Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Major disaster averted in the world of WordPress…. I hope…

Trite old sayings aside, practice works. Sports teams and the armed forces understand that ensuring everyone knows their role and has practiced it until they can do the job in the dark with their eyes closed is the only way to guarantee the proper reaction when it’s time to go to work. The same should hold true for an organization preparing for any type of emergency, ranging from a power outage, natural disaster, or cyberattack.

In today’s world, it’s important for your employees to learn about security and privacy best practices not only for their day-to-day roles at your company, but also to help inform the myriad of security and privacy decisions they make in their personal lives every day.

Organizations tend to fall into two categories: those that have been breached and those that don’t yet realize they’ve been breached. If you belong to the first group, believe it or not, you’re in luck. Once the breach has been acknowledged, your organization is closer to fixing the problem and overcoming the damage.

Introduction In a brazen display of cyber intrusion, the hacking group SiegedSec has once again struck gold on the Dark Web. The group began a hacking campaign called Operation Colombia, targeting several key government institutions in the country. This article delves into the technical aspects of the hack, shedding light on the Magnitude of the Breach, the Compromised Data, and the Impacted Organizations.

For years, security leaders have debated the advantages of building in-house security operations centers or outsourcing the SOC function to a third party. Both options have their pros and cons. The best choice for each organization depends on a few factors: the type of threats it encounters, the resources it has at its disposal, the complexity and breadth of their attack surface, and the commitment it wants to make to advanced threat hunting.

Investigating a security event is the less glamorous version of an episode of CSI: Crime Scene Investigation. Without the snazzy, high-end, mostly-fictitious technology that television shows you, your actual digital forensics investigation usually involves an arduous process of reviewing technical data and looking for the breadcrumbs a malicious actor left behind.

FedRAMP refers to the Federal Risk and Authorization Management Program, a US government-created program to smooth the connection between its federal agencies and cloud service providers. The General Services Administration (GSA) established FedRAMP Program Management Office (FedRAMP PMO) to help achieve the following goals: This post will examine the benefits of using FedRAMP and will provide an overview of the system and its requirements for cloud service offerings (CSOs).