Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The White House’s ambitious national cyber strategy— which represents a shift away from decades-old voluntary compliance guidelines to a more aggressive regulatory approach of critical infrastructure firms—couldn’t come at a better time. A recent study found that local governments were the organizations least capable of disrupting ransomware attacks, and that they were also among the ransomware victims to pay ransoms most frequently (43% paid a ransom after an incident).

Point32Health is a health company based in Canton, Massachusetts. This company oversees a variety of different health plans and is responsible for maintaining health care for some key universities. For example, the company manages Tufts Health Plan, Harvard Pilgrim Health, and Integra Partners, to name a few. The business employs more than 1,100 people and generates over $9.4 billion in revenue annually.

Using groups is a best practice for Active Directory management. This article describes the two types of Active Directory groups — security groups and distribution groups — and offers guidance for using them effectively.

Most cybersecurity professionals know that cyber breaches increase each year. So it’s no surprise that the cybersecurity insurance business also keeps growing briskly. According to data from Markets and Markets and Polaris Market Research, the cyber insurance market swelled to $11.9 billion worldwide in 2022, up from $10.1 billion the previous year, and is projected to grow to more than $29 billion by 2027.

Iranian state-sponsored hacking group Charming Kitten has been named as the group responsible for a new wave of attacks targeting critical infrastructure in the United States and elsewhere.

When you’re trying to choose the right application security solution, navigating the options on the market can be bewildering. At Mend.io, we know that software developers and DevOps professionals use multiple tools to identify security issues in different stages of the software delivery life cycle and different code types. And we’re dedicated to making every aspect of AppSec as seamless as possible, which includes making your solution selection as easy as it can be.

Many enterprises in verticals such as power and energy, oil and gas, healthcare, and manufacturing have been playing catch up over the past decade in terms of securing their operational technology (OT) networks against cyberattacks. For years, industrial asset owners didn’t consider their OT environment to be a significant security risk.

Read our guide to learn more about the key issues to be aware of and how The OWASP Top Ten could help to reduce the risk of web application attacks.

With the first full day of RSAC 2023 in the books, we wanted to publish a running diary of some of the key takeaways and themes that we are hearing on the show floor and at the various sessions we’re attending.

This is the fourth blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. The third blog on network and data flow diagrams for PCI DSS compliance is here.