Blog

When you think “security awareness,” the first thing that comes to mind is likely the training you provide non-security staff related to persistent threats like phishing. While this type of training will always be important, it is also becoming necessary to augment traditional programs with specialized application security awareness training for your CI/CD-related teams as…

RH-ISAC: What is your background in cybersecurity? Where did you get your training and education? Jordan: My cybersecurity career started with my current company, BigCommerce, about three-and a-half years ago. I was in another role at the same company and was given the opportunity to meet our cybersecurity team to learn more about the field….

Application programming interfaces, or APIs, are software interfaces that allow computer programs to communicate with one another to perform services without needing to know the internal details of how the other system functions. As application development shifts to the cloud, APIs have become indispensable, allowing us to connect microservices and conveniently take advantage of software,…

The new HYPERSCRAPE data extraction tool developed by the Iranian Charming Kitten threat group eases the process of stealing email data from targeted accounts. Context On August 23, 2022, Google Threat Analysis Group (TAG) researchers published a technical analysis of a unique data extraction tool they named “HYPERSCRAPE” used by the Iranian state-backed Charming Kitten…

Over the past few years, DevSecOps has become a buzzword in application security. You may understand the concept — security is integrated into your continuous integration/continuous delivery pipeline to find and fix vulnerabilities earlier in the software development lifecycle — but how do you actually implement DevSecOps? One of the keys to successful DevSecOps implementation…

Flashpoint’s 2022 Mid-Year Data Breach report shows an overall 15% decline in reported breaches from the same period last year and suggests that the retail, hospitality, and travel sectors are not among the industries reporting the most breaches by volume. Context On August 18, 2022, Flashpoint released its State of Data Breach Intelligence 2022 Midyear…

RH-ISAC’s Cyber Intelligence Summit, taking place this year in Dallas, TX, on September 20-21, is the premier event for cybersecurity practitioners in the retail, hospitality, and travel industries. The two-day conference features keynote speakers, breakout sessions for peer-to-peer learning, and plenty of opportunities for networking during nightly happy hours and dinners. This year’s agenda was…

The SEABORGIUM phishing operation targets organizations with a connection to Russian interests leveraging three different open-source phishing kits, the most prevalent of which has been observed in recently reported phishing attacks. Context On August 15, 2022, Microsoft Threat Intelligence Center (MSTIC) researchers disclosed details of a phishing and cyberespionage operation that they disrupted in partnership…

Whether you’ve developed an application in-house or are simply using software-as-a-service apps, it is beneficial to know the standards that govern application security so you can ensure that you do not accidentally end up out of compliance with them, which in addition to potentially being a regulatory liability, would put you at risk of a…

Application Programming Interfaces (APIs) are a type of software interface that allows services to communicate with one another to leverage each other’s data and functionality without needing to see everything that is on the other end. They enable applications to talk to one another, such as when you use your Facebook account to login to…