Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Almost everyone understands what passwords are, and how they work. But passkeys? That’s a different story.

Legacy gas and coal plants are being aged out – and no one wants to pay enough to keep them going. With increased pressure from green energy laws and added competition from renewable sources, these monsters of Old Power are being shown the door. Considering they've predated and precipitated all Industrial Revolutions (except for this last one – that was digital), it's safe to say they've had a good long run. So, what's the fuss?

Lack of resources & rate limiting is #4 on the OWASP Top 10 API Security Risks 2019. It is a prevalent API security risk. As per OWASP, rate limiting and resource-related flaws in APIs are quite easy to exploit, especially with automated toolkits and for-hire services. But the exploitation of the lack of resources & rate limiting flaws has severe consequences for the organization. So, what exactly is this security risk, and how do you prevent it?

I recently had the pleasure of participating in a great panel discussion at the San Diego Cyber Security Summit, entitled “Cloud Security — Leveraging Its Strengths and Overcoming Its Vulnerabilities,” alongside representatives from Palo Alto Networks, Gigamon, Sysdig, Lacework, Imperva, and Tufin.

The Minneapolis public school district includes approximately 100 primary and secondary public schools. Between the many different schools, approximately 36,000 students are served by about 1,500 teachers. The district is currently suffering from a ransomware attack supposedly and is being extorted for a $1 Million payment by a ransomware gang.

Zoll is a medical device and technologies company that offers its services to EMS, fire professionals, and rescuers. Even the U.S. Military relies on technologies from the company in order to save lives. Zoll recently suffered from a cyber attack that may have exposed over 1 million individuals. The attack happened fast and was coordinated by an unknown group, and we still don't have all the specific details yet.

Looking for Splunk Intelligence Management? We’ve made some updates — learn more here.

Each day, there are multiple news stories about fraud. Some share details about fraud committed against government entities or agencies, some tell us about instances in our educational institutions, and still, others describe the types of fraud against individuals in the form of identity theft. In the post-pandemic United States, fraud has increased in the public sector because our government has made benefits more accessible to those in need.

BlackSnake is a ransomware-as-a-service (RaaS) group that first appeared in a hacking forum in August 2022, where the operators were seeking affiliates and stating that they would take 15% of the profit, which is below the typical average of 20-30%. On February 28, 2023, a new variant of BlackSnake was spotted, and is notable for having a clipper module that targets cryptocurrency users.

According to the Cloud Security Alliance, the average large enterprise has 946 custom applications deployed. Traditionally, organizations deployed Web Application Firewalls (WAF), which provide visibility and enforce security controls on external traffic that passes through them, at the perimeter to protect these applications against external attacks.