Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Zero Trust has been a concept since 2009 when Forrester first realized that traditional security models operated on the outdated assumption that everything inside an organization’s network should be trusted. 14 years later, the rule of “Never Trust, Always Verify” has never been more important, especially as data breaches continue to make headlines on a seemingly daily basis.

New data shows that even with the majority of organizations experiencing cyber attacks, three hours of security awareness training simply isn’t enough.

Using an external platform trusted by potential victims is proving to be a vital tool in the cybercriminal’s arsenal. New data shows the state of the threat and who’s at risk. The average business experienced around 81 social media attacks each month in Q1 of this year, according to new data from PhishLabs, increasing 12% over Q4, 2022 and 5% over Q1 of 2022.

Using credibility-building imagery and creating a need for the user to click what may or may not be perceived as an image is apparently all it takes to engage potential phishing victims. Phishing attacks only need two things: something to create a sense of urgency and something to establish a sense of credibility.

There are many ways to be socially engineered and phished, including email, websites, social media, SMS texts, chat services, phone calls and in-person. These days, it is hard to sell something online, date or rent a vacation home without being scammed. Scams are everywhere! If there is a way to communicate between two parties, some scammer will try to take advantage of it.

Build a developer portal from scratch with Backstage, an open platform. In this tutorial, learn how to create a secure-by-default software catalog for bootstrapping GitHub projects.

After completing an ISO 27001 audit, there may be some critical responses you must undertake based on the recommendation in your audit report. This step-by-step guide will ensure you don’t miss any of the outstanding follow-up tasks that need to be addressed after the audit process is over. Learn how UpGuard simplifies Vendor Risk Management >

This NIST CSF questionnaire template will help you understand the degree of each vendor’s alignment with the high-level function of the NIST CSF framework - Identity, Protect, Detect, Respond, and Recover. Though this assessment only offers a superficial understanding of compliance, it’s sufficient for getting a sense of a prospective vendor’s security posture, especially when coupled with an external attack surface scanning solution.

The Idaho Department of Health and Welfare is a government organization that offers free or low-cost services to Idaho citizens to provide for their health and well-being. This includes things like Medicaid, food programs, and more. The organization is a government agency that manages a huge amount of data for different people.

Healthcare services offered by the government and private agencies took a serious hit this week with breaches against Johns Hopkins, Essen Health Care, Atrium Health at Wake Forest, and the Idaho Department of Health and Welfare. Patients lost a significant amount of both personal and health information in this breach as a result. The Bank of NY Mellon was also a breach victim this week. Read below for the details.