NIST proposes a Secure Software Development Framework to address software supply chain attacks Applying software updates and patches as soon as possible is a cyber security best practice, but what if an update contains malicious code inserted by a hacker? Software supply chain attacks are a serious and growing problem for both private-sector organizations and… Read More

Formjacking allows hackers to steal payment card data and other information submitted through online forms As individuals become more savvy about avoiding phishing emails, and enterprises get better at filtering them out before they ever reach employees’ inboxes, it’s become more difficult for hackers to infect enterprise systems with ransomware and cryptojacking malware. Companies are… Read More

Hackers Can Use DICOM Bug to Hide Malware in Medical Images  DICOM bug enables hackers to insert fully functioning executable code into medical images A newly discovered design flaw in DICOM, a three-decade-old medical imaging standard, could be used to deliver malware inside what appears to be an innocuous image file, a researcher from Cylera… Read More

Dragonblood flaws in WPA3 impact the very technology that was supposed to make it safer than WPA2. Last year, the Wi-Fi Alliance announced the launch of the WPA3 WiFi security standard, which was developed to eliminate a number of security problems with WPA2. One of the major defense measures in WPA3 is the Simultaneous Authentication… Read More

Poor cybersecurity practices complicated recovery from the Arizona Beverages ransomware attack. What appears to have been a targeted ransomware attack knocked over 200 networked computers and servers offline at Arizona Beverages, one of the largest beverage suppliers in the U.S., TechCrunch reports. The attack, which the company was still struggling to recover from two weeks… Read More

Business email compromise attacks are designed to bypass traditional email security measures, such as spam filters. Last year, the FBI reported that incidents of business email compromise (BEC), also known as spear phishing, CEO fraud, and invoice fraud, had been reported in all 50 states and 150 countries, with global losses exceeding $12 billion. BEC… Read More

Seal up your cloud containers with these Kubernetes security best practices. Lightweight cloud containers are fast replacing resource-sucking virtual machines, and Kubernetes is fast becoming the de facto standard for container orchestration. Kubernetes adoption doubled in 2018. Unfortunately, as with any popular technology, it was only a matter of time before hackers discovered a way… Read More

Hybrid cloud security survey shows that most organizations are implementing hybrid clouds far faster than their security teams can manage them. For many organizations, particularly those in highly regulated industries such as healthcare, hybrid cloud environments offer the best of both worlds. Companies get to enjoy the easy scalability and other benefits of AWS, Microsoft… Read More

Think your company “can’t afford” cyber security? How much will a cyber attack cost? Cost is arguably the biggest impediment to robust, proactive cyber security at small and medium sized businesses (SMBs). SMBs are aware of the need to secure their systems and data, but when presented with a solution, the costs may give them… Read More

Ransomware-as-a-service lowers the bar for entering the entering the cyber extortion game Ransomware isn’t a new threat. It first rose to prominence back in 2016, when Hollywood Presbyterian Medical Center shelled out $17,000 in bitcoin after an attack took the hospital offline. Since then, ransomware has only become more popular, especially for hackers targeting the… Read More

Malicious browser extensions can steal credentials, cryptocurrency, and more From blocking ads and coin miners to saving news stories for later reading, browser extensions allow users to customize their web browsers for convenience, efficiency, and even privacy and security – usually for free. However, browser extensions need a wealth of access permissions to operate, including… Read More

A guide to SOC 2 compliance for SaaS developers and other cloud services providers As cyber threats present greater risks to enterprises of all sizes and in all industries, more are requiring that their SaaS providers and other cloud services vendors have an SOC 2 certification. Let’s examine what an SOC 2 certification is and… Read More