Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Each October, Cybersecurity Awareness Month encourages individuals and organizations to prioritize cybersecurity. This initiative has played a vital role in raising awareness about IoT security and promoting responsible IoT device usage. 2023 marks the 20th anniversary of Cybersecurity Awareness Month, and it seems like the perfect time to reflect on the ever-evolving landscape of IoT (Internet of Things) cybersecurity over the past two decades.

DarkGate Loader is a commodity malware loader with multiple features including the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. Its distribution mechanism also makes use of legitimate AutoIt files to inject the malicious payload.

In 2007, a group of healthcare organizations, technology companies, and government agencies—including the American Hospital Association, Blue Cross Blue Shield Association, the Centers for Medicare & Medicaid Services (CMS), McKesson Corporation, and Microsoft—got together to create a unified approach to information security and privacy. The result was the Health Information Trust Alliance’s Common Security Framework (HITRUST CSF).

SQL server attacks are one of the most painful attacks organizations can suffer. An organization’s database is one of its softest spots, with a wide surface area susceptible to attacks. This results in it being an attractive target of attackers. Neglecting your organization’s SQL server security is equivalent to having a bomb ticking in your organization’s IT infrastructure.

Modern enterprise complexity is challenging cybersecurity programs. With the widespread adoption of cloud services and remote work, and the broadening distribution of applications and employees away from traditional corporate locations, organizations require a more flexible and scalable approach to network security. SASE technology can help address these issues, making SASE adoption a goal for many organizations worldwide. But adoption paths can vary widely.

The healthcare industry is progressing towards a more mature cybersecurity posture. However, given it remains a popular attack target, more attention is needed. Results from The Cost of a Data Breach Report 2023 reported that healthcare has had the highest industry cost of breach for 13 consecutive years, to the tune of $10.93M. In 2022, the top 35 global security breaches exposed 1.2 billion records, and 34% of those attacks hit the public sector and healthcare organizations.

This month has been full of new product announcements, including integrations with Microsoft Teams and Notion, as well as various improvements to security team workflows. Read on to learn more about what we’ve been up to this month.

How well do you sleep at night? Odds are you would sleep better if you could wake up to Zero Trust Architecture (ZTA). A true ZTA network makes incident response wake-up calls far less likely by shutting down data breaches, ransomware threats or any kind of unauthorised network access. It would also save your organisation at least £500,000 over a four-year period, making your security efforts much easier to advocate for. That’s the dream anyway.

Researchers at INKY warn that a phishing campaign is attempting to distribute malware by impersonating PepsiCo. “As usual, it all starts with a phishing email,” the researchers write. “In this case, the phishers are impersonating the PepsiCo brand, pretending to be potential clients. They are claiming to need what the recipient sells and they’re asking them to submit a quote for PepsiCo to review.

A HIPAA (Health Insurance Portability and Accountability Act) questionnaire is essential for evaluating third-party vendors for healthcare organizations to ensure they follow HIPAA regulations and standards. As one of the most breached industries, it is vastly important for healthcare organizations to send out comprehensive security questionnaires to properly assess their vendors’ risks and determine a plan of action on how to remediate those risks or potentially end the business partnership.