July 2020


Secure remote access explained

As the business world adjusts to the chaotic landscape of today’s economy, securing access from remote devices and endpoints has never been more critical. Equally critical is the requirement for organizations and their employees to practice good security hygiene. With the rising number of endpoints (laptops, servers, tablets, smartphones) requiring access to corporate networks, the range of attackable targets for malicious actors has broadened substantially.


What is Corporate Espionage?

The term “espionage” often brings images of double agents and covert undercover missions to mind. This is how espionage is depicted in the movies, but in real life, it can take on many other forms. Businesses may not need to worry about James Bond spying on their company, but they should be concerned about corporate espionage. Corporate espionage, often referred to as industrial espionage, is the practice of spying for financial or commercial gain.


Why is Dynamic Analysis an Important Part of Your AppSec Mix?

By now, most are familiar with the concept of DevSecOps. With DevSecOps, application security (AppSec) is moved to the beginning of the software development lifecycle (SDLC). By scanning earlier in the SDLC, you are able to find and fix flaws earlier. This can result in significant time and cost savings. Most organizations understand the importance of static analysis, which scans for flaws during development, but dynamic application security testing (DAST) is just as important.

Featured Post

The ISO 9000 Family As It Relates To Operations

In a world where customers gravitate towards the best products and services, upholding high levels of quality as a business is a no-brainer. Being quality-centric in all your business processes ensures you can steer away from common errors. It can also improve your overall productivity as well as improve your customer retention rates.While there are various standards you can follow to improve the quality of your daily operations, the ISO 9000 standard remains to be one of the best. Even better, it is recognized globally, which could make it easier to do business the world over. The ISO 9000 family consists of five standards.


Finding problems that matter

See their previous blog for more! Towards the end of the 19th century, large cities like New York were facing a vexing problem so devastating that many questioned whether such cities could be sustained at all. People could no longer cross the street without assistance, stumbling was a common problem, disease was spreading, and even those issues had nothing on the horrendous stench emanating from every corner. We are talking, of course, about horse manure.


FBI Releases Flash Alert on Netwalker Ransomware

The Federal Bureau of Investigations (FBI) released a flash alert in which it warned organizations about the dangers of Netwalker ransomware. On July 28, the FBI revealed in Flash Alert MI-000130-MW that it had received notifications of attacks involving Netwalker against U.S. and foreign government organizations along with entities operating in the healthcare and education sectors.


Cybersecurity Baseline for IoT Device Manufacturers

The pervasive impact of Internet of Things (IoT) devices on our lives is greater than that of traditional IT devices. There are several unknowns in IoT security, and it raises concerns for customers who are looking to incorporate IoT devices in their existing infrastructure. Fortunately, security by design can resolve some of the major root causes of the underlying vulnerabilities in these connected devices.

Downtime Should Never Be Unplanned

After the onset of Covid-19, organizations pivoted quickly from a fixed, traditional kind of infrastructure to a virtual, distributed one to support remote workers and enable social distancing. The nature of stop-gap responses to this crisis opens your organization up to more risk, less resiliency and redundancy. How are you going to make sure your flexible architecture and dispersed teams can deal with penetrations, loss of connectivity and other outages? Now, more than ever, comprehensive governance across all of your infrastructure—in both IT and OT networks—is essential.

Can AI Predict Workplace Violence?

In June 2020, a knife attack at a kindergarten in China injured 39 people, many of them children. The perpetrator was a security guard at the school. This was an insider attack and a horrific act that happens far too often across the world. While the majority of the cybersecurity industry is focused on securing data, the growing convergence of digital and physical security remains unhinged.


Announcing Veracode Security Labs Community Edition

We recently partnered with Enterprise Strategy Group (ESG) to survey software development and security professionals about modern application development and how applications are tested for security. The soon-to-be-announced survey found that 53% of organizations provide security training for developers less than once a year, which is woefully inadequate for the rapid pace of change in software development.


Dynamic Application Security Testing: DAST Basics

Application security testing (AST), which are tools that automate the testing, analyzing, and reporting of security vulnerabilities, is an indispensable part of software development. In a modern DevOps framework where security is shifted left, AST should be thought of as compulsory. And this has never been more important when you consider that Forrester reports the most common external attack method continues to be application weaknesses and software vulnerabilities.


Suspicious Activity Monitoring: Reducing the strain of false positives in real-time

The COVID-19 Pandemic has enabled contactless payment volumes to increase quicker than previously projected. According to Juniper research, contactless payments will triple to $6 trillion worldwide by 2024, up from about $2 trillion in 2020, as the amount of mobile wallet transactions increase and banks expand the use of contactless cards.


Effective Threat Intelligence Through Vulnerability Analysis

Vulnerabilities are weaknesses leveraged by adversaries to compromise the confidentiality, availability or integrity of a resource. The vulnerability ecosystem has matured considerably in the last few years. A significant amount of effort has been invested to capture, curate, taxonomize and communicate the vulnerabilities in terms of severity, impact and complexity of the associated exploit or attack.


