Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We know that managing SSL/TLS certificates across hundreds – or even thousands – of Internet-facing assets is often a manual job for most security teams. Certificates that have expired, for example, offer an excellent opportunity for malicious actors to execute a variety of hacks (in some instances, even a MITM attack) and can also put sites at risk of becoming inaccessible. We’re excited to share that automated SSL/TLS certificate assessments are now a part of Surface Monitoring.

Artificial intelligence has arguably overstayed its welcome as a buzzword in the technology realm, leading to debates around the efficacy of the tool and definition of the term for the better part of two decades. But in the world of cybersecurity, businesses are just beginning to reap the benefits of advanced machine learning models that can actually keep up with ever-changing threats from cybercriminals with nothing but time on their hands to break algorithm-based defenses.

On March 29, researchers from two security companies identified an active campaign originating from a modified version of a legitimate, signed application: 3CXDesktopApp, a popular voice and video conferencing software. 3CXDesktopApp is developed by 3CX, a business communications software company. According to its website, 3CX has 600,000 client organizations and 12 million daily users.

It's no surprise that organizations are moving to the cloud to innovate — to meet the growing demands of their customers and digital transformation. Organizations want to build applications that are fast and scalable. They want to make use of the latest cloud-native capabilities like containers, orchestrators, microservices, APIs, and declarative infrastructure. However, this also means security in the cloud cannot be an afterthought.

Security AI usage has surged, and enterprises are reaping the benefits. In its 2022 Cost of a Data Breach Report, IBM found that organizations deploying security AI and automation incurred $3.05 million less on average in breach costs – the biggest cost saver found in the study. According to the study, organizations using security AI and automation detected and contained breaches faster. However, while leveraging AI clearly makes a difference, organizations must implement the right architecture.

There are never enough hours in the day to do everything. I think we all have a to-do list that is at least twice as long as the time available to complete it. To cope, we prioritize what’s “on fire” or what has the most potential to immediately cause damage if it’s not taken care of. Often the things we “should” focus on fall to the wayside as they are outshined by what we must do immediately.

Majestic Care is a nursing home company that has more than 20 locations throughout Indiana. The organization serves elderly patients all over the state and manages a great deal of medical and financial information as a result. That's why it's so upsetting to hear that one of the company's 20 locations was hit by a cyber attack that resulted in the loss of data. If you or one of your loved ones uses the Middletown location, you may have lost important data and could be at risk.

In security, there are always tensions; the balancing act between security, convenience, and functionality. While these three, often competing interests cause many people to become frustrated, there are some simple steps that can ease the security struggle.

When I was younger, you could add a second processor to a computer, but it didn’t double the workload it handled. Natural inefficiencies meant that 1+1 was approximately 1.5 or maybe 1.75 times the workload. Today, multiprocessing and multithreading is so common that even the Windows calculator takes advantage of the benefits. So, when I look at the recent acquisition of Tripwire by Fortra, how do I calculate the result of 1 + 1?

Are you aware of the risks involved in doing business with parties sanctioned by the Office of Financial Assets Control (OFAC)? How does this impact your vendor management? OFAC stands for Office of Foreign Assets Control within the Treasury Department. As part of the U.S. government measure to enforce anti-money laundering/counter terrorism financing regulations, OFAC oversees economic and trade sanctions. These sanctions are against countries, individuals, or outfits engaged in disreputable actions.