Services in a FedRAMP Certified Cloud Has Arrived

According to its own website, FedRAMP serves three different of partners: federal agencies, Cloud Service Providers (CSP) and third-party assessment organizations. This article will focus on CSPs and how a good CSP can provide services that provide monetary savings for your agency.

Security Policy Self-Service for Developers and DevOps Teams

In today’s economy, digital assets (applications, data, and processes) determine business success. Cloud-native applications are designed to iterate rapidly, creating rapid time-to-value for businesses. Organizations that are able to rapidly build and deploy their applications have significant competitive advantage.