Tag: best-practice

HIPAA Cybersecurity Requirements and Best Practices

Feb 3, 2025 9:12 PM

Tags: best-practice, cybersecurity, framework, healthcare, HIPAA, insurance

The Health Insurance Portability and Accountability Act (HIPAA) mandates a stringent framework for protecting sensitive patient information. These standards form the foundation of cybersecurity measures within the healthcare sector, ensuring… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/hipaa-cybersecurity-requirements-and-best-practices/
The CISO’s role in advancing innovation in cybersecurity

Feb 3, 2025 9:12 AM

Tags: access, advisory, ai, attack, best-practice, business, ceo, ciso, conference, cyber, cybersecurity, finance, network, phone, risk, startup, strategy, technology, threat, tool

Cybersecurity leaders have an advantage when it comes to innovation given their front seat facing new and old threats. That is why many CISOs are playing an active role in shaping emerging solutions, which also gives them a clear understanding of where current solutions fall short.”CISOs can play a part in supporting innovation by shaping…
Cross-post: Office of the CISO 2024 Year in Review: AI Trust and Security

Jan 29, 2025 4:36 PM

Tags: access, ai, application-security, attack, best-practice, business, ciso, cloud, compliance, computing, control, cybersecurity, data, detection, finance, framework, google, governance, guide, infrastructure, injection, intelligence, lessons-learned, malicious, microsoft, mitigation, monitoring, office, openai, penetration-testing, privacy, risk, risk-assessment, risk-management, skills, software, strategy, supply-chain, technology, theft, threat, tool, training, unauthorized, vulnerability

[written together with Marina Kaganovich, Executive Trust Lead, Office of the CISO @ Google Cloud; originally posted here] In 2024, we shared our insights on how to approach generative AI securely by exploring the fundamentals of this innovative technology, delving into key security terms, and examining the essential policies needed for AI governance. We also discussed…
US takes aim at healthcare cybersecurity with proposed HIPAA changes

Jan 28, 2025 10:03 AM

Tags: access, authentication, best-practice, breach, compliance, control, csf, cyber, cyberattack, cybersecurity, data, defense, detection, dora, encryption, finance, framework, government, group, healthcare, HIPAA, incident response, infrastructure, insurance, intelligence, jobs, law, malware, mfa, network, nist, penetration-testing, phishing, privacy, ransom, ransomware, regulation, resilience, risk, security-incident, service, skills, technology, threat, tool, update, usa, vulnerability, vulnerability-management

The US Department of Health and Human Services (HHS) has launched a consultation on stricter rules for the safeguarding of electronic health records.The proposed revamp of security rules covered by the Health Insurance Portability and Accountability Act (HIPAA) is designed to address the increased risk from cyberattacks such as ransomware against healthcare environments.The revamped rules…
Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Jan 23, 2025 2:22 PM

Tags: best-practice, cyber, identity, microsoft

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in Microsoft Entra, aimed at bolstering organizational security and providing actionable insights to mitigate risks. The Identity Secure Score recommendations are designed to act as a trusted advisor, offering best practices rooted in industry standards to enhance security posture while improving employee…
Taking a Threat Adapted Approach to Vulnerability Management

Jan 23, 2025 1:22 PM

Tags: best-practice, cyber, intelligence, threat, update, vulnerability, vulnerability-management

As cyberthreats grow in complexity and frequency, vulnerability management requires more than just patching systems; it demands a dynamic, threat-adapted approach. As part of Cyber Rhino Threat Week ( December 9-13, 2024) which aimed to inform, share threat intelligence insights and best practices with our customers, partners and industry ecosystem, we held a session that..…
Python administrator moves to improve software security

Jan 23, 2025 8:22 AM

Tags: apache, attack, automation, best-practice, defense, exploit, firewall, github, group, Internet, malicious, malware, open-source, pypi, software, threat, tool

The administrators of the Python Package Index (PyPI) have begun an effort to improve the hundreds of thousands of software packages that are listed. The attempt, which began earlier last year, is to identify and stop malware-laced packages from proliferating across the open-source community that contributes and consumes Python software. As previously reported, hijacking Python…
25 on 2025: APAC security thought leaders share their predictions and aspirations

