LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab
Blog Published: 12/04/2023
Originally published by Sysdig. Written by Miguel Hernández. The Sysdig Threat Research Team (TRT) recently discovered a new, financially motivated operation, dubbed LABRAT. This operation set itself apart from others due to the attacker’s emphasis on stealth and defense evasion in their attacks....
Human Discretion is Great, Right? Not When it’s the Lifeblood of Social Engineering Attacks
Blog Published: 12/04/2023
Originally published by CXO REvolutionaries. Written by Brett James, CTO in Residence, Zscaler. Fight social engineering attacks with zero trust principlesWhen people talk about zero trust, the first thing that comes to mind is the network, the infrastructure, or the architecture of the enterpris...
Mastering Data Flow: Enhancing Security and Compliance in the Cloud
Blog Published: 12/01/2023
Originally published by Dig Security. Written by Sharon Farber. Many organizations face challenges in determining their data’s precise locations and pathways. Without understanding where data flows, an organization cannot ensure that it remains appropriately secure and compliant throughout its li...
What is Cloud Security: 15 Essential Cloud Security Terms
Blog Published: 12/01/2023
Cloud computing is a model for enabling on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal effort. A cloud can consist of nearly any computing resources, ranging from processors and memory to networks, storage, a...
Microsoft 365 and Azure AD: Addressing Misconfigurations and Access Risks
Blog Published: 11/30/2023
Originally published by Reco.Written by Gal Nakash. In this blog post, we'll explore a real-world use case involving a SaaS Threat Detection module and its revelation of a common threat within Office 365: disabled users retaining access to sensitive company data. Disabled users can continue to ac...
Telehealth and HIPAA Compliance: What You Need to Know Now
Blog Published: 11/30/2023
Originally published by CyberGuard Compliance. In the early days of the COVID-19 pandemic, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued a Notification of Enforcement Discretion which announced that the OCR would would be exercising it enforcement discretion to...
How to Modernize Permissioning with the Cross-Cloud Solution Shaping the Future of IDaaS
Blog Published: 11/30/2023
Originally published by Britive. Businesses rely more today than ever before on cloud-based services and multi-cloud infrastructures to power their operations. Managing identity and access across these diverse environments can be challenging, and that’s where Identity as a Service (IDaaS) comes i...
A People-Centric Approach to Patching the Human Firewall
Blog Published: 11/29/2023
Originally published by CXO REvolutionaries.When an attacker scans your environment for entryways, what’s the most promising vulnerability they will discover?Verizon's 2023 Data Breach Investigations Report found that over 74% of breaches required human exploitation to be successful. That means h...
Not Just Code Vulnerabilities: The Overlooked Cause of Software Supply Chain Attacks
Blog Published: 11/29/2023
Originally published by Astrix. According to Gartner: “Software supply chain attacks have added a new dimension to software security problems because the software delivery pipelines and the tools used to build and deploy software are the new attack vectors.” While the software supply chain has be...
Don’t Fear the Audit—4 Ways to Prepare for SOC 2
Blog Published: 11/28/2023
Originally published by BARR Advisory. Written by Kyle Cohlmia. If you’ve made the commitment to achieve a SOC 2 report, you know the outcome will help differentiate your organization as one who takes the security of your customer data seriously. Even if this isn’t your first SOC 2 engagement, th...
How ISO 42001 “AIMS” to Promote Trustworthy AI
Blog Published: 11/28/2023
Originally published by Schellman.The regulation and responsible use of artificial intelligence (AI) has been a hot topic of 2023, prompting the release of NIST’s AI Risk Management Framework to help organizations secure this emerging tech. More standards are on the way that will address the need...
Artificial Intelligence and Cybersecurity
Blog Published: 11/27/2023
Originally published by CyberGuard Compliance.AI has the potential to greatly enhance cybersecurity capabilities, but it also introduces new concerns and challenges. Here are some of the key AI-related cybersecurity concerns:Adversarial Attacks: Malicious actors can use AI to craft sophisticated ...
5 Tips to Defend Against Access Brokers This Holiday Season
Blog Published: 11/27/2023
Originally published by CrowdStrike. Access brokers are decking the halls with advanced social engineering scams and vulnerability exploits to blend in with normal users and make a quick profit by selling credentials and other access methods.The holiday season brings a shift in how people and bus...
Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
Blog Published: 11/22/2023
Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR. Introduction Retrieval augmented generation (RAG) is an effective technique used by AI engineers to develop large language model (LLM) powered applications. However, the lack of security controls in RAG-based LLM ...
Behind the Curtain with a CCZT Developer: Cybersecurity Expert Omoruyi Osagiede
Blog Published: 11/22/2023
The Certificate of Competence in Zero Trust (CCZT) is the first vendor-neutral credential available for industry professionals to demonstrate their expertise in Zero Trust principles. The winner of Cyber Defense Magazine’s 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training, the cer...
Optimizing Your Security Posture: Harnessing the Cloud Controls Matrix (CCM) for Comprehensive Framework Mapping
Blog Published: 11/22/2023
IntroductionIn today's complex and rapidly evolving cloud security landscape, cloud organizations are under considerable pressure to comply with numerous international, national, and sector-specific standards. Such proliferation of security standards and compliance requirements has been a dauntin...
UPI is an Indian Success Story. Zero Trust Architecture Can Help Ensure It Stays That Way
Blog Published: 11/21/2023
Originally published by CXO REvolutionaries. Written by Sudip Banerjee, CTO in Residence, Zscaler. If you want to make an Indian beam with national pride, you need only mention the country’s Unified Payments Interface (UPI) success. This homegrown interbank digital payments infrastructure has mad...
Kubernetes Security Companies: 10 Considerations for Business Leaders
Blog Published: 11/21/2023
Originally published by Uptycs. Written by Dan Verton. Kubernetes security may not be part of the everyday interactions of non-technical business leaders, but it directly affects their responsibilities and the organization’s overall health. The security risks associated with Kubernetes environmen...
You’ve Tackled Shadow IT - Now It’s Time to Tackle Shadow DevOps
Blog Published: 11/21/2023
Originally published by Dazz. Written by Noah Simon, Head of Product Marketing, Dazz. For years, companies have been solving Shadow IT - the use of software, hardware, or SaaS services without the knowledge or approval of the IT team. While Shadow IT remains an evolving challenge, IT and Security...
Accelerating Zero Trust Maturity: Strategic Quick Wins
Blog Published: 11/20/2023
Written by Chris Hogan, Vice President, Enterprise Security Architecture and Innovation, Mastercard. In the evolving landscape of cybersecurity, Zero Trust has transformed from a buzzword to become a pivotal framework for modernizing security practices. It’s a structured journey that many organiz...
