Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires healthcare entities to implement policies and procedures to safeguard the privacy and security of the protected health information (PHI) of patients. One core requirement is to perform risk assessments. This article explains what a risk assessment is according to HIPAA and offers guidance about the steps involved.

As organizations became increasingly interconnected globally, every business started adapting to the digital model for all their transactions, fearing that otherwise they would be left behind in the race. Unfortunately, this has turned out to be a catch-22 as threats to cybersecurity are continually increasing. The rise in attacks was partly due to Log4j that helped to boost the cyberattack attempts to an all-time high in Q4 2021.

The Splunk Threat Research Team is monitoring open channel intelligence and government alerts indicating the possibility of malicious campaigns using destructive software in relation to ongoing geopolitical events. Based on historical data of named geopolitical actors, the use of destructive payloads has been observed in past campaigns.

Like a loner wolf, are you among those software developers who work independently instead of being part of a company or an organization? If yes, you may have one major issue of not being recognized as any significant brand name for the software you develop. You may even have a headache of getting trusted by browsers and operating systems and bypassing ugly warning messages like an unknown publisher.

The collection process of an EV Code Signing certificate is quite different compared to the OV (Organization Validated) Code Signing certificate. But it also offers additional security practices that aren’t provided by a standard code signing certificate. Nonetheless, here in this piece of article, we’ll discuss how to setup your EV Code Signing certificate so you can move further with digitally signing your applications and software.

Data governance is the principled approach to managing data during its life cycle — from the moment you generate or collect data to its disposal. Good data governance ensures that data is kept private, accurate, usable, and most of all: secure. Data governance is a broad term, and as a result, good data governance encompasses everything from user behavior to technology to policies and compliance regulations.

The cybersecurity talent shortage is real. As of December 2021, a job-tracking database from the U.S. Commerce Department showed nearly 600,000 unfilled cybersecurity positions. And a 2021 study found that 57% of cybersecurity professionals worked at organizations that have been directly impacted by the cybersecurity talent shortage. Even so, many organizations want to “shift security left” or build security best practices earlier into the software development lifecycle (SDLC).

In November 2021, AT&T Alien Labs™ first published research on our discovery of new malware written in the open-source programming language Golang. The team named this malware “BotenaGo.” In this article, Alien Labs is updating that research with new information.

The large amounts of behavioral data being generated today necessitate accurate labels for machine learning classifiers. In an earlier blog post, Large-Scale Endpoint Security MOLD Remediation, we discussed how to remediate labeling noise. In this blog post, we experiment with an unsupervised approach that eliminates the need for learning from labeled data.

The increased connectivity in modern vehicles adds convenience to drivers and passengers. However, it also sets in motion a proliferation of new cyber threats. Automotive manufacturers and suppliers are working to protect against these threats, identifying and implementing best practices needed to make modern vehicles more resistant to cyber-attacks.