Hackers have become increasingly inventive, coming up with countless ways to get past perimeter security and move laterally between networks. Strengthening an organization’s cyber resilience requires a more comprehensive approach and Zero Trust security is the answer.
Singapore bears witness to innovation’s transformative powers and shines as a beacon of financial forward-thinking. With the advent of new and emerging payment systems such as cryptocurrency and blockchain, state-issued digital currencies, and various types of e-payments, Singapore has experienced rapid growth in the financial sector.
The latest draft of India’s data protection law – the Digital Personal Data Protection Bill, 2022 is an attempt to develop a “comprehensive” legal framework that is aligned with contemporary privacy laws. The reworked version incorporates hefty penalties for non-compliance, relaxes rules on cross-border data flows and recognizes the right to post-mortem privacy, among others.
The new PCI DSS 4.0 standards place a razor-sharp focus on security as a continuous process, while adding stringent controls to enhance validation methods. It is therefore imperative that organizations create a well-designed data security and compliance program that continues to evolve and looks beyond the check-box routine.
The application security landscape will see new and emerging trends such as integration of security tools with DevOps, adoption of security automation, use of threat modelling and a shift to a design-led approach.
A new large-scale phishing campaign involving adversary-in-the-middle (AiTM) techniques has targeted more than 10,000 organizations since September 2021. In addition to stealing the victim’s password, this phishing campaign is even capable of bypassing Multi-Factor Authentication (MFA).
On September 15th, Uber confirmed reports of an organization-wide cybersecurity breach. This is not the first time that Uber has been compromised. Similar instances have been reported in 2014 and 2016, and it appears that hardcoded credentials stored inside code and scripts were the case in all three incidents. The recent episode although claimed to have been an act of fun, does point to a few key learnings.
Recent reports by security analysts and researchers point to an increased use of free-to-use browser automation frameworks by attackers. The framework called Browser Automation Studio (BAS) includes various features such as browser emulation, mimicking human behaviour, and the ability to load data from URL, some of which have attracted several distinct threat actors, who are exploiting these for carrying out malware and credential stuffing attacks.
A subscription-based model like Software-as-a-Service (SaaS), Ransomware-as-a-Service (RaaS) provides users with tools and software to execute ransomware attacks with high-paying rewards that are collectively distributed among all the players involved.
The Indian Computer Emergency Response Team’s (CERT-In) recent Directions cover a host of measures aimed at strengthening the country’s cybersecurity. The larger objective is to capture the Indicator of Compromise (IOCs) and Threat Vectors of each incident and create an Intel database that could be used for securing the cyber defenses.
Ransomware is a multi-stage problem, that requires a multi-stage solution to effectively contain the attack at any stage. A typical ransomware attack goes through six distinct stages, and deconstructing each of these can help organizations strengthen their preparation and response strategies.
Data is the most critical asset for any organization, and businesses cannot ensure its security if they are unaware of its existence and purpose. Data security refers to a set of controls or techniques that ensure the maintenance of confidentiality, integrity, and availability of data throughout its lifecycle.
While PCI DSS 4.0 standards mandate any business that stores, processes, or transmits cardholder data to make substantial changes to their security controls and policies, merchants and service providers are also required to implement stringent controls, especially around authentication, reporting of security events and intrusion-detection systems, among others.
SISA is a forensics-driven cybersecurity company that helps secure businesses with robust preventive, detective and corrective security services and solutions. SISA offers products and services for risk assessment, security compliance and validation, monitoring and threat hunting, as well as training for various payment security certifications.
Industry recognition by CREST, CERT-In and SWIFT serves as a testament to our skill, knowledge, and competence.
With 2,000+ clients spread across 40+ countries, we leverage our learnings to provide true security, fanatic support and real business value to our customers.
USA
India
APAC
Middle East
Rest of the Countries
Facebook
Linkedin 
Twitter
Youtube
