Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Earlier, even prior to the digitalization of healthcare records, it was still easier to keep the information secure and private. Records were in the physical form and could be protected in many ways. Now that people can pull up their entire health histories with the press of a few buttons, things are very different. With the information now being stored and processed online, the threat and risk exposures are equally high. So, to address such threats the U.S.

The CrowdStrike 2023 Global Threat Report, among the most trusted and comprehensive research on the modern threat landscape, explores the most significant security events and trends of the previous year, as well as the adversaries driving this activity. The latest edition of the CrowdStrike Global Threat Report comes at a critical time for organizations around the world.

This blog will explain how Falco’s Cloudtrail plugin rules can be aligned with MITRE ATT&CK Framework for Cloud. One important note is that the team at MITRE has developed several different matrices to address the unique risk associated with adversaries in the cloud, in containerized workloads as well as on mobile devices.

The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL, that resulted in stolen proprietary data. The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary software and credentials. They also attempted to pivot using a Terraform state file to other connected AWS accounts to spread their reach throughout the organization.

On December 2022, a security researcher from the Outpost24 Ghost Labs team discovered a vulnerability on the ThingsBoard IoT platform, where a normal user’s privileges can be escalated, by doing a simple post with an additional header, and exploiting the associated flaws, to take control over the entire platform and related accounts. Upon reporting of the vulnerability to the vendor, it was quickly resolved.

With growing volumes of personal data being collected, analyzed, shared and stored, there is more expectation than ever on businesses to ensure privacy for their employees, clients and wider supply chain. The digital age has streamlined ways of working, improved the targeting and personalization of services and communications and made detailed information available at the touch of a screen. But personal data is exactly that – personal.

The Election Commission of India issues the Indian Voter ID Card (officially known as the Elector’s Photo Identity Card (EPIC)) to adult Indian citizens who have reached the age of 18. It is primarily used for identity proof of Indian citizens when they cast their votes in local, state, and federal elections held in the nation. It may also be used for identity verification of name, address, and age verification for other needs like getting a SIM card for a phone or applying for a passport.

In computing, an audit log is a record of an event. An event is any significant action that impacts the hardware or software of a computer – anything from a mouse click to a program error. Besides documenting which resources were accessed and what for, an audit file system will also include the source and destination addresses, the timestamp, and the user ID information.

If you’ve been following along our journey, you know that LimaCharlie makes it easy and cost effective to get security data from any source, normalized into a single hub with the unique added benefit of running detection, automation, and response rules at wire speed. On top of being able to store all of your data within LimaCharlie, you get granular control and the ability to send data to any external destination.

In today's ever-changing digital world, users of digital risk protection solutions encounter various obstacles. Although the top players in the digital risk protection industry provide powerful solutions that come with an array of features and capabilities, customers must still navigate a complicated and fast-moving environment of potential threats.