Social Engineering: Hacking Brains...It's Easier than Hacking Computers

The audience in the room is weirdly quiet. The contestant is in a small plexiglass booth with nothing but a phone, a laptop computer and some notes. On a set of speakers outside, the booth broadcasts the sounds of a dial tone as a woman on the stage begins to dial a number. It is apparent she is not phoning a friend. The dial tone changes to a ring tone, and moments later, the other end picks up. “Hello… IT department.


Sy4 Security's Keven Knight on Building a SOC Amid a Pandemic (Video)

It is impossible for the timing of Sy4 Security’s launch to be lost on Keven Knight, COO of the U.K.-based MSSP. Sy4, which spun out of BAE Systems’ commercial managed security business, not only emerged during a global pandemic (which included the construction of a new security operations center), but also had to ensure it never lost sight of new customer risks fueled by the COVID-19 crisis.


What is ICMP?

Being a supporting protocol in the Internet protocol suite, ICMP is often preferred by network devices to send error messages and similar information. Keep reading to learn more! In order to maintain the security and safety of networks, maintaining a successful communication between devices is essential. That is why protocols like ICMP are very important and popular as of today. In this article, we will discuss what ICMP is and why you need it. What is ICMP?


GKE Networking Best Practices for Security and Operation

This is part two of our four-part GKE security blog series. Don’t forget to check out our previous blog post that covers security best practices for designing your GKE clusters. Securing your GKE cluster’s network traffic and access is crucial for the entire cluster’s security and operation. Follow the below recommendations and best practices to protect your Kubernetes network on GKE.


Phishers Using Fake Sharepoint Messages to Target Office 365 Details

Phishers leveraged fake automated messages from collaborative platform Sharepoint as a means to target users’ Office 365 credentials. Abnormal Security found that the phishing campaign began with an attack email that appeared to be an automated message from Sharepoint. To add legitimacy to this ruse, the attackers used spoofing techniques to disguise the sender as Sharepoint. They also didn’t address the email to a single employee but included multiple mentions of the targeted company.


How Cloud Mitigation Techniques Can Help Prevent Ransomware and Phishing Attacks

The COVID-19 pandemic revealed flaws in the American healthcare system that were always there. The only difference now is that those flaws have been brought to light. In the wake of the pandemic, a new host of cyberattacks occurred within the healthcare sector. Malicious hackers aimed to take advantage of the crisis with a combination of misinformation campaigns and ransomware.

outpost 24

Fix now: High risk vulnerabilities at large, July 2020 part 3

In the world of CVEs, we have seen a few interesting ones released in the last couple of weeks since our last risk based vulnerability management blog, including the recent big news SIGRed. Read on for more information on how to prioritize these vulnerabilities for patching to mitigate risk.


How to Comply with the Sarbanes-Oxley (SOX) Act

Compliance with the Sarbanes-Oxley Act of 2002 is a legally mandated must for all U.S. public companies and some other entities, as well. But meeting the requirements of this important law can be incredibly difficult. Preparing for a SOX compliance audit requires so much work that companies often designate entire teams full-time to the task. The law is that complex.


New Redscan FOI report reveals the state of cyber security across UK universities

In March 2020, Redscan sent Freedom of Information (FOI) requests to 134 universities across the UK. The aim was to understand more about the frequency of data breaches in the sector and some of the steps institutions are taking to prevent them. The focus on universities was due to the integral role these organisations play in conducting world-changing research and shaping the skills and knowledge of the workforce. The results of the FOI request are available to download in a short report.


The Economics of Network & Security Transformation - Part 3

A framework and strategy review for managing network & security transformation is much needed. Every CIO, CISO, and CTO today will be assessing their ongoing costs to run and operate a secure network and security programme for 2021 and beyond. In parts 1 & 2 of this three-part series, I explained what numbers should feed these calculations and measurements and how performance, flexibility, and scalability are all key to this transformation.


How Escalating Privileges Can Shake your Enterprise Security

Privileged access rights are the gateway to critical systems and data. Providing users with elevated privileges is a standard practice, as employees sometimes need access to sensitive data to perform their jobs. At the same time, there’s always a risk of privilege misuse with the aim of industrial espionage or cyberattacks.


Do you trust your cache? - Web Cache Poisoning explained

As we are all currently confined to a life at home during the pandemic, it has become more important than ever that our favorite web applications stay fast and reliable. Many modern web applications use web caches to keep up with these demands. While this works wonders from a performance perspective, it also opens up new attack vectors. One of these new attack vectors is called Web Cache Poisoning.


