Top 4 application security trends that can’t be ignored

The application security landscape will see new and emerging trends such as integration of security tools with DevOps, adoption of security automation, use of threat modelling and a shift to a design-led approach.

Published
Categorized as Blogs

Point of View – Learnings from the Uber Breach

On September 15th, Uber confirmed reports of an organization-wide cybersecurity breach. This is not the first time that Uber has been compromised. Similar instances have been reported in 2014 and 2016, and it appears that hardcoded credentials stored inside code and scripts were the case in all three incidents. The recent episode although claimed to have been an act of fun, does point to a few key learnings.

Published
Categorized as Blogs

The rising threat of Browser Automation Framework: All you need to know!

Recent reports by security analysts and researchers point to an increased use of free-to-use browser automation frameworks by attackers. The framework called Browser Automation Studio (BAS) includes various features such as browser emulation, mimicking human behaviour, and the ability to load data from URL, some of which have attracted several distinct threat actors, who are exploiting these for carrying out malware and credential stuffing attacks.

Published
Categorized as Blogs

CERT-In Directive – A Step to Strengthen India’s Cybersecurity Posture

The Indian Computer Emergency Response Team’s (CERT-In) recent Directions cover a host of measures aimed at strengthening the country’s cybersecurity. The larger objective is to capture the Indicator of Compromise (IOCs) and Threat Vectors of each incident and create an Intel database that could be used for securing the cyber defenses.

Published
Categorized as Blogs

Decoding the Anatomy of a Ransomware Attack

Ransomware is a multi-stage problem, that requires a multi-stage solution to effectively contain the attack at any stage. A typical ransomware attack goes through six distinct stages, and deconstructing each of these can help organizations strengthen their preparation and response strategies.

Published
Categorized as Blogs

Reinforcing Data Security with Data Discovery and Classification

Data is the most critical asset for any organization, and businesses cannot ensure its security if they are unaware of its existence and purpose. Data security refers to a set of controls or techniques that ensure the maintenance of confidentiality, integrity, and availability of data throughout its lifecycle.

Published
Categorized as Blogs

PCI DSS 4.0 – Key Changes Affecting Merchants and Service Providers and How They Should Respond?

While PCI DSS 4.0 standards mandate any business that stores, processes, or transmits cardholder data to make substantial changes to their security controls and policies, merchants and service providers are also required to implement stringent controls, especially around authentication, reporting of security events and intrusion-detection systems, among others.

Published
Categorized as Blogs
SISA’s Latest
close slider

Weekly Threat Watch