Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

What is a Zero-day (0-day)?

A zero-day (0-day) is an unpatched security vulnerability that is unknown to the software, hardware or firmware developer, and the exploit attackers use to take advantage of the security hole. In general, zero-day refers to two things: Zero day gets its name from the number of days that a patch has existed for the flaw: zero. Zero-day threats represent significant cybersecurity risk because they are unknown to the party who is responsible for patching the flaw and may already be being exploited.

Which security certification is for you (if any)

It is hard to look at an information security job posting without seeing some certifications desired. Some make sense and others not so much. I have looked at junior helpdesk positions asking for CISSP, and some of the roles at some of the most respected companies do not ask for any certifications. There are some certifications that in having them demands instant respect: OSCP, OSCE, GXPN, and GREM, to name a few.

Protection from malicious Python libraries jeilyfish and python3-dateutil

Two malicious Python libraries, jeilyfish (with a capital i and a lowercase L in the original name) and python3-dateutil, were detected on PyPI (Python Package Index) on December 1st. They were typosquatting similar named legitimate libraries jellyfish (with a double lowercase L) and python-dateutil libraries, a malicious technique aiming to trick developers to use the similar named modified libraries.

What is FISMA (The Federal Information Security Management Act of 2002)?

The Federal Information Security Management Act of 2002 (FISMA) is a United States federal law that defines a comprehensive framework to protect government information, operations and assets against natural and manmade threats. FISMA was enacted as part of the E-Government Act of 2002.

Waco water bill attack just the latest in a wave of Click2Gov breaches

The City of Waco has warned residents that their online payments for water services may have been intercepted by hackers who stole credit card details. The heart of the problem lies in the third-party online payment software that Waco and several other cities and municipalities use to let residents pay their bills, pay parking fines, as well as make other financial transactions.

Five Ways to Quickly Uncover Malicious Activity and Protect Your Kubernetes Workloads

Organizations are rapidly moving more and more mission-critical applications to Kubernetes (K8s) and the cloud to reduce costs, achieve faster deployment times, and improve operational efficiencies, but are struggling to achieve a strong security posture because of their inability to apply conventional security practices in the cloud environment. Commitment to cloud security grows, but security safeguards are not keeping up with the increased use of the various cloud platforms.

Replace GxP SFTP/file servers with modern solutions for validated environments

Data is the lifeblood of the life sciences. As therapeutics, medical devices, and diagnostics advance from early-stage development into clinical testing and beyond, the scrutiny of reported data and procedures dramatically increases. Dating back to the 1990s, many pharmaceutical and biotech companies have implemented systems and processes to store, exchange, and analyze regulated data from environments governed by GxP (e.g, clinical trials, manufacturing, toxicology, etc.).

Protecting against the perils of dental patient data breaches

This pattern of data breaches is very concerning for dental practices, which are charged with protecting people’s most sensitive information. What can practices do to protect themselves against this growing problem? There has been a surge in data breaches at companies from virtually every sector during the past few years. Practically every week, the news media reports new breaches that seem to be increasing in scope and severity.