Many organizations have Information Security Programs (ISPs), but many executives and boards do not know how to measure progress within these programs. They are therefore hesitant to believe any investment in technology will mitigate perceived or even unknown risks. Some organizations use regulated compliance standards such as PCI DSS or AICPA attestations as measures of their ISP.
The Personal Data Protection Bill 2019 (PDP Bill 2019) was introduced to the Lok Sabha by Ravi Shankar Prasad, the Minister of Electronics and Information Technology, on December 11, 2019. This comes after more than two years of debate about the bill's provisions. As of March 2020, the bill is being analyzed by a Joint Parliamentary Committee (JPC) in consultation with industry experts and stakeholders.
The General Data Protection Regulation (GDPR) has been in effect for two years in the European Union (EU). As Americans continue to become attentive to GDPR and their own data privacy, it’s not surprising that some data protection guidelines are emerging in the United States. Indeed, it’s safe to assume that California Consumer Privacy Act (CCPA) was modeled from the EUs data privacy framework.
When you first hear ‘shellcode,’ you might think of shell scripting. Surprisingly enough, neither shellcode nor shellcode injection have anything to do with shell scripting. Keep reading to learn more!
The demand for cloud computing has skyrocketed in recent years. Lower costs, a faster time to market, increased employee productivity, scalability, and flexibility are some of the beneficial factors motivating organizations to move to the cloud. It’s not likely that organizations will slow down with their migration plans, either.
It's been a while since I've had the opportunity to take a break, come up for air, and write a blog for some of the amazing work the Splunk Threat Research team has done. We have kept busy by shipping new detections under security-content (via Splunk ES Content Update and our API). Also, we have improved the Attack Range project to allow us to test detections described as test unit files.
Throughout the duration of COVID-19, there have been consistent rumors of increased nation-state espionage. In parallel, many recent ransomware strains have a COVID-19 tie-in. Now the United Kingdom's National Cyber Security Centre (NCSC), published an advisory report that the threat group APT29 is targeting governmental, diplomatic, think-tank, healthcare and energy targets for intelligence gain which are involved in COVID-19 vaccines development and testing.
In the world of CVEs, we have seen a few interesting ones released in the last couple of weeks since our last risk based vulnerability management blog, including the recent big news items affecting F5 BIGIP and Pan-OS. Read on for more information on how to prioritize these vulnerabilities for patching to mitigate risk.
