Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

2022 began with successful ransomware attacks against global IT and digital transformation providers, no thanks to the notorious LAPSUS$ ransomware gang. Often, any discussion about ransomware impact has mostly centered on affected organizations. Rightly so, as victimized organizations usually suffer significant disruption to their operations. In 2021, the US Federal Bureau of Investigation received 3,729 complaints identified as ransomware.

LockBit (a.k.a. ABCD) emerged in September 2019 and became one of the most relevant RaaS (Ransomware-as-a-Service) groups among others like REvil, BlackMatter, Night Sky, Maze, Conti and Netwalker. The group targets many organizations around the world with a double-extortion scheme, where the attackers steal sensitive data and threaten to leak everything if the ransom is not paid.

On September 12, the FBI released a private industry notification entitled “Unpatched and Outdated Medical Devices Provide Cyber Attack Opportunities.” The notification underscores how a growing number of vulnerabilities in medical devices and Internet of Medical Things (IoMT) assets can be exploited by threat actors to “impact healthcare facilities’ operational functions, patient safety, data confidentiality and data integrity.”

Cyber hygiene has become a highly visible topic in all business segments. Creating software and new features happens at a very fast pace — requiring lots of internal processes and operations to keep this up to date. However, it's also very important to be concerned with the fundamentals of information security in order to keep the company's digital assets protected. In this post, we'll discuss in detail the concept of cyber hygiene and some good practices to follow.

As a developer, DevOps engineer, Infrastructure & Operations lead, or similar, you are on the frontlines of application security. You are also on the frontlines of performance, functionality, stability, user experience…the list goes on. Often it seems like security is just one more requirement, one more box to check, one more obstacle between you, your deadline, and what you really care about. But I see it differently.

For the record, it should be acknowledged from the start that there is no question that the cybersecurity landscape has improved over time, mostly courtesy of persistent increases in cyber spending year after year. Gartner estimates that the U.S. and the rest of the world will invest $172 billion in cybersecurity this year, up from $150 billion last year, and continue to rise steadily thereafter.

Organizations and businesses must use a range of measures, protocols, and tools to protect their databases from cybercriminals. If breached, malicious actors can gain access to sensitive information that they can use for financial gain. Security teams must adapt and constantly improve to protect against ever-evolving security threats, and maintain the integrity of a database. This article will discuss the major database security threats, and how you can prevent them.

Apart from external attackers, organizations need to consider another type of threat when planning their cybersecurity strategy: insider threats. There are different types of insiders. On the one hand, there are people who have secret knowledge and unintentionally create risk openings within an organization; and on the other, there are others who intend to cause harm, motivated by profit, extortion, or personal grievance. This means insiders can be classified as follows.

Financial institutions use sanctions screening as a tool to detect, prevent and manage sanctions imposed on individuals and entities. Sanctions are issued on entities, organizations and individuals who are deemed drug dealers, human traffickers, terrorists and smugglers by the respective country or the U.N.