Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Medical data privacy and patient data security are paramount in today’s digital age. The rapid advancement of AI and big data has revolutionized healthcare and introduced significant challenges in protecting sensitive health information. De-identification, the process of removing personally identifiable information (PHI) from medical records, is crucial for balancing patient privacy with the need for research and innovation.

Cyber insurance, also referred to as cyber liability insurance, is a specialized insurance product designed to help businesses mitigate financial losses resulting from cyber threats. In today’s digital landscape, cyber risks such as ransomware attacks, malware infections, and data breaches can lead to severe financial and operational damage.

Trustwave SpiderLabs first blogged about Magecart back in 2019; fast forward five years and it is still here going strong. During the pre-holiday season, cybercriminals ramped up their efforts to target e-commerce websites, aiming to steal cardholder and personal information. These attacks, collectively known as Magecart, have been active since 2015, named after the Magento e-commerce platform with "cart" referencing shopping carts — their initial primary targets.

IP forwarding in Linux is a feature that allows a system to route packets between network interfaces, effectively functioning as a router. While this capability is essential for specific network setups, it poses security risks if enabled unnecessarily. Disabling IP forwarding is a critical step in server hardening, particularly for systems not intended to perform routing tasks.

Insider threats continue to evolve at an unprecedented pace, presenting organizations with increasingly complex security challenges. By examining findings from IBM’s Cost of a Data Breach Report 2024, Ponemon Institute’s 2023 Cost of Insider Risks Global Report, and Cybersecurity Insiders’ 2024 Insider Threat Report, we can paint a comprehensive picture of current insider threat trends and their implications.

Just as a $5,000 gaming PC won’t make someone a better gamer if they haven’t mastered the basic controls, a sophisticated security solution won’t protect an organization that hasn’t implemented fundamental security practices.

Ask Our Expert VMware vSphere Kubernetes Service (VKS), formerly known as Tanzu Kubernetes Grid (TKG) Service, has emerged as a popular platform for enterprises deploying containerized workloads, particularly those that rely on vSphere Kubernetes release (VKr), previously referred to as Tanzu Kubernetes release, for their cloud-native infrastructure.

A phishing campaign is abusing Microsoft 365 test domains to send legitimate payment requests from PayPal, according to Fortinet’s CISO Dr. Carl Windsor. Windsor found that the threat actor registered a free MS365 test domain and used it to create a distribution list containing targets’ email addresses. The scammer then used this distribution list to send payment requests via PayPal’s web portal.

Researchers at SlashNext warn that cybercriminals are using a WordPress plugin called “PhishWP” to spoof payment pages and steal financial information. The spoofed pages are designed to steal payment card numbers, expiration dates, CVVs, and billing addresses. The plugin can also intercept one-time passwords generated to secure the transactions. The stolen data is immediately sent to the crooks via Telegram as soon as the victim hits “enter” on the phishing page.

In the rapidly evolving landscape of artificial intelligence (AI), the development of AI Agents has become a focal point for enterprises… nearly all of them. According to recent IBM research, 99% of respondents are exploring or actively developing AI agents. This surge in interest also serves to underscore the necessity for secure AI agent development.