Becoming Cyber Resilient—Cybersecurity Trends to Watch in 2023
Blog Published: 03/23/2023
Originally published by BARR Advisory. Written by Kyle Cohlmia. According to the 2022 IBM Cost of Data Breach report, 83% of organizations surveyed experienced more than one data breach with an average total cost of $4.35 million. This cost was an all-time high for 2022 and a 2.6% increase from t...
What is FIPS 140 and What Does it Mean to Be “FIPS Compliant”?
Blog Published: 03/23/2023
Originally published by Titaniam. FIPS was developed by the Computer Security Division of the National Institute of Standards and Technology (NIST). It established a data security and computer system standard that businesses must follow in accordance with the Federal Information Security Manageme...
Malware Analysis: GuLoader Dissection Reveals New Anti-Analysis Techniques and Code Injection Redundancy
Blog Published: 03/22/2023
Originally published by CrowdStrike. GuLoader is an advanced malware downloader that uses a polymorphic shellcode loader to dodge traditional security solutionsCrowdStrike researchers expose complete GuLoader behavior by mapping all embedded DJB2 hash values for every API used by the malwareNew s...
Too Much Trust in the Cuckoo’s Nest
Blog Published: 03/22/2023
Originally published by CXO REvolutionaries. Written by Kyle Fiehler, Senior Transformation Analyst, Zscaler. Editor’s note: The world’s first cyber thriller anticipated zero trust more than three decades before it was born. And yes, this article could be a spoiler for some readers.I didn’t read ...
What Business Leaders Can Learn from Russia's Cyber Offensive Against Ukraine
Blog Published: 03/21/2023
Originally published by Google Cloud. Written by Phil Venables, VP/CISO, Google Cloud. Threat actors are taking tactics from Russia's cyber operations against Ukraine. Businesses and organizations should evaluate their countermeasures accordingly. A new Google report finds the offensive against U...
LummaC2 Stealer: A Potent Threat To Crypto Users
Blog Published: 03/21/2023
Originally published by Cyble. New Stealer Targeting Crypto Wallets and 2FA Extensions of Various BrowsersDuring a threat-hunting exercise, Cyble Research and Intelligence Labs (CRIL) discovered a post on the cybercrime forum about an information stealer targeting both Chromium and Mozilla-based ...
How to Pen Test the C-Suite for Cybersecurity Readiness
Blog Published: 03/21/2023
Originally published by F5. Written by Gail Coury. F5’s executive leadership got an urgent message: a malicious actor within the company was sending confidential information to a third party that could put customers at serious risk. We immediately formed a combined response team of technical cybe...
An Introduction to Data Detection and Response (DDR)
Blog Published: 03/20/2023
Originally published by Dig Security. Written by Sharon Farber, Director of Product Marketing, Dig Security. How long would it take you to respond to a cloud data breach? For most organizations, the answer is ‘far too long’. According to a 2022 report by IBM, businesses took an average of 207 day...
Analysis on Docker Hub Malicious Images: Attacks Through Public Container Images
Blog Published: 03/20/2023
Originally published by Sysdig. Written by Stefano Chierici. Supply Chain attacks are not new, but this past year they received much more attention due to high profile vulnerabilities in popular dependencies. Generally, the focus has been on the dependency attack vector. This is when source code ...
SANS 2022 Cloud Security Survey, Chapter 4: Using IAM to Secure the Cloud
Blog Published: 03/20/2023
Originally published by Gigamon.Editor’s note: This post explores Chapter 4 of the SANS 2022 Cloud Security Survey. Read Chapter 1, Chapter 2, and Chapter 3.In its 2022 Cloud Security Survey, the SANS Institute offers valuable insights into how a representative set of organizations are meeting th...
Doubled-up and Disorganized DLP Strategies Leave Organizations Desiring Simpler Management
Blog Published: 03/17/2023
With the reduction and elimination of many traditional perimeters, the popularization of zero trust security strategies, and an increased attention on data breaches, an even greater focus has been placed on data security in recent years. For many organizations, data loss prevention (DLP) solution...
The DevOps Guide to Applying the Principle of Least Privilege in AWS
Blog Published: 03/17/2023
Originally published by Britive. Applying the principle of least privilege in AWS is vital to securing your DevOps workflows on the platform. Least privilege is a best practice that restricts access rights for users and entities to the minimum necessary to perform their tasks. When you implement ...
Shadow Access in Your Cloud
Blog Published: 03/16/2023
By Venkat Raghavan, Stack IdentityShadow Access is unauthorised, invisible, unsafe and generally over permissioned access that has grown along with cloud identities, apps and data. Today, identities, human and nonhuman are automatically created, along with access pathways to cloud data. Current t...
SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security
Blog Published: 03/16/2023
Originally published by CrowdStrike. In December 2022, CrowdStrike reported on a campaign by SCATTERED SPIDER, targeting organizations within the telecom and business process outsourcing (BPO) sectors with an end objective of gaining access to mobile carrier networks.In the weeks since that post,...
How CAASM Can Help with the New NYDFS Requirements
Blog Published: 03/16/2023
Originally published by Axonius. Written by Katie Teitler. In 2017, The New York Department of Financial Services (NYDFS) enacted its Cybersecurity Regulation designed to help the financial services entities under its purview improve their cyber defenses. The initial regulation outlined tacti...
How to Prepare for ISO/IEC 27001:2022
Blog Published: 03/15/2023
Originally published by Schellman.When it comes to ISO/IEC 27002:2022 recently, it felt a bit like a game of Red Light, Green Light—you know, the childhood game where everyone runs to the finish line upon Green Light being called, but you had to stop on a dime when you heard “Red Light!” and awai...
Three Ways DSPM Reduces the Risk of Data Breaches
Blog Published: 03/15/2023
Originally published by Sentra. The movement of more and more sensitive data to the cloud is driving a cloud data security gap – the chasm between the security of cloud infrastructure and the security of the data housed within it. This is one of the key drivers of the Data Security Posture Manage...
Nearly One Third of Organizations Are Struggling to Manage Cumbersome Data Loss Prevention (DLP) Environments, Cloud Security Alliance Finds
Press Release Published: 03/15/2023
New DLP survey reveals burden of legacy solution limitations and false positivesSEATTLE – March 15, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, t...
Why Your SOC Won’t Save You
Blog Published: 03/15/2023
Originally published by CXO REvolutionaries. Written by Tony Fergusson, CISO - EMEA, Zscaler. Are SOCs just the emperor’s new clothes?It’s sometimes suggested in this industry that a security operations center (SOC) is a sign of superior cybersecurity and business success. But is that really wisd...
Cloud-Native Development - Security Challenge or Opportunity?
Blog Published: 03/14/2023
Originally published by Dazz. Written by Eyal Golombek, Director of Product Management, Dazz. Modern SDLC - Complex but manageable Cloud-native development and modern DevOps practices enable faster development cycles, high scalability, and smoother maintenance processes, yet, they also introduce ...
