In the age of heightened public cloud adoption and widespread cloud Software-as-a-Service (SaaS) usage, cybercriminals are making use of OAuth – a permissions delegation and authorization protocol – to compromise cloud environments. As such, controlling which applications users interact with has become a business imperative. Let’s take a closer look at what OAuth is, the role it plays in allowing users to access resources across environments, the ways attackers are abusing OAuth and what organizations can do to better protect their cloud data.
The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command and control, and exfiltration techniques used by threat actors.
What are some current trends in cybersecurity threat research? To get some insight, we spoke to Aamir Lakhani, cybersecurity researcher and practitioner with FortiGuard Labs.
Consumers can easily identify opportunities to opt out of sharing personal data through the first-of-its-kind “Opt-Out Easy” browser plug-in developed by researchers from Carnegie Mellon’s CyLab Security and Privacy Institute. The plug-in makes opt-out choices more accessible to users, automatically extracting privacy information from websites’ policies and presenting it in a user-friendly way.
Telehealth was an unexpected technology bright spot in 2020, as the Office for Civil Rights (OCR) relaxed enforcement of certain aspects of HIPAA, helping to reduce COVID exposure via virtual rounding and virtual visits. The following three high-level recommendations provide a basis for defense in depth for healthcare organizations in 2021.
The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new cybersecurity effort: The Systemic Cyber Risk Reduction Venture on developing actionable metrics to quantify cyber risk. This information will be used to reduce shared risk to the nation's security.
What is the best path forward? Should companies upgrade their existing platforms or replace them entirely? What makes the most sense both financially and for the security of your data?
How do you lead a great security team to overall mitigate risks across the entire enterprise? To find out, we talk to Ellen Benaim, Chief Information Security Officer at Templafy. In her role, Benaim is responsible for overseeing company-wide information security and governance program and ensuring the entire organization follows necessary protocols to keep the enterprise secure.
Ransomware attacks were on the rise long before the pandemic. Over the last two years, ransomware attacks have risen by 200% – they are becoming more frequent, more expensive, and more sophisticated. This issue is anticipated to continue throughout 2021 and why businesses must be proactive to manage threats and other actionable steps to mitigate any damage.
Gun safety isn’t a new issue in the U.S., of course — it’s a hot-button political issue, to say the least. Regardless, there is no debate that every organization wants to keep its community safe. So, like almost every other aspect of life that has undergone transformational change over the past decade, the main driver of change in the immediate term will be cutting-edge technology.