Financial Institutions Facing Increased Threats Post COVID-19 Lockdown

The finance industry has long been the ideal target for dangerous cyber criminals, holding a treasure trove of sensitive information and financial credentials of innocent victims, but in the wake of the post COVID-19 lockdown period, researchers have found that these institutions are seeing a marked spike in cyberattacks.


Unified cloud-native authorization: Policy everywhere and for everyone

When we started Styra, we set out to rethink authorization and policy for the cloud-native environment. We knew that new risks and challenges would emerge as companies embraced the cloud and began using a whole new host of technologies and architectures for building applications. The constant changes and dynamic runtime of the cloud-native environment complicated matters even more.


Using Good Cyber Practices to Frame your Personal Cyber Narrative

Someone in my Twitter timeline wrote a post that resonated with me. Instead of advocating the idea of our firms mandating what we can and cannot do in our homes as working from home (WFH) standards, she said how gracious it was for us to let the firms into our home environments where we had already made investments in how and where we wanted to work in our personal space. So much of what we do daily in our personal ecosphere requires authentication.


Quantitative Risk Analysis: Annual Loss Expectancy

Risk assessment is an essential component of risk management. It enables you to determine potential hazards that may negatively affect specific projects or result from certain decisions. This article explains how to calculate your cybersecurity risk using the concept of annual loss expectancy: There are two types of risk analysis — quantitative and qualitative: Both forms of risk analysis are valuable tools in risk management.


In the Blink of AI - How Artificial Intelligence is Changing the Way Enterprises Protect Sensitive Data in Images

You have probably heard of how AI technology is used to recognize cats, dogs and humans in images, a task known as image classification. The same technology that identifies a cat or dog – can also identify sensitive data (such as identification cards and medical records) in images traversing your corporate network.


Exploiting the Pandemic: Cyber Security Breaches in 2020

The world has seen more unprecedented events in the first six months of 2020 than some see in a lifetime. From a pandemic threatening the health and lives of people worldwide and triggering unprecedented social isolation to recent devastating events catalyzing global civil unrest, this year almost feels apocalyptic. As always, in times of disruption and uncertainty, vulnerabilities are exposed, and opportunities are opened for the selfish few to capitalize on others’ misfortune.


Why Pivoting in a Crisis May Actually Energize Secure DevOps

Digital transformation has been around for about as long as the internet has been a household staple. Only in recent years, however, have we’ve seen an accelerated push to digitalize pretty much everything. Until now, the driving force has been the market. Competitors with a range of new offerings are using technology, not just to automate, but to completely change the way things are done.

Tips for Unifying the Security Professional and Developer Roles

Watch our video "Tips for Unifying the Security Professional and Developer Roles" to hear from Veracode’s Chief Technical Officer Chris Wysopal and Chief Product Officer Ian McLeod on how the security and development roles became misaligned, and how organizations can tackle the problem head-on.

What is Stateful Packet Inspection?

Stateful packet inspection is also known as the dynamic packet filtering and it aims to provide an additional layer of network security. Keep reading to learn more! In business environments, we use network technologies very often. They allow us to share resources and files, set communication protocols and such. As much as they streamline and accelerate our business processes, they can also pose a serious vulnerability for our cyber security.


Protecting Against Kubernetes Threats: Chapter 5 - Defense Evasion

The fifth installment in our nine-part blog series – where we examine each of the nine MITRE ATT&CK tactics and techniques for Kubernetes – covers Defense Evasion, a grouping of techniques focused on concealing adversary actions intended to avoid detection. This includes tactics such as deleting evidence of an attacker’s presence or obfuscating how access to a resource was gained.


Google Chrome Aims to Keep its Edge Over Other Browsers with its Latest Privacy and Security Features

Google Chrome may currently enjoy the numero uno position in the world of browsers, but it is starting to feel the pressure. The competition is heating up with its rivals like Microsoft Edge offering upgraded security features to lock in more users. The coronavirus pandemic has brought extensive changes to the way people operate, which in turn, has created a need for securing remote workforces.

Design and Implementation of OEM ICS Cybersecurity Frameworks

It can be difficult to develop and refine cybersecurity initiatives when you face numerous obstacles like legacy systems, architectural changes and much more. Explore how you can effectively establish your security objectives and what you need to meet them with Tripwire's Robert Landavazo and Mike Zavislak from Baker Hughes in this excerpt from the SANS Oil and Gas Solutions Forum.

Five reasons to consider outsourcing your organisation's cyber security

This issue has been compounded in recent months due to the impact of COVID-19 on IT and security spending. Research by Gartner suggests that worldwide expenditure on information security and risk management technology and services is due to increase by only 2.4% in 2020 – significantly less than the 8.7% growth originally anticipated. To be effective, cyber security requires not only technology but the skilled security experts and threat intelligence to leverage it.


Week Six Featuring Research From Forrester: Are These Industries Undermining Their Security Posture?

