Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A joint cybersecurity advisory published last week discusses ransomware attack impacts on healthcare, along with ALPHV’s attack techniques, indicators of compromise (IoCs) and proper response actions. ALPHV is a big enough problem that Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Department of Health and Human Services (HHS) all are getting together to put healthcare organizations on notice.

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news, and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team.

Welcome to our latest blog post where we delve into the intricacies of the Payment Card Industry Data Security Standard (PCI DSS) Requirement 12. This requirement, which focuses on maintaining an Information Security Policy, is a cornerstone of the PCI DSS framework. It outlines the need for comprehensive policies and programs that govern and provide direction for the protection of an entity’s information assets.

ConMon: FedRAMP Continuous Monitoring and How It Works Obtaining a software approval with the federal government and its agencies as a contractor and obtaining an Authority to Operate (ATO) is not a one-time process. We’re not just referring to the need to recertify annually and pass occasional audits. We’re talking about an additional part of the process, the final part of the NIST Risk Management Framework: Monitoring.

What is OSCAL and Why Does It Matter for NIST and FedRAMP? Complying with federal cybersecurity guidelines is a difficult task. Unfortunately, many contractors and cloud service providers take a rather lax view of compliance, and it’s an all-too-common scenario for a company to build up standards and practices for audit time and let them slip immediately thereafter until the lead-up to the next audit. Part of this is simply the immense complexity of cybersecurity.

The demand for innovative threat detection and intelligence approaches is more pressing than ever. One such paradigm-shifting technology gaining prominence is Federated Learning (FL). This emerging concept harnesses the power of collaborative intelligence, allowing disparate entities to pool their insights without compromising sensitive data.

Any time the television news presents a story about cybersecurity, there is always a video of a large data center with thousands of blinking lights. Even most cybersecurity blogs will include an image of many lights on the front panels of servers, routers, and other hardware. However, most people don’t notice that the lights are usually green or some shade of blue. Rarely are those lights yellow or red, signaling a problem.

Security debt is a major and growing problem in software development with significant implications for application security, according to Veracode's State of Software Security 2024 Report. Let’s delve a bit deeper into the scope and risk of security debt, and gain some insights for application security managers to effectively address this challenge. Security debt refers to software flaws that remain unfixed for a year or more.

In a significant move to address the complexities of regulating artificial intelligence (AI), Speaker Mike Johnson (R-La.) and Minority Leader Hakeem Jeffries (D-N.Y.) declared the formation of a bipartisan task force dedicated to exploring AI innovation and devising safeguards against potential threats. This initiative comes as lawmakers grapple with the rapid evolution of AI technology and its implications for various sectors.

Denial of service attacks pose a significant threat to online services, with the power to disrupt and disable critical operations. This guide uncovers the numerous tactics attackers use, the motivations behind their malicious activities, and provides actionable strategies to fortify your network against these insidious threats.