Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Five worthy reads: Cyberattacks in the banking industry

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week, we explore cyberattacks in the banking industry. Gone are the days when paychecks were rolled out in envelopes on payday. We’ve evolved from juggling between counters to deposit a check to managing everything through a single mobile banking application. Indeed, modern banking saves us time and encourages self-service.

Business impersonation: is your KYB strategy up to the challenge?

A webinar recap with Bolt and About Fraud. Jeff Sakasegawa is Persona's trust & safety architect. Prior to Persona, Jeff worked in fraud and compliance operations at Square, Facebook, and Google. Jeff Sakasegawa is Persona's trust & safety architect. Prior to Persona, Jeff worked in fraud and compliance operations at Square, Facebook, and Google.

SaaS Security Posture Management/SSPM: A Must-Have for Securing Your SaaS Applications

As more companies adopt Software-as-a-Service (SaaS) apps, keeping these cloud-based systems secure has become crucial. While SaaS offers convenience, scalability, and flexibility, it also introduces significant security risks. Organizations must actively monitor and control the security of their SaaS environments. SaaS Security Posture Management / SSPM is becoming an essential tool for this task.

When Is ISO 27001 Considered Mandatory? 5 Examples

ISO 27001 is the international standard for information security and protection. It’s roughly equivalent to similar infosec frameworks in the United States, like FedRAMP and CMMC, but the international development, maintenance, and scope of the ISO framework makes it much more commonly seen outside of US Government contracting. In the US, it’s clear that a security framework mandated by the government is required when working as a contractor for the government. What about ISO 27001?

What is NIST 800-53?

Imagine compliance is like a driving application. You know your location and you plug in the destination address, then it shows you the route’s overview. If you want a more specific map, you can zoom in a bit and get more details. Similarly, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and it’s most recent revision provide the overview roadmap for your compliance journey.

The Three Different Types of Hackers

There are three general categories that hackers fall into: white hat hackers, black hat hackers and gray hat hackers. Each type of hacker has different motivations behind their hacking activities. Learn more about the different types of hackers and how to prevent malicious hackers from compromising your online accounts.

Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System

On September 27, 2024, evilsocket.net (Simone Margaritelli) published information about several vulnerabilities in CUPS (Common UNIX Printing System), which can allow for arbitrary remote code execution (RCE). There are currently 4 CVEs associated with these findings, with potentially more on the way. There is also some debate about the severity of these vulnerabilities, however, one of the CVEs was initially given a CVSS score of 9.9. We will update this blog if new information becomes available.

Monitor Slack audit logs with Datadog Cloud SIEM

Millions of enterprise users rely on Slack every day as their primary tool for instant communications and information sharing. Because of its central role in operations, Slack inevitably handles sensitive data and critical business information—which also makes it a high-value target for attackers. For this reason, it’s critically important for security teams to detect and respond to security threats against Slack.