Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The dangers of email security are often understated. One successful email attack can lead to malware injection, system compromise, impersonation, espionage, ransomware and more. After all, phishing remains the top attack vector used by hackers. The FBI reported phishing scams were extremely prominent, with 323,972 complaints being made in the U.S. in 2021, compared to 241,342 the previous year. Adjusted losses resulting from these attacks is more than $44 million, a $10 million decrease from 2020.

At Nightfall, our mission is to discover and secure sensitive data in every cloud application through a cloud-native, accurate, and performant platform. Since 2019, Nightfall has partnered with some of the world’s most innovative organizations to proactively eliminate data security risks across a fleet of SaaS applications via our native integrations for Slack, Atlassian Jira, Confluence, Google Drive, and GitHub.

Ransomware isn’t just an internal threat for your organization, it’s also a global crime, and data breach notifications are governed by various laws, policies, and agencies. Let’s go over some common cyber-compliance questions about ransomware, data breach notification and reporting, and the laws that cover cybercrime.

Originally envisaged as a convenient way to store web data, cookies emerged as a powerful marketing tool in the 2000s. For many years, digital marketers relied on cookies for data collection. However, in recent history, new privacy laws, browser features, and plug-ins have changed the landscape of data collection. Marketers have had to develop tools and strategies to ensure they meet compliance as the internet becomes more and more cookieless.

In today’s fast-paced world, mobility, connectivity and data access are essential. As organizations grow and add more workloads, containers, distributed endpoints and different security solutions to protect them, security can quickly become complex. Modern attacks and adversary tradecraft target vulnerable areas to achieve their objectives. Threats can originate at the endpoint to attack the cloud, or cloud-based threats can attack vulnerable endpoints.

A new vulnerability, CVE-2021-342 has been discovered in the Splunk indexer component, which is a commonly utilized part of the Splunk Enterprise suite. We’re going to explain the affected components, the severity of the vulnerability, mitigations you can put in place, and long-term considerations you may wish to make when using Splunk.