Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A few days ago it was reported that the new Apache version 2.4.53 contains fixes for several bugs which exposed the users of the well known HTTP server to attacks: CVE-2022-22719 relates to a bug in the mod_lua modules which may lead to Denial of Service after reading from a random memory Area, CVE-2022-22720 exposes the server to HTTP Smuggling attacks, CVE-2022-22721 exposes the server to a buffer overflow when handling large XML input, and CVE-2022-23943 is a vulnerability in the mod_sed module, whi

In recent times when data breaches and cyber attacks have become so common, being cyber resilient and prepared for the attack when it happens is the new norm.

The widespread popularity of the containerized infrastructure backed by the advancement in technology, has made Linux the top priority as a host of the enterprise production environment. Red Hat Enterprise Linux default configuration settings which are more functionality-focused than being security-oriented, are often faced with the risk of infrastructure breaches.

ISO 27001 compliance provides greater assurance that an organization is adequately managing its cybersecurity practices, such as protecting personal data and other types of sensitive data. Third-party risk management (TPRM) programs can benefit immensely from implementing the relevant ISO 270001 controls to mitigate the risk of significant security incidents and data breaches.

According to a PwC poll, the epidemic has increased the number of employees working from home to almost 70%. Remote working, however, has its own set of risks. Companies are vulnerable to a host of network attacks because of employee-owned devices, insecure connections, and inappropriate device usage. That is where cybersecurity awareness training for employees comes into the picture and plays a key role in preventing cyber attacks.

As more and more businesses and individuals choose to store their data online, ensuring the safety of information is becoming exceptionally crucial. According to recent statistics from the Hosting Tribunal, over 95% of IT professionals use cloud storage. This number is expected to grow steadily.

An increasing number of modern security conscious companies have Chief Information Security Officers (CISOs) on the payroll to help them manage their environment from increasingly sophisticated cyber threats. Unfortunately, many other organizations are not currently able to employ a full time CISO. This can be related to a series of contributing factors including a lack of necessary budget, competing priorities, or unfilled vacancies due to a shortage of qualified candidates.

HIPAA requires covered entities and business associates to secure protected health information (PHI). Failing to do so can result in steep fines and penalties. Some PHI breaches, however, are out of the organization’s control. Determined hackers can expose PHI, and employees can make mistakes — they’re only human, Despite training, rigorous security protocols, and constant monitoring, data breaches can happen.

The cybersecurity community uses the term Advanced Persistent Threats to refer to threats that have extremely long persistence on a particular target—often lurking inside a target system for years. Their targets can include government agencies (at all levels), including contractors and suppliers far down the supply chain. Due to their passive nature, you may not even realize that your organization is a target for an APT. In fact, your infrastructure may already be infiltrated.