What is IEC/ISA 62443-3-3:2013? Cybersecurity & Compliance
The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) started creating the 62443 series of standards in 2002.
A Comprehensive Guide on OWASP Top 10 2023 Compliance
In 2022, Twitter suffered a massive data breach, which exposed the personal data of 5.4 million caused by broken authentication. Threat actors exploited Twitter's API vulnerability to gain unauthorized access to users' sensitive personal data. The incident resulted in reputational loss and hefty fines from the regulatory body for failing to protect users' data. This shows that no organization, regardless of size, is immune to data breaches.
Hypothesis-Driven Cryptominer Hunting with PEAK
Hypothesis-driven hunting is probably the most well-known type of threat hunting, and it’s one of the three types defined in the PEAK threat hunting framework. In this article, we’ll walk through a sample hypothesis-driven hunt, step-by-step. For our data, we’ll be using the Boss of the SOC Version 3 (BOTSv3) dataset, which you can use to recreate the hunt and work through it on your own. Below is a diagram of the Hypothesis-Driven hunting process.
How To Stay Safe From Gift Card Scams
You can stay safe from gift card scams by checking gift cards for physical tampering before purchasing them and avoiding requests that ask you to purchase gift cards as a form of payment. While gift cards are a common gift that many people choose to give each other, they are also commonly used by scammers for financial gain. According to the Better Business Bureau, gift card scams increased 50% from 2022 to 2023 with losses from January to September 2023 totaling $147 million.
Enhancing Ransomware Resilience: 5 Essential Strategies for Organizations
Ransomware poses a pervasive threat to businesses, with no foolproof method to completely ward it off. However, organizations can adopt practical measures to reduce their vulnerability and bounce back swiftly in the face of an attack. While all organizations are potential targets by ransomware threat groups, Trustwave SpiderLabs’ most recent threat intelligence report noted the manufacturing sector is the most impacted industry by ransomware.
The hidden costs of pirated software: A cautionary tale for small businesses
Avast researchers take a deep dive into the dangers of downloading pirated software and explain why small businesses should avoid this tempting practice.
How Jaguar Land Rover and Asda are Building a Modern DevSecOps Culture
Organizations at different stages of growth or maturity will have different challenges when adopting a modern DevSecOps program. In this session we talked with Mike Welsh, Lead Enterprise Security Architect DevSecOps, at JLR, and Ruta Baltiejute, DevSecOps Lead at Asda, about their differing approach to implementing a secure development model at their organizations. We discussed the significant differences between how they’re building software today, including their approach to change in People, Process and Tooling.
Mobile Application Security - From Vulnerabilities to Vigilance
Your mobile apps are your business's face to the world. As an app creator or business owner, credibility is everything, and security is the cornerstone upon which it stands. Now, with the digital ecosystem being highly susceptible to breaches, even a single slip in security can shatter the trust your users have in your brand, tarnishing the hard-earned credibility of your business. This is why mobile app security is key to your business’s growth.
Cyberattack Darkens Kansas State University, Network Disruptions Rampant
Kansas State University (K-State) is below Tuttle Creek Lake in northeast Kansas. The university serves 20,000 students, employs a complex faculty of emeritus, postdocs, and graduates, and offers over 50 programs. On Tuesday (January 16th, 2024), K-State published a statement concerning the disruption of some of its services; hours later, a preliminary investigation determined the cause of the disruptions came from a cybersecurity event.
What Existing Security Threats Do AI and LLMs Amplify? What Can We Do About Them?
In my previous blog post, we saw how the growth of generative AI and Large Language Models has created a new set of challenges and threats to cybersecurity. However, it’s not just new issues that we need to be concerned about. The scope and capabilities of this technology and the volume of the components that it handles can exacerbate existing cybersecurity challenges. That’s because LLMs are deployed globally, and their impact is widespread.