Why Cybersecurity Training Still Matters
If phishing still works, so must our training! Understand why cybersecurity training remains vital as attackers continue to exploit predictable human behaviours.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Your Data, Your Rights: A Comprehensive Guide to Data Protection and the Role of the Data Protection Officer
Information is the raw material and the new oil that drives today's economy, helping businesses and organizations upgrade the services they deliver. However, with the unprecedented expansion in data comes the need for data security-the protection of personal data against access, use, and disclosure.
The Developer's Guide to the Cyber Resilience Act
In February 2024, Change Healthcare, one of the biggest IT solution companies in the U.S. healthcare system, suffered from a ransomware attack resulting in a complete shutdown of their IT system. Because of this attack, hospitals and pharmacies experienced interruptions in patient treatments, as well as in payments for several weeks. This is a nightmare for any software developer, security engineer or a company.
Confidential computing at 1Password
At the heart of 1Password’s security model is our use of end-to-end encryption. This means that your passwords and other secrets are encrypted on your device before being sent to the cloud. Without your encryption keys (derived from your account password and Secret Key), it’s cryptographically impossible for anyone to read your data, even us at 1Password.
November Release Rollup: Document Portal, Trainable Classifiers, and More
We’re excited to share new updates and enhancements for November, including: For more information on these updates and others, please read the complete list below and follow the links for more detailed articles.
Salt Typhoon and the T-Mobile Breach: How Chinese Hackers Targeted U.S. Telecom and Political Systems
Salt Typhoon, a Chinese state-sponsored hacking group, has emerged as one of the most significant cyber threats to U.S. critical infrastructure. Initially identified in 2020, with increased recognition of their activities in 2021, the group has been linked to high-profile cyber espionage campaigns targeting U.S. telecommunications companies.
Web Shell Upload Via Extension Blacklist Bypass - Part 1
We delve into an in-depth exploration of a common web security vulnerability related to file uploads and it demonstrates how attackers can exploit weaknesses in file extension blacklists to upload malicious web shells. We also cover the mechanics of bypassing these security measures, including specific techniques and tools used to see practical examples of how to conduct such an attack in a controlled environment, emphasizing the importance of understanding these vulnerabilities for defensive programming.
Embracing Conscious Leadership and Generative AI Transformation with Aysha Khan of Treasure Data
Welcome to the Data Security Decoded podcast, brought to you by Rubrik Zero Labs. In each episode, we discuss cybersecurity with thought leaders and industry experts, and get their take on trends, themes, and how they see data security evolving. This is a must-listen for security and IT leaders looking to better understand trends shaping data security and how they can achieve cyber resilience.
Demystifying EU Regulations: DORA and NIS2 - What They Mean for Your Business
Ahead of the EU’s Digital Operational Resilience Act (DORA) coming into force on 17th January 2025, and on the back of the updated Network and Information Security Directive (NIS2) coming into effect from 17th October of this year, organisations across Europe are scrambling to understand what these regulations mean for them. The initial reaction from many businesses is one of concern, and understandably so, non-compliance can lead to significant penalties and reputational damage.
A Comprehensive Look into Password Attacks and How to Stop Them
There are some things you want to keep private such as your bank account number, government ID number, etc. In the digital age, that includes the passwords that protect these accounts because once your account credentials are compromised, cybercriminals can get that information. That is why password attacks have become so prominent today.