Everyone knows application weaknesses and software vulnerabilities continue to be the most common avenue for exploit. And this recent Forrester report, The State Of Application Security, 2020, confirms it. These independent findings indicate, as organizations shift more workflows and resources to the Cloud, cybercriminals appear to be doubling down on their attack methods.


WarXing in Cyber Security

Warcarting, war dialing, wartoothing, wardriving, wartransit… Also known as NetStumbling or WILDing, WarXing is a search of Wi-Fi networks. Keep reading to learn more! In our hyper connected world, an active and stable internet connection is akin to oxygen. Our smartphones, tablets, computers and even smart watches need internet connection to fulfil the entirety of their functions.


Malware Detection: Protecting your reputation and financial bottom line one transaction at a time

While major, multi-million dollar man-in-the-middle attacks have remained under the radar in recent months, spear phishing and social engineering attacks are on the rise as fraudsters continue to take advantage of the uncertainty surrounding COVID-19.


Politician Amongst Those Who Had Their Direct Messages Accessed During Twitter Hack

More information has emerged related to last week’s attack which saw a number of high profile Twitter accounts hijacked for the purposes of spreading a cryptocurrency scam. Twitter has already said that 130 Twitter accounts were targeted by hackers, using tools that should only have been available to the site’s internal support team.

Lifting The Veil Of The Dark Web

See How Companies Arm Themselves With The Right Tools To Protect Against Threats From The Dark Web. We've all seen what's possible with the Dark Web thanks to Silk Road. If you're interested in buying or selling someone's personal data, such as credit card or social security information, it’s disturbingly easy to do. All you need is a computer and the Tor Browser, and it's all completely anonymous.

Introducing Pizzly - the OAuth Integration Proxy

At Bearer, the whole team is focused on helping developers that rely on third-party APIs. In 2019, our engineers developed a solution that eased the integration with any API that uses OAuth as the authentication method. By handling both the authentication strategy (with refresh tokens) as well as proxying the request, it saved hours of engineering time when working with API integrations.


Everything You Wanted to Know About Open Source Attribution Reports

Open source components are a major part of the software products we create and use. Along with the many advantages that using open source projects brings to software development organizations, it also comes with obligations and added responsibilities. One of these requirements is open source licensing compliance.


Bridging the Gap Between Designers and Developers

Designing software is tough. Whether you’re a designer, a product manager, or an engineer, we all play a major role in what the end user gets their hands on. Perhaps one of the most critical pieces on the journey to making great software is the relationship between designers and developers. When software is done right, it’s easy, intuitive, and a joy to use. This is no accident - it’s very intentional and it often takes countless iterations to get products to look and feel great.

outpost 24

Attack surface analysis explained: The 7 deadly vectors for web application attacks

Modern web applications are complex, it is often made up of many layers where potential flaws could appear making it hard to secure. That’s why it’s important to understand the key attack vectors hackers use to spot entry points and map your attack surface during reconnaissance and work back from there to protect your web application footprint.


Selecting the Best SOAR Solution Series: What's in a Name? (Part 1)

Security orchestration, automation and response, commonly known as SOAR, is one of the most talked about technologies in cybersecurity these days – and with good reason. The right SOAR platform, coupled with good implementation, can go a long way in helping security teams reduce alert overload, orchestrate the multitude of tools in use, and build automated, repeatable processes that slash response times and ultimately allow security pros to focus their time on higher-value work.


OneDrive for Business: Getting Administrator's Access to User's Files and Folders

OneDrive for Business is a secure cloud-based solution for convenient telecommuting, remote access and private file sharing. Indeed, files stored on OneDrive are private by default: Users control access to the files they upload, so they can be seen by other employees only if they have been shared by the OneDrive owner. Even users with Global Administrator access cannot access files unless the OneDrive account holder has granted them the appropriate permissions.


Leaky Helpdesk - Accidental Exposure of Zendesk Attachments

Does your helpdesk publicly expose the files you upload to it? Is there malware lurking in your helpdesk? In this latest edition of our leaky cloud app series, we uncover publicly accessible data in the Zendesk instances belonging to more than 350 organizations. This exposed data includes confidential information, malware, and even some COVID-19 themed Trojans.


Tips for Running an Effective Virtual Offsite

Offsites are a big part of remote teams. They allow everyone to socialize, connect more deeply with coworkers, and help build shared experiences and empathy. Even if video calls are a great tool to share information, they can be tiring. It's too easy to miss non-verbal cues. Chance encounters over coffee never happen, and we don’t always experience the same personal connections that come from small-talk.


Security best practices for your Heroku app

When it comes to hosting your apps on Heroku, it’s important to consider security. As a Platform-as-a-service (PaaS) provider, Heroku handles many things for you, but it’s important to understand what is done for you on the security front, and what isn’t. There’s a reason that there are security add-ons like Sqreen in the Heroku marketplace after all! In this post, we’re going to be talking about securing applications on Heroku.


