Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On the latest episode of the Security Soapbox podcast, I spoke with Ramy Houssaini, Chief Cyber and Technology Risk Officer at BNP Paribas, about the challenges Chief Information Security Officers (CISOs) face in an increasingly complex digital landscape. Change happens quickly in the cloud, and many organizations are faced with the issue of evolving their security strategy at the same pace. This ends up leaving sensitive apps and data vulnerable to cyberattacks.

It’s been just over a month since cybersecurity conferences returned in a big way with the comeback of RSA Conference after last year’s hiatus. A lot happened between 2020 and 2022 in the world, our lives, and cybersecurity, including the birth of a little no-code security automation start-up named Torq. RSAC 2022 was a great place to catch up on these changes and look forward to emerging trends and security needs.

A San Francisco-based bank recently disclosed the results of a payment fraud investigation that uncovered ATM skimming attempts at the bank’s terminals across the United States. Fraudsters installed ATM skimming devices in several branches and used them to skim customer account information. The bank was understandably concerned that the stolen data would be used to create fake debit cards and attempt cash withdrawals.

On July 12, 2022, Microsoft researchers disclosed a large-scale phishing campaign that has targeted more than 10,000 organizations since September 2021. The campaign used adversary-in-the-middle (AiTM) phishing sites to proxy the authentication process and hijack the victims’ Office 365 session cookies.

In a-near perfect world, you would instantly fix your application every time a relevant CVE was issued. (In a truly perfect world, of course, there would be no security incidents, and hence no CVEs in the first place.) But in the real world, reacting to CVEs requires a careful calculation. You need to assess whether each CVE is serious enough to warrant the rejection of a build and a delay of a release.

In the world of modern business, companies must put extra effort into creating engaging visual content to stand out from the crowd. Social media marketing, for instance, was once deemed an easy way for companies to reach additional eyes but today, marketing is a lot more competitive than simply creating a post and hoping it goes viral.

Keeper Security and LastPass are both password managers, but each solution offers unique user features and benefits. While LastPass has been around a bit longer, Keeper’s innovative security technology makes it a top contender for businesses of all sizes, in every industry vertical.

Social engineering is the art of manipulating people, so that they give up confidential information or perform an action you ask them to do. Read and learn first hand how modern phishing works to trick victims into giving up their credentials, bank information or computer access to secretly install malicious software. Adversaries use social engineering tactics because it is often easier and quicker to exploit human nature than to hack their way in.