The latest Security News & Information


What is Spear Phishing?

Spear phishing is an email spoofing attack targeting a specific organization or individual. Spear phishing emails aim to infect the victim with malware or trick them into revealing sensitive data and sensitive information. Spear phishers look for target who could result in financial gain or exposure of trade secrets for corporate espionage, personally identifiable information (PII) for identity theft and protected health information (PHI) for insurance fraud.


What Is Social Engineering? Common Examples and Prevention Tips

Social engineering is an attack vector that exploits human psychology and susceptibility to manipulation victims into divulging confidential information and sensitive data or performing an action that breaks usual security standards. In general, social engineering success relies on a lack of cyber security awareness training and a lack of employee education. Employees are the first line of defense and are frequently the weakest link in an otherwise secure defense in depth strategy.


Weekly Cyber Security News 15/11/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. There’s leaving a few API keys in a GitHub repo, and there’s leaving everything on Pastebin. The question then is who did it? Staff, hacker or 3rd party? Perhaps we will never know. Do we however have a moral of the story here? Maybe just don’t write everything down in the clear (and give it to someone)…


Why Should You Use Invocation Overhead Instead of Cold Start

Ever since FaaS platforms inception, blogs, and benchmarks measuring and analyzing "cold start" emerged. No wonder that the most searched term in the topic of serverless on Google is "cold start". However, using the term "cold start" distracts us from what we really care about - "Invocation Overheads". Although cold starts are a part of "invocation overheads", focusing solely on them is misleading.


StackRox + PagerDuty - Know about Your Kubernetes Security Issues, Now

StackRox has pioneered Kubernetes-native container security, bringing rich context and infrastructure-native enforcement to protecting Kubernetes and containers across build, deploy, and runtime. We recognize the importance of getting critical alerts about this cloud-native stack to the right team, at the right moment – by integrating with PagerDuty, we broadened the choices on how to do so.


How to Maintain ISO 9001 Certification

It’s not easy for an organization to implement the International Organization for Standardization (ISO) 9001 and obtain an ISO certification for the standard. But just because you’ve achieved ISO 9001:2015 (the latest version) certification, doesn’t mean your work is done. That’s because your company has to be continually audited to ensure it still meets the requirements of the ISO 9001 standard.


Aligning SECaaS with Your Organization's Cloud Security Needs

One cannot underestimate the effect that the ongoing skills gap is having on organizations’ digital security strategies. Gartner estimates that the global number of unfilled digital security positions is expected to grow to 1.5 million by 2020. Reflecting this trend, more than 70 percent of organizations feel that hiring skilled infosec personnel became harder between 2017 and 2019.


Is Cloud Computing Secure? 7 FAQs About Cloud Security Answered (2020)

Whether 10 years ago or just last week, companies continue to ponder, “is cloud computing secure?” The truth is cloud computing is just as secure, if not more secure, than a traditional server if configured properly. In fact, most security breaches in the cloud are the fault of the customer, not the cloud network. Gartner Research estimates that between now and 2025, 99 percent of cloud security breaches will be the customer’s fault.


Visa Security Alert for New Self-Cleaning Skimmer - Pipka

Visa have reported a new security alert for an advanced, self-cleaning, JavaScript skimmer named Pipka. The security researchers at Visa’s Payment Fraud Disruptions (PFD) discovered the skimmer in September earlier this year. The skimmer was first seen on a North American ecommerce website which had previously been infected with a different skimmer, Inter. Visa have now identified another 16 additional sites with hosting the Pipka code.