The Cyber Risks of Remote Workers Returning to the Office

The COVID-19 pandemic has created a huge list of challenges for businesses. One that is potentially going unnoticed or under-reported is cybersecurity. Specifically, as lockdown ends and as individuals return to offices and places of work, it may be the case that something malicious is already waiting for them on their devices. Here we take a look at the cyber risks of remote workers returning to the office.


System Administrator Salary: How Much Can You Earn?

Many system administrators are concerned that they are not paid fairly, especially considering the high workload and long hours. In fact, the recruiting website Indeed.com reports that 43% of system administrators think their salary is not enough for the cost of living in their area. How does your location measure up? To save you from having to browse tons of job openings and analyze current trends to answer that question, we’ve done the research for you.


The Days of the "Security Stack" are Over, Long Live SASE

Words are sticky and persistent. We’ve seen brand names, such as Kleenex or Post-it, become synonymous with their marquee products. This same phenomenon is why we continue to refer to movies as “films” even though they’re produced digitally. Today, we’re seeing this at play with the words we use to describe our IT and security systems.


Change and Configuration Management Best Practices Guide

Systems are constantly changing. Change and configuration management best practices allow organizations to keep track of configuration changes in a way that allows for rapid feature updates without any service outages, but many organizations struggle to find the ideal formula to make this process successful. So, what are the best practices in change and configuration management?


The top 5 SOC 2 compliance traps companies fall into

Today, information technology companies are really concerned with the protection of their data. And rightfully so! Data protection is important, as mishandled data can make your company vulnerable to breaches. Therefore, to mitigate risk and remain competitive, all companies need to ensure that their data is handled in a secure way. The best solution is to make sure your company complies with a widely agreed upon set of rules or principles.

Benefits of SOC-as-a-Service

Companies of all sizes need to improve their incident detection and response capabilities. Cybersecurity, however, is hard work. Resource constraints, including not having enough skilled staff, funding or time, combined with an ever-increasing amount of threats and compliance requirements are leaving businesses at a disadvantage and causing team burnout. A SOC-as-a- Service exists to help companies of all sizes extend both their team and their cybersecurity protections.

Understanding the Benefits of the Capability Maturity Model Integration (CMMI)

Many organizations have Information Security Programs (ISPs), but many executives and boards do not know how to measure progress within these programs. They are therefore hesitant to believe any investment in technology will mitigate perceived or even unknown risks. Some organizations use regulated compliance standards such as PCI DSS or AICPA attestations as measures of their ISP.


Trading Cookies for U.S. Federal Data Privacy Regulations

The General Data Protection Regulation (GDPR) has been in effect for two years in the European Union (EU). As Americans continue to become attentive to GDPR and their own data privacy, it’s not surprising that some data protection guidelines are emerging in the United States. Indeed, it’s safe to assume that California Consumer Privacy Act (CCPA) was modeled from the EUs data privacy framework.


What Is the Personal Data Protection Bill 2019?

The Personal Data Protection Bill 2019 (PDP Bill 2019) was introduced to the Lok Sabha by Ravi Shankar Prasad, the Minister of Electronics and Information Technology, on December 11, 2019. This comes after more than two years of debate about the bill's provisions. As of March 2020, the bill is being analyzed by a Joint Parliamentary Committee (JPC) in consultation with industry experts and stakeholders.


Wandera protects Microsoft 365 without device management

Traditionally, securing a mobile endpoint has required a device manager. Device management gives IT administrators the control to manage and secure devices, but it isn’t always appropriate. Many organizations have BYOD policies, with employees using their personal devices for work purposes. In fact, even in 77% of organizations without a BYOD policy, employees still use their own devices.


StackRox Selected as CRN Emerging Vendor - it's Déjà Vu All Over Again

What’s better than being named a Computer Reseller News Emerging Vendor? Winning that designation two years running! We’re thrilled to be included amongst these elite technical innovators. The advantages of our unique Kubernetes-native approach to securing today’s modern apps are earning us kudos across customers (see online reviews on Gartner Peer Insights and G2), cloud partners, resellers, and industry watchers.


Introducing the Egnyte Content Services Platform

Today, we are excited to be launching the Egnyte Content Services Platform, the evolution of our industry-leading content collaboration and data governance technologies, to help organizations address the issues they face and allow for effective deployment of secure content services. The Platform is a major step forward in the progression of how companies create, use, transact, and manage their critical data.


Top 5 Cybersecurity Risks with Cloud Migration

The demand for cloud computing has skyrocketed in recent years. Lower costs, a faster time to market, increased employee productivity, scalability, and flexibility are some of the beneficial factors motivating organizations to move to the cloud. It’s not likely that organizations will slow down with their migration plans, either.


