Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Trustwave Government Solutions Attains StateRAMP Authorization Status

Trustwave Government Solutions (TGS) has attained authorized status by the State Risk and Authorization Management Program (StateRAMP) for its Government Fusion platform. "State and local agencies rely heavily on their technology partners to strengthen their cybersecurity postures, and we're proud to be able to deliver a solution that meets or exceeds their elevated security requirements," said TGS President Bill Rucker.

Enhancing Vulnerability Management with Threat Intelligence

The shift towards a proactive cybersecurity mindset has been steadily gaining momentum. Industry experts have emphasized the importance of best practices for implementation and the role of security orchestration. By integrating modern threat intelligence solutions into vulnerability management platforms, forward-thinking enterprises can become more proactive in their fight against cyber threats.

AWS Migration Made Secure: How CrowdStrike Protects Your Journey

Organizations are migrating and building on AWS to unlock their potential and remove obstacles to growth and innovation. AWS customers are able to focus on building value for their end customers by removing the burden of data center operations and hardware management costs. Cloud-based architectures improve agility, resilience and scalability while allowing enterprise-scale infrastructure to be deployed globally in minutes.

Another Case for Cyber Resilience: A Large-Scale Extortion Campaign and Best Practices for Data Security in the Cloud

Recently, a widespread cloud extortion operation—affecting 110,000 domains and involving significant financial demands—was uncovered. Unit 42, the cybersecurity research division of Palo Alto Networks, released a report this month detailing how threat actors exploited misconfigured.env files to gain unauthorized access, steal sensitive data, and demand ransoms after deleting cloud assets.

Maturing your AppSec Program with Toby Jackson - Secrets of AppSec Champions Podcast

Join host Chris Lindsey as he digs into the world of Application Security with experts from leading enterprises. Each episode is theme based, so it's more conversational and topic based instead of the general interview style. Our focus is growing your knowledge, providing useful tips and advice. With Chris' development background of 35 years, 15+ years of secure coding and 3+ years running an application security program for large enterprise, the conversations will be deep and provide a lot of good takeaway's that you can use almost immediately.

Securing Infrastructure as Code: Best Practices for State Management

IT infrastructure management is a complex task. Over the years, various methods have been used to better manage corporate environments. Whether it is network monitoring, asset control, application monitoring, or any of the other infrastructure management obligations, different solutions have been attempted to make the job easier. These undertakings became even more challenging as infrastructure moved from the deceptively tidy on-premises data centers out to the cloud.

UK Businesses Face New Cyber-Attacks Every 44 Seconds in Q2 2024

In the second quarter of 2024, UK businesses faced cyber-attacks every 44 seconds, highlighting the persistent nature of cyber threats and the critical need for robust cybersecurity protocols. This frequency of attacks shines the spotlight on the ongoing challenge UK businesses face in protecting their digital assets. It also stresses the importance of implementing comprehensive security measures to protect against increasingly sophisticated and frequent cyber threats.

Automating Intelligence with ThreatQ TDR Orchestrator

ThreatQ TDR Orchestrator serves as a bridge between human expertise and machine precision, optimizing workflows in security operations. By leveraging this dynamic solution, organizations can ensure that the tacit knowledge of security analysts is efficiently captured and combined with automated processes. This integration facilitates a more agile response to threats, as the human element of decision-making is supported by the speed and consistency of automation.

FOG Ransomware Targets Higher Education

In Q2 2024, the Kroll Cyber Threat Intelligence (CTI) Team observed an increase in activity around a new ransomware group named FOG. FOG was initially observed in May 2024, and since then has been heavily targeting higher educational institutions in the U.S. by exploiting compromised VPN credentials. Kroll's review of a recent FOG binary (1.exe) found no exfiltration or persistence mechanisms directly integrated.

NIST's first post-quantum standards

On August 13th, 2024, the US National Institute of Standards and Technology (NIST) published the first three cryptographic standards designed to resist an attack from quantum computers: ML-KEM, ML-DSA, and SLH-DSA. This announcement marks a significant milestone for ensuring that today’s communications remain secure in a future world where large-scale quantum computers are a reality.