Every cloud has its own identity and access management system. AWS and Google use a bunch of JSON files specifying various rules. Open source projects like Kubernetes support three concurrent access control models - attribute-based, role-based and a webhook access control, all expressed using YAML. Some teams are going as far as inventing their own programming language to solve this evergreen problem.

To celebrate International Women’s Day on March 8 and the upcoming Day of Shecurity conference on March 23, I guest hosted the Lookout podcast Endpoint Enigma for an episode. I enlisted the support of my colleague Victoria Mosby to share our experiences navigating the cybersecurity sector. In addition to working as a federal sales engineer at Lookout, Victoria is also an active member of the Lookout Foundation and the Day of Shecurity initiative.

Workplace collaboration has been steadily evolving from sharing of information through simple email attachments to more sophisticated cloud-based applications sharing. In the business world, where every organization is garnering unique business practices to gain a competitive edge, data is the king. This means that data has to be shared between organizations, where both mutually benefit. Access to the right information adds clarity and helps in faster decision-making.

Organizations are increasingly turning to microservices to facilitate their ongoing digital transformations. According to ITProPortal, more than three quarters (77%) of software engineers, systems and technical architects, engineers and decision makers said in a 2020 report that their organizations had adopted microservices. Almost all (92%) of those respondents reported a high level of success.

Recent years have seen a sharp increase in the number of reported security vulnerabilities, along with quite a few notorious attacks on enterprise applications. Organizations have reacted by increasing their investment in AppSec and DevSecOps, including the widespread adoption of AST (application security testing) tools.

There is a common tendency that the typical DAST scanner finds the easiest to locate known security vulnerabilities. If you need to find vulnerabilities that are more difficult to detect – you need the help of security experts. But what if the DAST product could behave more like an automated hacker? The Security Research team at Detectify set themselves up to solve this problem and fundamentally upgrade the way we do fuzzing in our vulnerability scanner, Deep Scan.

In this pandemic-defined era of rapid retail transformation, the digital shopping experience has become tantamount to the success of the business. As a result, retailers have redoubled their efforts to improve digital applications and services.

Business Email Compromise (BEC) scammers, who have made rich returns in recent years tricking organisations into transferring funds into their accounts, have found a new tactic which attempts to swindle Wall Street firms out of significantly larger amounts of money. According to a newly published-report by Agari, scammers are seeking to defraud Wall Street businesses and their customers out of US $809,000 on average per incident.

Yieldstreet is an alternative investments platform that strives to democratize access to financial products historically only available to institutional investors. With Yieldstreet, there are investment opportunities available to both accredited and non-accredited investors looking to invest in funds in the litigation finance, marine finance, and art finance asset classes.

This blog post aims to provide an overview of the state of cyber security in universities and other higher education organisations. Security has been a challenge for a long time at schools, colleges and universities. Aligning ourselves with the glass-half-full attitude, these organisations and institutions have shown good progress with basic security controls. Information security is a prerequisite for various business dealings in the public sector, grant funding and procurement processes.