Protecting Against Kubernetes Threats: Chapter 4 - Privilege Escalation

Part four of our nine-part blog series on the various Kubernetes threat vectors and tactics covers Privilege Escalation, which encompasses techniques that enable an attacker to gain additional privileges that can be used to take more actions within the cluster and/or grant access to a wider scope of resources. These techniques include accessing or running a privileged container, taking advantage of roles with broad administrative privileges, and gaining access to cloud resources.

outpost 24

Fix now: High risk vulnerabilities at large, July 2020 part 2

In the world of CVEs, we have seen a few interesting ones released in the last couple of weeks since our last risk based vulnerability management blog, including the recent big news items affecting F5 BIGIP and Pan-OS. Read on for more information on how to prioritize these vulnerabilities for patching to mitigate risk.


The importance of cyber training for remote workers

Working remotely has its own personal challenges in terms of productivity: between the cat walking across your keyboard and the kids dropping in on your Zoom meetings, workers across the globe have had to adjust to doing their job in a different way. Organisations also had to swiftly transition to employees working remotely, and this has introduced a new set of risks from a cyber security perspective.


5 Steps to Digitizing Your Workspace

Picture your workspace at the office from ten, five, or even two years ago—what has changed? Your computer likely occupies less space than it did in the past. Your office phone, which was once wired to the corner of your desk, now sits comfortably in your pocket. And you are probably working at home exclusively, or at least most of the time.


Ditch the Checklist: Why Automation is the Key to Content Compliance

Compliance frameworks provide guidelines for effective and secure operations for content management across a company’s various repositories. They’re written as a set of controls, each one which corresponds to different settings and policies that an organization must follow in order to ensure the safety of their data.


3 Steps to better cybersecurity in touchless business solutions (Part 3 of 3)

This blog was written by an independent guest blogger Image Source In Part 1 and Part 2 of this series, we covered the first two steps to better cybersecurity in touchless business solutions, which is to practice extra caution in cashless payment solutions, and to heighten cybersecurity and data protection protocols. We conclude this series by discussing the third step to improve cybersecurity for touchless systems, which is to automate wherever possible through innovative technologies.


Vulnerability scanning explained

This blog was written by a third party author Vulnerability scanning is the process of detecting and classifying potential points of exploitation in network devices, computer systems, and applications. This is done by inspecting the same attack areas used by both internal and external threat actors—such as firewalls, applications, and services that are deployed either internally or externally—to gain unauthorized access to an organization’s network and assets.


The Twitter mega-hack. What you need to know

What the heck has happened on Twitter? Twitter accounts, owned by politicians, celebrities, and large organisations suddenly started tweeting messages to their many millions of followers, at the behest of hackers. What did the messages say? Here is a typical one which appeared on the account of rapper, songwriter, and optimistic Presidential candidate Kanye West and was distributed to his almost 30 million followers.


Introducing Gartner's Tips for Selecting the Right Tools for Your Security Operations Center

The security operations center (SOC) is a complex place. For one, attaining efficiency is critical, considering time and effort are of the essence in an environment too often reliant on manual and inconsistent processes while continuously pummeled by alerts. But don’t try to set a performance benchmark against others, as there is no one-size-fit-all recipe for SOC success with every organization facing a different risk profile, no matter how similar in size and vertical you may be to another.


What are the COSO Control Objectives?

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework goes back to the year 1992. The industry was looking for an internal control framework, and the COSO Internal Control Framework was the answer. There are three COSO compliance disciplines, five internal control components, and 17 principles focused on internal controls.


How to Protect PII

A wide range of privacy regulations govern how organizations collect, store and use personally identifiable information (PII). In general, companies need to ensure data confidentiality, avoid data breaches and leaks, and make sure data is not destroyed or altered in unauthorized ways. The consequences of lost or leaked PII data are significant. Of course, the individuals involved can be harmed from resulting identity theft and associated costs.


Web application penetration testing: maximising value through effective scoping

This blog from senior security consultant Jed Kafetz runs through the key information Redscan requires to scope, plan and price a web application penetration test to ensure it delivers the best outcomes and value for money. When reaching out to us for a quotation, providing the most complete and accurate information possible will not only guarantee a quick turnaround time, but will also ensure that we are not under or over scoping the engagement.


Interactive Application Security Testing: IAST Basics

Because applications and software vulnerabilities are the most common external point of attack, securing applications is a top priority for most organizations. An essential component for reducing this risk is application security testing (AST). In this blog, we focus on interactive application security testing (IAST), the relative newcomer in the AST market.


10 Steps to Prevent Man in the Middle Attacks

Gaining more popularity among hackers, man in the middle attacks aims to exploit the real time transfer of data. Keep reading to learn more! When attacking an organization, hackers are focused on being swift and stealthy. In order to successfully infiltrate, steal sensitive information or hurt an organization in various other ways, hackers must be able to go under the radar for a while.


