Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24.

Encryption is a technique employed for keeping sensitive and private information safe, such as passwords, identity information, credit card details. In this article, we will explain what encryption is in detail. As a member of the society in the 21st century, you must have accounts on some online platforms or done online shopping at least once in your life. Have you ever wondered how your sensitive information like credit card details, passwords and such are kept safe in such platforms?

Data is the hottest commodity in town, particularly on the dark web. But there’s one type of file that hackers are most interested in: your medical data. Whereas a credit card number or Social Security number can net a criminal $1-$15 depending on the data type, medical records can sell for the equivalent of $60 each (in Bitcoin). What’s more, the theft of these files isn’t uncommon. Despite U.S.

Each year brings new cybersecurity threats, data breaches, attack vectors, and previously unknown vulnerabilities. Even with zero-day vulnerabilities like EternalBlue, the approach to dealing with cyber threats is the same: sound risk management framework with a systematic approach to risk assessment and response. Cybersecurity risk management takes the idea of real-world risk management and applies it to cyber risks.

Attackers are increasingly exploiting the fact that email gateways turn a blind eye to links to popular sites such as YouTube, in order to phish passwords from unsuspecting computer users. Researcher Ashley Trans of Cofense highlighted the threat in a blog post describing a recent phishing campaign. In the attack, an unsuspecting user receives an email which purports to come from SharePoint, claiming that a new file has been uploaded to his company’s SharePoint site.

Today’s businesses spend more money on SaaS tools than on laptops. On average, today’s employees use a minimum of eight different SaaS tools. The security implications of this robust cloud landscape cannot be neglected and we trust you are fully aware of it already. As an IT leader, you are responsible for keeping your company’s cloud infrastructure secure, but with the multitude of cloud apps businesses use on a daily basis, you have less and less control of that security landscape.

Role-based access control (RBAC), also known as role-based security, is an access control method that assigns permissions to end-users based on their role within your organization. RBAC provides fine-grained control, offering a simple, manageable approach to access management that is less error-prone than individually assigning permissions. This can reduce cybersecurity risk, protect sensitive data, and ensures that employees can only access information and perform actions they need to do their jobs.

The skills gap is weighing heavily on the minds of digital security team members. In a survey of 342 security professionals, Tripwire found that 83% of infosec personnel felt more overworked in 2020 than they did a year earlier. An even greater percentage (85%) stated that it had become more difficult for their organizations to hire skilled security professionals since then.

MITRE has been doing exceptional work in advancing cybersecurity as a public good, and it is an excellent resource for security professionals. Possibly best known for their ATT&CK Framework, a rich source of adversarial tactics and techniques and their mitigations, MITRE is also known for another resource: the Common Weakness Enumeration (CWE). The CWE is a community initiative sponsored by the Cybersecurity and Infrastructure Security Agency (CISA).

With the release of Elastic Security 7.6, we've announced our creation of a modern detection engine that provides SOC teams with a unified SIEM rule experience through Elastic SIEM detections. The detection engine draws from a purpose-built set of Elasticsearch analytics engines and runs on a new distributed execution platform in Kibana.