Blog
Hunting Typo Squatters
Posted May 15, 2023 by Adam Cole ‐ 4 min read
Why HITRUST Part 2
Posted April 26, 2023 by Adam Cole ‐ 3 min read
Securing Customer Images
Here's an overview of how we ensure that only authorized customers can share their code with us and how we tightly control access to these images.
Posted April 5, 2023 by Adam Cole ‐ 3 min read
Why HITRUST, Part 1
This blog series explains the reasons why LifeOmic chose to use HITRUST CSF, which is a widely recognized and comprehensive framework for managing information security risk.
Posted February 16, 2023 by Gretchen Reeves and Adam Cole ‐ 3 min read
LifeOmic Brand Abuse
It has come to our attention that LifeOmic’s name has been used in a sophisticated phishing scheme. The phishing message attempts to convince users that LifeOmic has sent them an invoice and, in order to pay the invoice, you must call the number in the email.
Posted September 23, 2022 by Adam Cole ‐ 2 min read
Template Engine Fingerprinting
When testing web applications you may come across pages that allow you to enter a template and have it rendered to a user. Without access to the code it may be difficult to determine what the underlying template engine is. Here we will compare common JavaScript template engines to determine techniques to tell them apart without access to the underlying rendering code.
Posted June 17, 2022 by Charles Bevan ‐ 4 min read
Hack The Box Cyber Apocalypse
LifeOmic's security team competes in these challenges casually, with a focus on learning and improvement.
Posted May 24, 2022 by Austin Lee ‐ 8 min read
How LifeOmic responded to the log4j critical vulnerability
LifeOmic had limited use of the affected software, none of our use was Internet-accessible, and based on all evidence from our extensive logs, LifeOmic was not compromised by the log4j vulnerability. We were aware of the issue within 12 hours of its public disclosure and had mitigated the small number of internal systems affected within 4 hours. We continue to monitor possible impact from vendors who rely on the affected software. For more information, email security@lifeomic.com.
Posted December 15, 2021 by Bishop Bettini ‐ 3 min read
A Perspective of the Kaseya Incident
LifeOmic was unaffected by the Kaseya breach, but has several techniques in place that would have protected us.
Posted July 21, 2021 by Adam Cole ‐ 3 min read
Helping the PHP Community Strengthen its Security Posture
LifeOmic is committed to open source, so we shared our quick-start guide to signing commits following a breach of the PHP source code repository. LifeOmic was not affected by this breach.
Posted April 2, 2021 by Bishop Bettini ‐ 2 min read