Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Software supply chain compromises are becoming an increasingly common tactic used by cyber criminals to infiltrate organizations. While the SolarWinds attack 3 years ago was the most infamous, these attacks are increasingly gaining in popularity among cyber attackers. This is because it is often easier to compromise a third-party vendor or supplier than it is to attack the organization directly.

Government offices deal with sensitive information all the time. In fact, they deal with the most sensitive kinds of information—classified information, data assets requiring security clearance, or other kinds of classified material subject to additional government requirements. So how do governments deal with insider threats? The federal government has established some pretty extensive and detailed policies to keep data safe.

Mobile security refers to the technologies and processes that are used to protect mobile devices from malicious attacks, data breaches, and other forms of cybercrime. It also includes measures taken to safeguard personal information stored on these devices, as well as protecting them from physical damage or theft. Mobile security is becoming increasingly important due to the rapid proliferation of smartphones and tablets being used for business purposes around the world.

There’s one thing IT and security professionals can never have enough of: visibility. Now, 1Password Business customers can gain even greater visibility into their security posture with the upgraded Events API.

API2:2019 Broken User Authentication happens when an attacker bypasses an API’s authentication and authorization mechanisms and gains access to sensitive data or functionality that should only be available to authorized users.

Learn about Kubernetes compliance challenges, consequences of non-compliance, and get guidance on maintaining a secure and compliant cloud environment in a dynamic Kubernetes setup. Kubernetes is a leading open-source platform for automating containerized applications’ deployment, scaling, and management. With the growing adoption of cloud, hybrid, and multicloud environments, the topic of Kubernetes compliance has become increasingly pertinent.

As the frequency and complexity of cybersecurity threats continue to grow, it is becoming increasingly important for organizations to adopt advanced tools and techniques to protect themselves. One way to do this is by utilizing the MITRE attack framework (ATT&CK), a comprehensive taxonomy of common tactics, techniques, and procedures (TTPs) cyber attackers use to compromise information systems and steal data.

CrowdStrike has discovered the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure. Dero is a relatively new and privacy-focused cryptocurrency that uses directed acyclic graph (DAG) technology to claim complete anonymity of its transactions. The combination of anonymity and the higher rewards ratio makes it potentially lucrative to cryptojacking groups compared to Monero, which is commonly used cryptocurrency by attackers or groups running miner operations.

The first step in Anti-Money Laundering (AML) due diligence is to Know Your Customer (KYC). A financial institution (FI) promptly implements KYC processes to identify and confirm a new customer’s identification. These procedures enable FIs to evaluate the risk profile of a customer based on that person’s propensity for financial crime. KYC is a procedure that cryptocurrency exchanges are required to follow.