Jan 22, 2025 8:22 PM

Tags: access, advisory, ai, api, attack, authentication, awareness, best-practice, breach, business, ciso, cloud, compliance, control, cryptography, csf, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, data-breach, deep-fake, detection, disinformation, encryption, endpoint, exploit, extortion, finance, framework, fraud, government, group, hacking, Hardware, identity, incident, incident response, infrastructure, injection, intelligence, international, iot, malicious, malware, microsoft, monitoring, network, nist, phishing, privacy, ransomware, regulation, resilience, risk, risk-management, scam, service, skills, social-engineering, software, spear-phishing, strategy, supply-chain, tactics, technology, threat, tool, training, update, vulnerability, warfare, zero-trust

As threat actors and security teams harness the growing potential of artificial intelligence (AI), who will prevail? From generative AI (GenAI) to agentic AI, we look through the lens of 25 of Asia-Pacific’s thought leaders in security and dive into their predictions and goals for the year. src=”https://b2b-contenthub.com/wp-content/uploads/2025/01/Athikom.jpg?quality=50&strip=all” alt=”athikom” loading=”lazy” width=”400px”>Athikom Kanchanavibhu Chief Information Security…
Authentication and Single Sign-On: Essential Technical Foundations

Jan 22, 2025 6:22 PM

Tags: authentication, best-practice

Dive deep into the technical fundamentals of Authentication and SSO systems. Learn how HTTP, security protocols, and best practices work together to create robust authentication solutions for modern web applications. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/authentication-and-single-sign-on-essential-technical-foundations/
Three Keys to Modernizing Data Security: DSPM, AI, and Encryption

Jan 21, 2025 10:22 PM

Tags: access, ai, automation, best-practice, business, cloud, compliance, container, control, cyber, cybercrime, data, data-breach, detection, encryption, GDPR, incident response, infrastructure, privacy, regulation, risk, saas, security-incident, skills, software, strategy, threat, tool, vulnerability

Three Keys to Modernizing Data Security: DSPM, AI, and Encryption andrew.gertz@t“¦ Tue, 01/21/2025 – 14:56 Organizations worldwide face a “perfect storm” of increasing and ever-evolving cyber threats. Internal and external factors are at play, elevating cyber risks and their consequences and mandating new approaches to safeguard data. A recent study based on responses from over…
7 top cybersecurity projects for 2025

Jan 21, 2025 12:22 PM

Tags: access, advisory, ai, backup, best-practice, breach, business, cio, ciso, cloud, compliance, control, cyber, cybersecurity, data, data-breach, detection, encryption, framework, google, governance, infrastructure, intelligence, law, mitigation, monitoring, network, resilience, risk, risk-management, service, strategy, technology, threat, tool, vulnerability

As 2025 dawns, CISOs face the grim reality that the battle against cyberattackers never ends. Strong and carefully planned cybersecurity projects are the best way to stay a step ahead of attackers and prevent them gaining the upper hand.”Urgency is the mantra for 2025,” says Greg Sullivan, founding partner of cybersecurity services firm CIOSO Global.…
5 Things Government Agencies Need to Know About Zero Trust

Jan 15, 2025 6:02 PM

Tags: access, application-security, attack, best-practice, business, cloud, control, cyber, cybersecurity, data, gartner, government, identity, incident response, infrastructure, Internet, jobs, monitoring, network, nist, risk, skills, strategy, technology, update, vulnerability, vulnerability-management, zero-trust

Zero trust as a concept is simple to grasp. Implementing a zero trust architecture, on the other hand, is complex because it involves addressing a unique mix of process, procedure, technology and user education. Here are some considerations to keep in mind as you begin your journey. Draft guidance on implementing a zero trust architecture,…
Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)

Jan 15, 2025 5:02 AM

Tags: access, advisory, ai, attack, authentication, best-practice, cloud, cve, defense, email, exploit, flaw, framework, github, group, intelligence, Internet, malicious, marketplace, microsoft, mitigation, ntlm, office, rce, remote-code-execution, saas, service, social-engineering, software, technology, threat, update, vulnerability, windows, zero-day

10Critical 147Important 0Moderate 0Low Microsoft addresses 157 CVEs in the first Patch Tuesday release of 2025 and the largest Patch Tuesday update ever with three CVEs exploited in the wild, and five CVEs publicly disclosed prior to patches being made available. Microsoft patched 157 CVEs in its January 2025 Patch Tuesday release, with 10 rated…
Fifteen Best Practices to Navigate the Data Sovereignty Waters