Teleport Demo Video - Modern SSH

We recently launched Teleport 4.3 and received an overwhelming response from newer members of the community. They have requested that we go back and explain from the start what Teleport is and why it is better than using the built-in SSH machinery that comes with every Linux or BSD distribution. Teleport is an open source Linux server that allows you to easily implement SSH best practices. We have covered SSH best practices using OpenSSH on our blog before.


Top 5 Risks that Can Compromise Your Life Sciences Data

The goal of every life sciences company is to improve the lives of patients by getting their product to market. To do so often requires successfully completing a clinical trial. It goes without saying, however, that keeping the resulting data secure and compliant is paramount. Restricting access to only those that need it is an essential first step, but there is much more that needs to be done.


AlienApps Roundup - Box, Cloudflare, Palo Alto Networks, Salesforce, ServiceNow, Zscaler, Checkpoint

Having a detection and response strategy and tools has long been a leading indicator of a mature, well-funded security organization. The cost of tools, and expertise required to operate them, has long created an uneven playing field in the security industry. Here at AT&T Cybersecurity, we believe that security, specifically detection and response, is something that should be available to every business, independent of size or the number of security experts working there.


More Than a Tenth of Ransomware Attacks Now Involve Data Theft

Research into recent ransomware submissions revealed that more than a tenth of crypto-malware infections now involve some element of data theft. In the second quarter of 2020, ID Ransomware received 100,001 submissions of crypto-malware pertaining to attacks that had targeted organizations and government entities. Of those attacks, 11,642 involved the theft of victim data by their perpetrators. That’s over 11% of the attacks for that six-month period.


Making API Requests with Python

Python is in the midst of a resurgence. It never went away, but usage now grows like never before. With machine learning developers and data scientists relying on Python, much of the web development ecosystem around the language continues to grow. One aspect that affects all three of these specializations is the powerful benefits of APIs. Pulling in data, and connecting to external services, is an essential part of any language.


Details of 142 Million MGM Hotel Guests Found on the Dark Web

The 2019 data breach at luxury hotel chain MGM Resorts appears to be much larger than originally reported after researchers recently found 142 million hotel guests’ personal details for sale on the dark web. Last summer’s data breach was initially reported to impact 10.6 million hotel guests after hackers were able to gain unauthorized access to a cloud server.


Everything You Need to Know About OAuth (2.0)

The modern human likely has profiles on dozens of applications. Whether it’s social media applications, music/video streaming, or workspace resources, each of us must manage accounts that contain personal information. Over time, these siloed applications have become increasingly connected. Twitter allows news sites to directly tweet, Discord searches Facebook for suggested friends, and Jira creates user accounts using Github profiles.


Smart Cache: Where Infrastructure Meets Content Intelligence at the Edge

Businesses have long relied on Egnyte’s hybrid technology for low-latency access to large files in bandwidth-constrained environments, and to ensure business continuity during internet outages. By syncing cloud content to a local storage device, hybrid architecture enables caching close to the user, which offers major benefits for customers who need cloud-scale connectivity with on-prem performance.


DDoS attack prevention and protection explained

This blog was written by a third party author. Distributed denial of Service (DDoS) attacks stand as some of the most disruptive and costly cyberattacks that organizations face on a regular basis. Cyber criminals use DDoS attacks to make websites and other online services unavailable for legitimate use.


The damaging impact data breaches have on American society as a whole

This blog was written by an independent guest blogger. In the age of the internet where everyone has a mobile phone and multiple social media profiles, one phrase has become synonymous with doom and dread - data breach. It seems like these breaches have become a regular occurrence in modern society. Small businesses may be particularly susceptible to security hacks, but even large corporations are not immune.


6 Cloud Security Threats Healthcare Companies May Face - With Solutions

For healthcare organizations that handle a lot of patient data, including very sensitive information, cloud computing is a revolution to data storage. Cloud computing in healthcare lowers data storage costs (compared to the old paper-storage era), enables easy retrieval of patient data and also improves the privacy of patient information. This has inevitably led to a rise in the adoption of cloud computing in healthcare.


6 Benefits of Internal Auditing

If you want confidence that your organization is meeting its core business goals, you need internal audits. If you want to save your organization time and money and keep everything running like a well-oiled machine, internal audits will help you get there. If you want to protect your enterprise against fraud and prevent fraudulent practices, internal audits are key.


Are Quality and Security Synonymous in Software?

Defining quality within software is a work in progress. It’s also a process of evolution, particularly in the way the notion of quality relates to security. The two are inextricably linked—and yet, the relationship is not always clear. Can we assume quality software is always secure? Does secure software automatically check the boxes for quality? When we discuss quality and security in software development, are we talking about the same thing?


What Does it Take to be a Rockstar Developer?

