Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The digital world is a lot like the Old West: lawless criminals are looking to take advantage of any bug, flaw or vulnerability to exploit. To combat the problems from these flaws, many organizations offer bounties to anyone who can find them before cybercriminals. Because bugs can be challenging to spot, bug bounty programs leverage ethical hackers' expertise to spot corporate software's flaws. Some of the largest corporations in the world, including Google, Microsoft, and the U.S.

Data is the most important resource that a company possesses. Any data loss event can be extremely disruptive, with serious consequences including regulatory fines, major revenue loss, and reputational damage. Data encryption is crucial for any organizations that deal with sensitive data including customer and employee information, payment details, company financials, M&A documents, government and defense data, and more.

Once again it’s time for everyone’s favorite announcement: a brand new Teleport release! This release marks version 13 of Teleport and is packed with features, including a UI makeover. Let’s dive in!

The CISO role has evolved in recent years. CISO’s don’t come just from technical and security backgrounds anymore. Each organization has their own distinct vision for how to solve their security needs whether they are customer, regulatory, or industry driven. I started out my career as an external auditor, with the goal of becoming a CFO.

Web applications are vulnerable to several kinds of attacks, but they’re particularly susceptible to code injection attacks. One such attack, the XPath Injection, takes advantage of websites that require user-supplied information to access data stored in XML format. All sites that use a database in XML format might be vulnerable to this attack. XPath is a query syntax that websites can use to search their XML data stores.

Data security is crucial to creating mobile apps, and businesses that create or handle sensitive data must adhere to the Federal Information Processing Standards (FIPS). Data is encrypted before it leaves the mobile device and is decoded in a safe environment thanks to the FIPS 140-2 encryption standard. In this article, we will take a look at the standards and best practices for FIPS 140-2 encryption compliance, covering the fundamentals of ensuring a safe mobile app.

RSAC 2023 was a huge success. We launched our 2023 AT&T Cybersecurity Insights Report, which was met with enthusiasm by the industry and the media. In fact, Will Townsend, writing for Forbes, noted that our report joined other great research by industry peers who are striving to do more than just provide security solutions.

We are proud to announce that TrustRadius has recognized KnowBe4 with a 2023 Top Rated Award. With a trScore of 9.0 out of 10 and over 800 verified reviews and ratings, KnowBe4 is recognized by the TrustRadius community as a valuable player in the Security Awareness Training category. Reviewers on TrustRadius gave high marks for KnowBe4’s overall ease of use, the variety of training and phishing content available, and great customer support.

A newly identified criminal organization has been observed running a large number of business email compromise (BEC) scams. Since February 2021, Abnormal Security reports the gang has been responsible for some 350 BEC campaigns against a range of companies. No particular sector is favored, but the scammers favor larger organizations, with more than 100 of the targets being multinational corporations with offices in several countries.

New data shows a resurgence in successful ransomware attacks with organizations in specific industries, countries and revenue bands being the target. While every organization should always operate under the premise that they may be a ransomware target on any given day, it’s always good to see industry trends to paint a picture of where cybercriminals are currently focusing their efforts.