State-sponsored threat actors continue to exploit legitimate cloud services, and especially one group, the Russian APT29 (also known as Cozy Bear, Cloaked Ursa, BlueBravo, Midnight Blizzard, and formerly Nobelium), seems to be particularly active. Between March and May 2023, security researchers at Recorded Future’s Insikt Group have unearthed a cyber espionage campaign by the same threat actor allegedly targeting government-sector entities in Europe with interest in Ukraine.

The role of the CISO is expanding alongside the growing adoption of digital technologies, which has resulted in a faster and more interconnected workforce. The dynamic and evolving nature of cyber threats is posing challenges for security teams in terms of visibility and expertise required to defend against them.

IT risk assessments are vital for cybersecurity and information security risk management in every organization today. By identifying threats to your IT systems, data and other resources and understanding their potential business impacts, you can prioritize your mitigation efforts to avoid costly business disruptions, data breaches, compliance penalties and other damage.

Australia is using the Security of Critical Infrastructure Act 2018 (SOCI Act 2018) as a framework to help the country mitigate and remediate threats to the country’s critical infrastructure. This comes after several high-profile cyber attacks raised Australia’s awareness of the need for cybersecurity and the standardization of cyber security measures for priority organizations.

Businesses are realizing the value of bot management tools as part of their application security strategy, with the control set expected to mature towards mainstream adoption in less than two years. This is according to the latest Hype Cycle™ for Application Security by Gartner®, released this month.

You don’t need a professional to be PCI-compliant, but professional expertise can make navigating the notoriously complex PCI DSS requirements easier. An experienced cybersecurity firm with qualified assessment staff can speed up compliance, enhance a firm’s security posture according to priority actions, and help the firm achieve a high level of security and peace of mind. However, you must use a professional for your business to be PCI-certified.

As one of the pioneering WAF products, Akamai remains a crucial player in the modern WAAP landscape. Akamai was among the earliest CDNs introduced and continues to dominate content delivery. Its excellence is further validated by being rated a Leader in Gartner’s Magic Quadrant for Cloud Web Application and API Protection in 2022.

The Massachusetts Data Security Law (201 CMR 17.00) safeguards the personal information of Massachusetts residents. The law went into effect on March 1, 2010, and at the time, was one of the most comprehensive data privacy laws passed in the United States. Since the law’s passing, a variety of U.S. States have passed more robust data privacy legislation, including the notable California Consumer Privacy Act (CCPA) and Virginia Consumer Data Privacy Act (VCDPA).

In the realm of cybersecurity, the RockYou.txt wordlist has become a household name. It’s a tool used by security professionals to test the strength of network security. However, like many tools in the digital world, it can also be misused by malicious actors. In this blog post, we’ll delve into the history of RockYou.txt, its uses and how to protect your organization from potential threats associated with it.

Each week we look at the data losses, hacker attacks, and the state of security in the United States and around the world. This week things seem to be particularly bleak. We always expect to see some breaches in major companies, but this week we learned about widespread employee credential losses in countless corporations throughout the United States and the world.