Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Healthcare companies and insurance providers were hard hit this week in a slew of data breaches. Some of the breaches happened long ago, while others are fresh, but either way, it's clear that medical companies are being targeted heavily by hackers. The list of companies includes the Charles George VA Medical Center, ARx Patient Solutions, Advanced Medical Management, and Imagine360 LLC. We also can't skip over the fact that oil giant Shell was hit by a breach as well.

CVE-2023-2868, a vulnerability in the Barracuda ESG was announced on May 23. On June 15th, a report surfaced, attributing the exploitation of this vulnerability to a threat actor group tracked as UNC4841, which analysts believe is conducting espionage on behalf of the Chinese government. SecurityScorecard’s STRIKE Team consulted its datasets to identify possibly affected organizations.

Infrastructure as code (IaC) has changed how we deploy and manage our cloud infrastructure. Instead of having to manually configure servers and networks with a large operations team, we can now define our service architecture through code. IaC allows us to automate infrastructure deployment, scale our entire fleet of servers, document a history of changes to our architecture, and test incremental changes to the network.

Every employee in an organization has access to email, creating a vulnerability that cybercriminals seek to exploit through phishing attacks. There are many different types of phishing attacks that bad actors use to achieve their goals, and it is important to have the right processes and security solutions in place to prevent employees from falling victim.

Emojis are now the widely understood language of our digital world.These tiny icons that add color and life to our messages are designed to enhance online interactions by letting us express emotions and thoughts in an easy way. But hackers are seeing them as an opportunity to infect devices and exploit our personal data.

This year, Amazon Web Services (AWS), a leading cloud services provider, announced a comprehensive security solution called Amazon Security Lake. In this blog post, we will explore what Amazon Security Lake is, how it works, the benefits for organizations, and partners you can leverage alongside it to enhance security analytics and quickly respond to security events. Image source: Amazon.

Two web-scale companies have recently shared how they solved mission-critical authorization challenges using Open Policy Agent (OPA). These accounts validate the value of what we’ve built with OPA and give important blueprints for engineers looking to address similar challenges. We consider these required reading for anyone considering or using OPA at scale. In this post we review these two case studies to highlight common patterns and important differences.

Indusface WAS integrates with all major Security Information & Event Management (SIEM) providers that integrate with Amazon S3. With this integration, you can push logs from Indusface WAS into leading SIEM providers like SumoLogic, RSA, Splunk, and McAfee. Given the complexity of modern architectures encompassing multiple security devices and environments, organizations increasingly rely on SIEM solutions.

Today, an intricate web of tools, programs, and individuals collaborates to bring applications to life. This interconnected network, the software supply chain, encompasses the various entities and processes that shape the software development lifecycle (SDLC), including developers, dependencies, network interfaces, and DevOps practices. Given the diverse nature of these components, ensuring the security of each element becomes paramount.

The rapid advancement of technology in over 10-15 years has significantly impacted cybersecurity. With the ever-expanding cyber world, cybercriminals constantly adjust their tactics to exploit new vulnerabilities. As a result, software developers are now facing numerous cybersecurity issues that must be addressed to create a safe and secure cyberspace. In this guide, we are some of the most common cybersecurity challenges that software developers are currently facing.