Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Understanding ransomware attacks is the first step in being able to prevent them from successfully targeting an organization. To prevent ransomware attacks, organizations must have strong security protocols in place such as performing regular system backups and training employees to avoid social engineering scams, among other measures. Continue reading to learn more about ransomware attacks and what organizations can do to stay protected against this type of attack.

Open source libraries have become an indispensable part of modern applications. Approximately 90 percent of organizations use open source software to support their services, but monitoring these dependencies can be difficult when environments run thousands of ephemeral services.

We’re thrilled to announce that we’ve delivered more than 50 new system integrations over the past quarter, taking us to a total of 110 integrations. This is far ahead of any other automated compliance solution in the market, reflecting our innovation velocity and long-term commitment to ensuring customer value and success with Vanta.

DevOps Midwest 2023 brought together experts in scale, availability, and security best practices. Read some of the highlights from this DevSecOps-focused event.

Most hunting enthusiasts agree that the thrill of hunting lies in the chase. Equipped with experience and tools of their trade, hunters skillfully search for signs of prey — a broken twig, a track in the mud. CrowdStrike® Falcon OverWatch™ threat hunters are no different. They search for signs of their prey — of adversaries lurking in the dark — and these signs are called hunting leads.

This month, the NCSC and its Cyber Essentials delivery partner IASME will update the technical requirements for the 2023 Cyber Essentials scheme. These changes come as part of a regular review of the scheme’s technical controls, ensuring that it continues to help UK organisations guard against the most common cyber threats. Changes come into play on 24th April 2023, and as stated on their website, these modifications will cover a variety of key areas.

A new malicious package has been detected on the Node Package Manager (npm) repository that poses a significant threat to users who may unknowingly install it. Named ‘Vibranced,’ the package has been carefully crafted to mimic the popular ‘colors’ package, which has over 20 million weekly downloads.

Remote or hybrid work have become the de facto standard for many companies, post-pandemic, as more employees demand more flexible workplace policies. Therefore, organizations looking to support hybrid work will require a long-term strategy that ensures their infrastructure is equipped to securely facilitate this new flexible work environment.

In last week’s discussion around readiness and resilience, I introduced the concept of what it means to have “threat-informed” cybersecurity. This week, I want to show you what that looks like in the real world – how it should drive you to challenge more assumptions, reduce your attack surface, and game out real-world scenarios.

The Office of the Comptroller of the Currency (OCC) has outlined its third-party risk management requirements for United States national banks and federal savings associations in the OCC Bulletin 2013-29. These risk management standards don't only apply to third-party vendor relationships; the OCC expects all banks to follow best third-party risk management practices, whether activities occur internally or through service providers.