Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Over the past several decades, cybercrime has evolved to be more comprehensive, threatening, and damaging. There is an emerging trend of cybercriminals attacking all sorts of individuals and organizations in the industry. The healthcare industry has been a soft target for many years and healthcare data is a prime target for cybercriminals intent on stealing data.

In recent incident response investigations, CrowdStrike Services has observed adversaries use the sts:GetFederationToken API call to create federated sessions from IAM users. In this scenario, the federated session inherits permissions from the base IAM user. Perhaps surprising to many incident responders, the privileges and access of the federated session are not revoked when the base IAM user’s credentials are deactivated.

Small and medium-sized businesses (SMBs) are more frequent targets of cybercrime than larger companies, industry research shows, and the trend is putting enormous financial pressure on small businesses. Some SMBs feel this pressure more strongly than others: CrowdStrike’s data shows sectors including not-for-profit and transportation are more frequently targeted with high- and critical-severity attacks than other industries.

Security teams need to continually bolster their cybersecurity controls and expertise to keep up with the evolving threat landscape. Successful readiness and response to a cybersecurity breach requires the right mix of people, processes and technology. Yet challenges with staffing, technical issues, and budget hamper threat detection and response for too many organizations, creating gaps that threat actors are eager to exploit.

Python is a popular and powerful programming language that is often used for building web applications, data analysis, and automation. One of the key challenges in such projects is ensuring the security of network communication, which can be vulnerable to various threats such as man-in-the-middle attacks and eavesdropping. Fortunately, Python offers a range of libraries for encrypting and securing network communication.

Your digital footprint could make or break critical aspects of your life from getting into college to landing a new job. It’s important to clean up your digital footprint so that it doesn’t negatively impact you. You can clean up your digital footprint by deleting any accounts you don’t use anymore, not sharing personal information on social media and by using a password manager. Read on to learn more about digital footprints and what you can do to keep yours clean.

The difference between good and great software isn’t flashy features: it’s the feeling of using a tool that just works. With this in mind, our team recently decided to press pause, roll up our collective sleeves, and spend some quality time improving the fundamentals of 1Password 8.

As the US Department of Defense’s (DoD’s) Software Modernization Strategy is put into place, agility, cloud adoption, and the software-factory methodology are top of mind. But according to a new study from the Hudson Institute, the DoD’s current approach to software and software updates isn’t fast enough to keep pace with modern warfare.

The Managed Security Services Provider (MSSP) market is poised for exponential growth. Researchers estimate that the global managed security services market will generate revenue of approximately $53.2 billion by the end of 2031, a 264% growth rate for 2021 with a 14.2% compound annual growth rate (CAGR).

Wow! We made it to the last post in our Malicious Packages series. While parting is such sweet sorrow, we hope blogs one, two, and three provide insights into the havoc malicious packages cause throughout your DevOps and DevSecOps pipelines. In the prior posts: Now let’s get to know attackers’ other, more discreet interests when creating a malicious package: hiding malicious code, and finally showing how malicious packages can be detected and prevented.