Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Late last year, The Canadian Center for Cyber Security published an in-depth threat bulletin declaring it had knowledge of 235 ransomware incidents against Canadian victims from in 2021, with more than half of these victims being critical infrastructure providers. The report also explains that most ransomware events remain unreported to the Center, and—based on past findings—once targeted, ransomware victims are often attacked multiple times.

Vendors are a key part of every business and, therefore, every organization’s security. Yet, one of the biggest challenges for security and third-party risk management teams is tracking down their vendors. It’s no wonder that 65% of organizations don’t know which third parties have access to their most sensitive data. On top of that, vendor risk management teams need to worry about who their vendors’ vendors are – namely their fourth parties.

On Jan. 26, the Office of Management and Budget (OMB) published its widely anticipated final version of its zero trust architecture strategy, identifying top cybersecurity priorities for the federal government. This achievement raises the country’s cyber defense strategy to a level commensurate with the “increasingly sophisticated and persistent threat campaigns” it faces.

CHECK and CREST are two separate accreditations approved for use by the National Cyber Security Centre (NCSC), and the Council of Registered Ethical Security Testers (CREST). CHECK, which is an abbreviation of IT Health Check Service, is an NCSC initiative for protecting government and public sector systems in line with government policy.

Today, anyone can contribute to some of the world’s most important software platforms and frameworks, such as Kubernetes, the Linux kernel or Python. They can do this because these platforms are open source, meaning they are collaboratively developed by global communities. What if we applied the same principles of democratization and free access to cybersecurity?

Proofpoint Essentials MSP services leverage the same enterprise-class security that powers some of the world’s largest and most security-conscious companies for SMBs. This visibility and security give them the protection for their greatest security risk—their people. Small and medium-sized businesses (SMBs) are targeted with the same attacks as large enterprises but they often lack the personnel and financial resources to purchase and operate security solutions aimed at large enterprises.

A stored cross-site scripting vulnerability, tracked as CVE-2021-45919, was identified in elFinder File Manager. The vulnerability can result in the theft of user credentials, tokens, and the ability to execute malicious JavaScript in the user's browser. Any organization utilizing an out-of-date elFinder component on its web application could be affected.

The nature of business today is increasingly decentralized. Cloud applications are exploding. Data is everywhere. And a large number of users will continue to work remotely even post-COVID-19. While all of these things increase business agility, they also increase an organization’s attack surface. The concept of Zero Trust is generating a lot of buzz as a panacea for these new risk exposures—and for good reason.

When was the last time you purchased a product that was in a container? If you are a typical consumer, you probably have done so in the last few days. There is an entire industry that focuses on these containers. Consumer Packaged Goods (CPG) is an industry term for merchandise that is used and replaced on a frequent basis.

As Egnyte’s business and customer base grows, we have an engineering responsibility to provide data quickly and at high availability. In this blog I’ll recap one of those efforts—a proof-of-concept API caching project that serves our large folder listing capabilities and has future applications in other Egnyte services.