Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Another day, another legitimate cloud service exploited for a cyber espionage campaign… Researchers at ESET recently discovered Dolphin, a previously unreported backdoor used by the North-Korean threat actor APT37 (AKA ScarCruft and Reaper) against selected targets. The backdoor, deployed after the initial compromise using less sophisticated malware, was observed for the first time in early 2021, during a watering-hole attack on a South Korean online newspaper.

Sometimes in the comms team here at Netskope I hear fantastic tales that are not yet approved for public consumption. The frustration is very real when I hear of a creative customer implementation that cannot yet be told to the wider world. But today I have contrived a clever way to be able to share one of these stories with a veil of anonymity, ahead of a bigger effort to craft a case study for full public consumption.

Using unique passwords is one of the best practices for securing online accounts, but trying to memorize dozens of passwords across all your applications is nearly impossible. A password manager helps to protect access to online accounts by securely storing credentials. In this article, we discuss the features and benefits of a reliable password manager and how they work.

Digital payment systems are quickly becoming the norm. The speed and convenience of apps like PayPal and Apple Pay have led businesses and consumers to move away from cash, but this efficiency comes at a cost. These digital platforms are also attractive to cybercriminals. Mitigating any vulnerability starts with understanding how threat actors target it. With that in mind, here’s how cybercriminals take advantage of digital payment systems, and what you can do to stay safe.

In the world of security, authentication, and authorization methodologies are foundational aspects of defense. Authentication techniques protect against unlawful entry to systems through the verification of a user, and authorization either grants or denies the verified user’s access level.

Passwords are the most widespread form of authentication on different platforms and systems. Still, companies and users often do not prioritize creating strong passwords and continue to opt for simple and very weak passwords in the eyes of cybercrime professionals.

The SMLS team enables Splunk customers to find obscure and buried threats in large amounts of data through expert analytics. This work is part of a set of machine learning detections built by a specialized team of security-focused data scientists working in concert with Splunk’s threat research teams to help Splunk customers sift through vast amounts of data to identify and alert users of suspicious content.

As web applications become more complex and interconnected, the security of these applications becomes increasingly important. In this article, we will discuss web application security, why it is crucial, and how you can test your web applications for security vulnerabilities. By taking measures to secure your website, you reduce the risk of cyberattacks, protect your data from unauthorized access, and save you and your business time and money.

The Gramm-Leach-Bliley Act (GLBA) applies to many types of financial institutions, like banks, savings and loans, credit unions, insurance companies and securities firms. It requires those organizations to explain their information-sharing practices to their customers and to protect sensitive data. On November 15, 2022, The FTC announced a six-month extension for companies to comply with data security provisions in the GLBA. The new deadline is June 9, 2023.

Patch management is an essential prerequisite for continuous cyber risk mitigation. But it’s not getting any easier. That makes finding the right security partner an essential task for any IT operations leader. But this too is fraught with difficulty in a market saturated with vendors. This is where independent market analysis can be invaluable.