Blog

Regardless of the specific details of a breach, organizations must be prepared to respond when one occurs. The more organizations move applications and services to the cloud, the more it is important to plan for cloud incident response. These seven best practices will help you get started.

We all woke up recently to a security nightmare. Okta, an industry leader in identity and access management is potentially breached and the impact for the industry may be very high. Here are 10 actionable recommendations you can share, but please let us know if you have more so that we can add them to this list.

Mitiga has worked with a law enforcement investigation to prevent criminals from impersonating Office 365 executives and redirecting wire transfers. Learn more.

Spring is a Java framework for dependency injection and Model-View-Controller (MVC) web development. Spring is a very popular framework; over 6,000 other libraries use the "spring-beans" library (according to Maven Central). Spring4Shell, a new exploit in Spring, was just disclosed.

Understand your Okta system logs with this comprehensive guide, helping you enhance security, monitor activity, and respond effectively to incidents.

Traditional incident response (IR) learned from on-premises investigations doesn’t work in the cloud. Today's threat actors are finding misconfigurations and vulnerabilities to allow them to penetrate cloud environments.

The Russian military strategy is often described as a strategy of “active defense.” This means that their strategy includes both the preventative measures taken before a conflict breaks out and the tenets for conducting the war.

Learn how lateral movement attacks pose serious risks in on-prem, cloud, or hybrid environments, and discover effective strategies to mitigate these threats.

Over the last few months, everyone has been busy patching — seeking to close the loophole most learned about when the a patch was released for Log4j 2.15.0 for Java 8 users to address the remote code execution vulnerability CVE-2021-44228, a previously undisclosed zero-day vulnerability.