Jan 14, 2025 9:46 AM

Tags: access, attack, automation, awareness, backup, best-practice, breach, cloud, compliance, computer, computing, container, control, country, crypto, cybersecurity, data, encryption, governance, iam, identity, international, law, least-privilege, monitoring, network, privacy, ransomware, regulation, resilience, risk, security-incident, service, software, strategy, threat, tool, unauthorized, update, zero-trust

Fifteen Best Practices to Navigate the Data Sovereignty Waters josh.pearson@t“¦ Tue, 01/14/2025 – 08:04 Data sovereignty”, the idea that data is subject to the laws and regulations of the country it is collected or stored in”, is a fundamental consideration for businesses attempting to balance harnessing the power of data analytics, ensuring compliance with increasingly…
DNA sequencer vulnerabilities signal firmware issues across medical device industry

Jan 9, 2025 12:18 AM

Tags: access, advisory, attack, best-practice, computer, computing, control, credentials, data, exploit, firmware, flaw, Hardware, iot, leak, malicious, malware, mitigation, privacy, rce, remote-code-execution, risk, side-channel, software, supply-chain, update, vulnerability, windows

In highlighting vulnerabilities in a widely used DNA gene sequencing device, security researchers have brought further attention to the likely poor state of security in the medical device industry, where hardware and firmware development is often outsourced to external equipment manufacturers under questionable support contracts.The device, Illumina’s iSeq 100 compact DNA sequencer, is used by…
Best Practices & Risks Considerations in LCNC and RPA Automation

Jan 8, 2025 6:18 PM

Tags: automation, best-practice, risk

Low-code/no-code (LCNC) and robotic process automation (RPA) technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/best-practices-risks-considerations-lcnc-rpa-automation
Best Practices for Automated Secrets Rotation

Jan 7, 2025 1:20 PM

Tags: best-practice, cybersecurity

Why Automating Secrets Rotation Matters in Cybersecurity? One such moving goalpost is Secrets rotation, an essential cybersecurity staple. So, what’s the big deal about automating this process? Understanding Secrets Rotation Let’s frame the conversation around a term we often hear in cybersecurity Secrets. They play a pivotal role in securing Non-Human Identities (NHIs). These… First…
US military allocated about $30 billion to spend on cybersecurity in 2025

Jan 7, 2025 8:17 AM

Tags: access, ai, attack, best-practice, china, communications, computing, cyber, cybersecurity, data, defense, disinformation, framework, government, group, guide, infrastructure, intelligence, international, iran, law, military, mobile, network, office, ransomware, risk, russia, software, spy, spyware, technology, terrorism, threat, tool, unauthorized, vulnerability

The United States military will receive about $30 billion in cybersecurity funding in fiscal 2025 from $895.2 billion earmarked for US military activities under the National Defense Authorization Act (NDAA), an annual piece of must-pass legislation signed by President Joe Biden last month.The nearly 1,000-page bill’s budget doesn’t enable clear-cut or quick calculations of how…
Memo to Trump: US telecoms is vulnerable to hackers. Please hang up and try again | John Naughton

Jan 5, 2025 11:17 AM

Tags: best-practice, exploit, finance, government, hacker, infrastructure, login, password, phone, service, vulnerability

State-backed cyberspies are exploiting ageing infrastructure to penetrate every corner of the US government, it seems even its phone-tapping systemsYou know the drill. You’re logging into your bank or another service (Gmail, to name just one) that you use regularly. You enter your username and password and then the service says that it will send…
Ensure Your Data’s Safety: Best Practices in Cloud Security

Jan 4, 2025 5:17 AM

Tags: best-practice, cloud, data, strategy

Where Does Your Cloud Security Stand? Does your organization’s data management strategy consider non-human identities (NHIs) and secret security management? In the intricate dance of safeguarding data, ensuring the security of machine identities, or NHIs, and their corresponding secrets is pivotal. This practice remains an essential element of best cloud security practices and an effective……
What Is Encryption Key Management? Importance and Best Practices

Jan 3, 2025 6:17 PM

Tags: access, best-practice, breach, compliance, data, encryption, tool, unauthorized
Consent Phishing: The New, Smarter Way to Phish

Jan 3, 2025 2:17 PM

Tags: access, ai, attack, authentication, awareness, best-practice, browser, business, chrome, compliance, control, credentials, data, detection, email, github, google, identity, jobs, malicious, microsoft, mitigation, phishing, risk, saas, software, spam, threat, training, unauthorized, update

What is consent phishing? Most people are familiar with the two most common types of phishing”Š”, “Šcredential phishing and phishing payloads, where attackers trick users into revealing credentials and downloading malicious software respectively. However, there is a third type of phishing on the rise: consent phishing. Consent phishing deceives users into granting a third-party SaaS…
Best practices for ensuring a secure browsing environment

Jan 3, 2025 6:17 AM

Tags: ai, best-practice, ciso

In this Help Net Security interview, Devin Ertel, CISO at Menlo Security, discusses how innovations like AI and closer collaboration between browser vendors and security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/03/devin-ertel-menlo-security-browser-security/
OAuth Identity Attack”Š”, “ŠAre your Extensions Affected?

