LifeOmic Security

Blog

Hunting Typo Squatters

Posted May 15, 2023 by Adam Cole ‐ 4 min read

Why HITRUST Part 2

Posted April 26, 2023 by Adam Cole ‐ 3 min read

Securing Customer Images

Here's an overview of how we ensure that only authorized customers can share their code with us and how we tightly control access to these images.

Posted April 5, 2023 by Adam Cole ‐ 3 min read

Why HITRUST, Part 1

This blog series explains the reasons why LifeOmic chose to use HITRUST CSF, which is a widely recognized and comprehensive framework for managing information security risk.

Posted February 16, 2023 by Gretchen Reeves and Adam Cole ‐ 3 min read

LifeOmic Brand Abuse

It has come to our attention that LifeOmic’s name has been used in a sophisticated phishing scheme. The phishing message attempts to convince users that LifeOmic has sent them an invoice and, in order to pay the invoice, you must call the number in the email.

Posted September 23, 2022 by Adam Cole ‐ 2 min read

Template Engine Fingerprinting

When testing web applications you may come across pages that allow you to enter a template and have it rendered to a user. Without access to the code it may be difficult to determine what the underlying template engine is. Here we will compare common JavaScript template engines to determine techniques to tell them apart without access to the underlying rendering code.

Posted June 17, 2022 by Charles Bevan ‐ 4 min read

Hack The Box Cyber Apocalypse

LifeOmic's security team competes in these challenges casually, with a focus on learning and improvement.

Posted May 24, 2022 by Austin Lee ‐ 8 min read

How LifeOmic responded to the log4j critical vulnerability

LifeOmic had limited use of the affected software, none of our use was Internet-accessible, and based on all evidence from our extensive logs, LifeOmic was not compromised by the log4j vulnerability. We were aware of the issue within 12 hours of its public disclosure and had mitigated the small number of internal systems affected within 4 hours. We continue to monitor possible impact from vendors who rely on the affected software. For more information, email security@lifeomic.com.

Posted December 15, 2021 by Bishop Bettini ‐ 3 min read

A Perspective of the Kaseya Incident

LifeOmic was unaffected by the Kaseya breach, but has several techniques in place that would have protected us.

Posted July 21, 2021 by Adam Cole ‐ 3 min read

Helping the PHP Community Strengthen its Security Posture

LifeOmic is committed to open source, so we shared our quick-start guide to signing commits following a breach of the PHP source code repository. LifeOmic was not affected by this breach.

Posted April 2, 2021 by Bishop Bettini ‐ 2 min read