Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Information and digital security frameworks like FedRAMP, CMMC, and ISO 27001 are not static documents. They provide a static framework for your business to comply with and achieve, but that framework is only valid for so long. Several different forces are in play to ensure that the stipulations and security measures outlined in these frameworks remain valid over time.

As mobile technology becomes integral to day-to-day life, fraudsters are refining phishing techniques to exploit vulnerabilities in mobile browsing. According to Zimperium’s 2024 zLabs Global Mobile Threat report, 82% of phishing sites specifically targeted mobile devices in 2023. To protect customer data, enterprises need to counter-adapt.

At CornCon 2024, experts debunk myths, explore SaaS vulnerabilities, and highlight how human connections shape the future of cybersecurity innovation.

Cybercriminals have found a new way of leveraging legitimate web services for malicious purposes, this time with the benefit of added automation of campaign actions. Security researchers at CheckPoint have discovered a new phishing campaign that uses Google App Scripts – a scripting platform developed by Google that lets you integrate with and automate tasks across Google products – as the destination in malicious links.

The Trinity ransomware gang is launching double-extortion attacks against organizations in the healthcare sector, according to an advisory from the US Department of Health and Human Services (HHS). The ransomware gains initial access via phishing emails or software vulnerabilities. “Trinity ransomware was first seen around May 2024,” the advisory says.

According to Cybersecurity Ventures, more than half of the world’s data will be stored in the cloud by 2025. With this growth comes a new challenge: understanding where your cloud data lives, what it contains, and how to ensure it is properly protected. The mass storage capabilities of the cloud means it’s easy to drop data wherever you want. It’s also easy to forget to clean up that data or set up backups where that data is required.

Think of a port as a virtual gateway that a specific service, process, or application on your computer uses for network communication. Each port is assigned a unique number, allowing different types of traffic to be directed to the appropriate software. For example, your email might use one port, while your web browsing uses another. When combined with an IP address, a port number creates a complete socket address, enabling precise routing of data to and from your computer across the network.

The privileged accounts in your IT environment require special attention because they have elevated access to vital systems and sensitive data. The organization can suffer severe damage if they are misused by their owners or compromised in attacks. In addition, many compliance standards require organizations to maintain tight control over privileged access. Most organizations have hundreds or thousands of accounts with privileged access.

Microsoft is currently investigating a significant issue affecting its Outlook desktop app, with users experiencing a range of problems, including crashes, high memory consumption, and login failures. Initially believed to impact only European users, the issue has now been reported by users globally, signaling a more widespread problem. In addition to the desktop app, some users have experienced similar issues while using Outlook on the web (OWA), making this a pressing matter for Microsoft to address.