Governance, risk, and compliance (GRC) management presents some unique challenges for organizations that deploy a myriad of cloud resources, services, and accounts. Simple misconfigurations in any of these assets can lead to a serious data breach, and compliance issues become even more prevalent as organizations try to inventory and manage assets across multiple cloud platforms and security and auditing tools.
Data protection, once a marginalized subsection of the cybersecurity industry, has increasingly become a major concern, especially for companies deploying Cloud based applications. GDPR, CCPA, PIPEDA - The list goes on but they all have one thing in common - A focus by regulators worldwide on addressing the issues presented by the use of digital big data.
Leading a cybersecurity program across multiple subsidiaries, geographies, or regulatory jurisdictions is incredibly complex. In the second installment of our 'What's On Your Security Roadmap for 2022' series, the Chief Information Security Officer (CISO) of a global provider of data, technology, and market infrastructure shares why automation, hiring, and cloud tooling are his top priorities to help his team stay ahead of cyber threats.
It’s been more than two years since the first stories of COVID-19 hit the news, and so much about how we live and work has changed during that time. The global pandemic affected every area of business in economies the world over, resulting in financial losses and closures, especially for small enterprises and start-ups.
In a fiercely competitive industry, user experience (UX) is one area where retailers can differentiate themselves and win customer loyalty. UX design is a means to reducing friction between users and what they want to do (or more accurately, what the business wants them to do). UX is thus vital to influencing metrics like conversion rate, time on site, page views and basket size.
On Tuesday, February 8, 2022, SAP patched a critical memory corruption vulnerability (CVE-2022-22536) in the SAP Internet Communication Manager (ICM) component that could lead to full system takeover without authentication or user interaction. The ICM component is present in most SAP products and is an important component in SAP NetWeaver application servers.
Recently, we have seen several malware campaigns attacking Ukrainian organizations — Operation Bleeding Bear is a recent one of note. Elastic Security researchers recently verified a data wiper malware campaign that is targeting Ukrainian systems. As this malware campaign is new, with more information being uncovered hourly, it is being referred to as HERMETICWIPER.
This week we’ve added new Kotlin & Swift Courses to the Security Labs catalog! The update includes 4-5 Kotlin (Android) labs and 4 Swift (iOS) labs that cover common mobile security topics such as secret storage, authorization, and custom URL handling.
Cornwall Council is warning residents about a new scam that is making the rounds on text messages. Fraudsters are sending scam messages that appear to be from the Cornwall Council, telling people that they need to isolate themselves due to being in contact with those with COVID19. They are being asked to click on a link for more information and to book a test. The text is being sent from mobile phone numbers, so it’s important to be wary of any links you receive from unknown senders.
Given that active cyber warfare has broken out alongside Russia’s active invasion of Ukraine - from Russian wiper malware to Anonymous hacking Russian state TV - CISA’s recent “Shields Up” memo is a timely insight into some of the TTPs defenders of critical infrastructure should be keeping an eye out for. Let’s break down the four key areas outlined in the memo and examine ways they can be detected with network data.