Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Handling sensitive data, compliance, and security is always front of mind for payment gateways. Technology is nowadays a double-edged sword. Just as digital advancement has revolutionized global commerce, so too have the tactics that cybercriminals use to defraud merchants and customers. A study by PWC, Global Economic Crime and Fraud Survey 2020, found that 47% of respondent companies experienced some form of fraud, resulting in US$42B of losses.

Amazon Web Services or AWS services has over a million users in around 190 countries and is an ever-growing and widely adopted platform as more and more companies tend to move toward a cloud environment.

At 1Password, we’re committed to providing an industry-leading security platform for both businesses and families. That’s why today, we’re announcing that we’ve increased our top bug bounty reward with Bugcrowd to $1 million. With this investment, we’re further bolstering our ongoing efforts to keep 1Password customers as secure as possible.

As stated in our previous threat advisory STRT-TA02 in regards to destructive software, past historical data suggests that for malicious actors to succeed in long-standing campaigns they must improve and add new ways of making their payloads stealthier, resistant, and damaging. HermeticWiper introduces some unique features, applying destructive actions on compromised hosts.

More and more business-critical applications run on Amazon Web Services. Protecting these mission-critical applications from potential attacks requires moving beyond typical security approaches such as using only a jump box or firewall to control access. This multi-part tutorial will show how DevOps teams can secure their AWS services using a zero-trust, identity-based approach that not only increases security, but improves developer productivity.

SecurityScorecard (SSC) has identified three separate DDoS attacks which all targeted Ukrainian government and financial websites leading up to and during Russia’s invasion of Ukraine. Details of these DDoS attacks have not yet been publicly identified.

Ragnar Locker is a family of ransomware, which first came to prominence in early 2020 when it became notorious for hitting large organisations, attempting to extort large amounts of cryptocurrency from its victims.

One of the major causes of alert fatigue for SOCs is a class of alerts that fall in between false positives and useful detections: when an actual attack has been launched, and the detection is working correctly, but the host on the receiving end is not vulnerable, guaranteeing that the attack will fail.