Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Maybe you’re considering AICPA SOC 2 certification? Aikido was recently examined to check that our system and the design of our security controls meet the AICPA’s SOC 2 requirements. Because we learned a lot about SOC 2 standards during our audit, we wanted to share some of the insights that we think might be helpful to someone starting the same process. Read our top tips on becoming ISO 27001:2022 compliant.

In the rapidly evolving landscape of technology, the fusion of Artificial Intelligence (AI) and cybersecurity is creating both exciting opportunities and formidable challenges. The recent breakfast briefing on the historic HMS Belfast served as a critical forum for industry leaders to explore these issues in depth.

While both locker and crypto ransomware are types of ransomware, there is one key difference between the two. The main difference between locker and crypto ransomware is that locker ransomware locks an entire device whereas crypto ransomware only encrypts files and data stored on the infected device. Keep reading to learn more about locker and crypto ransomware and how your organization can prevent these and other ransomware attacks.

SAP recently announced the end-of-life for SAP Identity Manager (IDM). This announcement required SAP to establish guidelines for existing customers to transition away from the platform with other products. One Identity is a leading vendor of choice for this migration due to its well-established market presence and robust SAP solutions support. In this two-part blog series, we will shed some light on how One Identity can seamlessly integrate with SAP products, starting with its certified ABAP connector.

In a recent webinar, NeoSystems and Deltek unveiled a strategy to help government contractors, compliance officers, and IT professionals achieve Cybersecurity Maturity Model Certification (CMMC) swiftly and with minimal risk. Here’s a synthesis of the critical points discussed, offering valuable guidance on how to navigate the complexities of CMMC.

Choosing the right software to defend your organization, both in real-time and in retrospect, is one of the most important decisions an organization can make. Security teams need to be able to view activity and affect access quickly, and that becomes more difficult at bigger, complex enterprises. A classical approach to this problem is role-based access control (RBAC), but for many organizations, multitenancy is a better fit.

The Red Team Chronicles is a hacker comic that this month is looking at the endeavors of Jason Haddix and how he and his team got access to a bank via a shred bin using some thrifty techniques.

Today’s cyber threats continue to evolve at pace as adversaries compress the time between initial entry, lateral movement, and breach. At the same time, the rise of generative AI has the potential to lower the barrier of entry for low-skilled adversaries, making it easier to launch attacks that are more sophisticated and state of the art.

On May 20, 2024, Live Nation discovered and disclosed an unauthorized activity in its third-party cloud database environment, which was eventually identified to be Snowflake, in its SEC filing. The database contains information regarding the company, primarily from its Ticketmaster subsidiary. Following this filing and in the following days, analysts discovered multiple clients of Snowflake have had data posted on the Dark Web for sale.

A website directory, also known as a virtual directory functions similarly to a folder on a local machine, however, it exists on the web server’s file system and provides a structured and secure way to organize website content on an IIS server. Website directories act as logical containers for all the files that make up your website, including HTML pages, images, scripts, music, configuration files, and application binaries. Permissions assigned to directories control access to their contents.