Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

UPDATE: In a “ripped from the headlines” moment, we have real world confirmation of the growing risk discussed in this article. Breaking news over the weekend revealed that both the city of New Orleans and New Jersey's largest hospital network are in the midst of dealing with serious ransomware attacks. When you hear about data breaches and cyberattacks in the news, it's usually in connection with a large company and has affected users across the globe.

2019 has become another record-breaking year in eCommerce. This unprecedented growth has a dark side - since an overwhelming 71% of security incidents are financially motivated, digital retailers are becoming even more attractive targets for cyber attacks and fraud. As we near 2020, digital retailers will have to work hard to protect their digital assets. Here are a few factors that will make this task harder than ever.

I am all about the baselines. I’ve made an entire career out of them. But if you were to ask a random person on the street what that means, the reaction would be: “Who the heck are you, and why are you asking me random weird questions.” So it would be better if you found someone in the tech industry at least.

I have wanted to do a series like this for some time. I frequently watch movies and point out social engineering and OSINT techniques or inaccuracies as well as OPSEC blunders. These blunders, in addition to the matrix style waterfall screens, are equally bad as the “hacking” you see in movies.

A zero-day (0-day) is an unpatched security vulnerability that is unknown to the software, hardware or firmware developer, and the exploit attackers use to take advantage of the security hole. In general, zero-day refers to two things: Zero day gets its name from the number of days that a patch has existed for the flaw: zero. Zero-day threats represent significant cybersecurity risk because they are unknown to the party who is responsible for patching the flaw and may already be being exploited.

EventSentry v4.1 builds on v4.0 released earlier this year and offers a lot of exciting new & improved features that enhance a variety of different monitoring scenarios.

It is hard to look at an information security job posting without seeing some certifications desired. Some make sense and others not so much. I have looked at junior helpdesk positions asking for CISSP, and some of the roles at some of the most respected companies do not ask for any certifications. There are some certifications that in having them demands instant respect: OSCP, OSCE, GXPN, and GREM, to name a few.

Two malicious Python libraries, jeilyfish (with a capital i and a lowercase L in the original name) and python3-dateutil, were detected on PyPI (Python Package Index) on December 1st. They were typosquatting similar named legitimate libraries jellyfish (with a double lowercase L) and python-dateutil libraries, a malicious technique aiming to trick developers to use the similar named modified libraries.

The Federal Information Security Management Act of 2002 (FISMA) is a United States federal law that defines a comprehensive framework to protect government information, operations and assets against natural and manmade threats. FISMA was enacted as part of the E-Government Act of 2002.

The City of Waco has warned residents that their online payments for water services may have been intercepted by hackers who stole credit card details. The heart of the problem lies in the third-party online payment software that Waco and several other cities and municipalities use to let residents pay their bills, pay parking fines, as well as make other financial transactions.