Dec 31, 2024 5:27 PM

Tags: access, ai, attack, awareness, best-practice, breach, browser, chrome, cloud, cyber, cybersecurity, data, detection, email, exploit, google, group, identity, malicious, malware, microsoft, mitigation, phishing, privacy, risk, saas, software, supply-chain, tactics, threat, tool, unauthorized, update, vulnerability

OAuth Identity Attack”Š”, “ŠAre your Extensions Affected? A malicious variant of Cyberhaven’s browser extension (v24.10.4) was uploaded to the Chrome Store on Christmas Day. According to Cyberhaven, this compromised version can allow “sensitive information, including authenticated sessions and cookies , to be exfiltrated to the attacker’s domain”. The extension remained available for download on the Chrome…
Cybersecurity Snapshot: What Looms on Cyberland’s Horizon? Here’s What Tenable Experts Predict for 2025

Dec 27, 2024 6:44 PM

Tags: access, ai, attack, best-practice, breach, business, cisa, ciso, cloud, computer, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, data-breach, exploit, flaw, guide, hacker, ibm, incident response, intelligence, lessons-learned, monitoring, office, resilience, risk, service, software, strategy, threat, tool, training, update, vulnerability, vulnerability-management, zero-trust

Wondering what cybersecurity trends will have the most impact in 2025? Check out six predictions from Tenable experts about cyber issues that should be on your radar screen in the new year, including AI security, data protection, cloud security… and much more! 1 – Data protection will become even more critical as AI usage surges…
Postman Workspaces Leak 30000 API Keys and Sensitive Tokens

Dec 24, 2024 8:43 PM

Tags: api, best-practice, data, data-breach, leak

Thousands of Postman workspaces leaked sensitive data like API keys and tokens. Learn best practices to secure your API development environment and protect your organization First seen on hackread.com Jump to article: hackread.com/postman-workspaces-leak-api-keys-sensitive-tokens/
The Ultimate Guide to Establishing a Strong Cybersecurity Baseline: Key Steps and Best Practices

Dec 23, 2024 5:44 PM

Tags: best-practice, control, cybersecurity, guide

Security baselines are the foundational guidelines that help organizations maintain a minimum protection standard. They provide a starting point”, a basic level of security that must be in place to protect against the most common threats. However, it’s important to understand how baselines differ from broader security controls or standards. Baselines are not meant to…
US order is a reminder that cloud platforms aren’t secure out of the box

Dec 20, 2024 11:43 PM

Tags: access, best-practice, breach, business, cisa, ciso, cloud, control, cyber, cybersecurity, defense, fedramp, google, government, guide, identity, incident, incident response, infrastructure, intelligence, international, login, mfa, microsoft, monitoring, network, risk, saas, service, software, tool

This week’s binding directive to US government departments to implement secure configurations in cloud applications, starting with Microsoft 365 (M365), is a reminder to all CISOs that cloud platforms, even from major providers, aren’t completely secure out of the box.”Cloud stuff is easy to manage, easy to deploy,” said Ed Dubrovsky, chief operating officer and…
Best Practices for Enrolling Users in MFA

Dec 20, 2024 9:45 PM

Tags: best-practice

First seen on scworld.com Jump to article: www.scworld.com/native/best-practices-for-enrolling-users-in-mfa
How to Prevent DDoS Attacks: 5 Steps for DDoS Prevention

Dec 20, 2024 5:43 PM

Tags: attack, best-practice, ddos, monitoring, network, router, threat

DDoS attacks are security threats that seek to cripple network resources such as applications, websites, servers, and routers, which can lead to heavy losses for victims. However, they can be prevented through implementation of security best practices and advanced preparation, like hardening your networks, provisioning your resources, deploying strong protections, planning ahead, and actively monitoring…