Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cross-site scripting has been at the top of the OWASP Top 10 for nearly a decade. In this article, we'll explore everything you need to know about XSS, the associated risks, and countermeasures you can take.

Healthcare organizations collect and accumulate data rapidly. This makes data protection in healthcare so difficult. The more data you have, the more privacy and security risks there are. Data breaches can affect your organization’s reputation. They can also incur major costs. For instance, HIPPA violations can be as much as $1.5 million yearly. And they will hold you – the healthcare provider – responsible for data breaches.

The banking and financial sector is known for its dependence on third-party vendors that help provide customers with quality financial products and services. It is one of the most interconnected sectors, making it one of the most vulnerable to cyberattacks. And because third parties operate through the banks they are contracted with, any losses are the bank's responsibility.

Digital transformation is expanding the attack surface in financial services. Throughout the pandemic, the accelerated adoption of digital banking, payments, and insurance channels has enabled providers to offer greater levels of service, new financial products, and enhanced journeys to their customers. However, with growing amounts of data and increasingly complex IT ecosystems, bad actors are finding more creative ways of wreaking havoc. In fact, U.S.

Cyber threats to elections in the U.S. and abroad remain at an elevated level and continue to evolve. It’s appropriate and encouraging to see continued growth and investment in cybersecurity efforts within elections communities. As a longstanding leader in defending elections globally, CrowdStrike understands the importance of these efforts and we want to do our part to help raise and sustain awareness.

CrowdStrike has identified a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure. Called “Kiss-a-dog,” the campaign targets Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “dog” mining pools.

MITRE is a world-renowned research organization that aims to help build a safer world. It is probably best known in the information security industry for being the organization behind the industry-standard CVE (Common Vulnerabilities and Exposures) list. Each entry on the list is supposed to include an explanation of how the vulnerability could be exploited. These attack vectors are tracked and defined in another well-known knowledge base called ATT&CK, which is also maintained by MITRE.

Intellectual property (IP) is crucial for manufacturing organizations to compete in the market. At the same time, IP may be a target for dishonest competitors, former employees, and cybercriminals. That's why it's vital to take all possible measures to protect the security of intellectual property in the manufacturing sector.

The FedRAMP PMO recently announced new rules for how contractors will need to comply with the Federal Risk and Authorization Management Program (FedRAMP) Authorization Boundary rules in draft format. This is a big deal because FedRAMP compliance is mandatory for any company that wants to do business with the federal government.