If there’s one thing you need to value as you move through your career as a modern software developer, it’s the importance of security. With application layers increasing and the shift left movement bringing security into the picture earlier on the development process, security should be top of mind for every developer working to write and compile successful code.


Protecting Against Kubernetes Threats: Chapter 3 - Persistence

This is part three of a nine-part blog series where we examine each of the nine Kubernetes threat vectors across 40 attack techniques and provide actionable advice to mitigate these threats. Don’t forget to check out parts one and two. The third tactic in the Kubernetes attack matrix is Persistence.


Teaching kids skills to catch hackers and fix security risks at Cyber Discover

We are now living in an era where kids are growing up with the internet every day. Those of us who are older learned how to be more skeptical of technology, but our children largely aren’t growing up with this same level of skepticism. Today, over 60% of children are using the internet for over forty hours a week. Many of these children are taking cybersecurity for granted because they simply aren’t aware of many of the digital security risks that come with online use.


5 Risks You Need to Remember When Securing Your Containers

Containers are on the rise. As reported by GlobalNewswire, Allied Market Research estimated that the application market would grow from its 2016 value of $698 million to $8.20 by 2025. With a compound annual growth rate of 31.8% between 2018 and 2025, this increase would largely reflect both the surge in popularity in application container technology along with a growing number of organizations’ migration to the cloud.


A Modern SOC Meets a Modern SIEM

If you’re responsible for cybersecurity at your company, you know that threats to your organization’s network and data have consistently increased. This has been happening at a point in time when your financial and staffing resources are staying flat (or going in the opposite direction). What does that all add up to mean? It means that regardless of the amount of resources you have to work with, you can’t afford to ease up on your cybersecurity protections.


How to Cyber Security: Fuzz a tank

Defensics is a generational fuzzer, which means it creates test cases based on a detailed model of the input data. The result: test cases that are very realistic but messed up in some way. This technique is highly effective in burrowing into different control paths in the target and revealing vulnerabilities. Subjectively speaking, the test cases have high quality. The disadvantage of generational fuzzing is that somebody has to create the data model for the inputs you are fuzzing.


Detectify security updates for 13 July

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.


Quality Conundrum: Relying on QA Tools Alone Increases Risk

Quality assurance, or QA, is one of the go-to solutions for organizations looking to enhance their application security (AppSec). But alone, they don’t provide enough coverage and can give your team a false sense of security that comes back to haunt you during audits, or worse: after a breach. QA tools are only the tip of the iceberg when it comes to flagging and remediating flaws that leave your applications vulnerable to attacks.


Understand the Past to Shape the Future of AppSec

It can sometimes feel like development and security teams are working toward two separate goals. Both developers and security professionals are supposed to be working toward timely, secure releases, but in reality, developers tend to prioritize speed and function, and security professionals prioritize security measures. How can you unify the teams and focus them on shared goals? A little history can help.


New Forrester Report: Build a Developer Security Champions Program

We know firsthand how critical it is for developers and security professionals to have a great working relationship. That extends beyond simply communicating well; for your DevSecOps program to come together so that you can secure your applications, you need to break down silos and improve security knowledge across the board.


Transform IT With File-sharing Services For the Future

As more and more businesses were forced to move to the cloud with the COVID-19 crisis, content and data have proliferated across devices, users, apps, and locations as a result of the new, mass work-from-anywhere reality. This brought a growing set of challenges to prevent data silos and content sprawl while remaining compliant with data regulations and governance.


VPNs: What Do They Do, and What Don't They Do?

Virtual Private Networks, or VPNs, are not exactly a new technology. When I started my career in IT about 15 years ago, VPN tunnels were the standard way we connected remote offices by extending private networks over the public Internet. Recently, as workforces continue to decentralize due to the rise of Cloud Computing as well as the current pandemic, VPN has become an even hotter topic and is being marketed as a critical security solution.

Creating a Scalable and Repeatable Threat Hunting Program with Carbon Black and Siemplify

According to SANS, 82% of all SOCs are investing in advanced Threat Hunting programs, but that is no simple task. Many organizations struggle with incorporating threat hunting into their security operations efforts due to a lack of expertise. Creating an effective threat hunting program requires a combination of the right tools and the right processes. The combination of flexibility and automation opens up the ability for anyone in the security operations center to perform threat hunting at scale.

Intelligence Driven Threat Hunting with SOAR

Most security teams face the same challenges when it comes to their ability to be proactive: skills shortages, lack of visibility into weaknesses and the incapacity of internal resources to detect and eliminate threats. Cyberint’s new solution uncovers existing compromises, malicious activity, persistence, and residuals from past breaches with an intelligence-driven approach to hunt down threats. When managed threat hunting is combined with the power of security orchestration, automation and response (SOAR), organizations can obtain critical context about attacks in real-time, streamlining the response process. How managed threat hunting helps businesses be proactive about their security. Why it’s critical to onboard managed threat hunting service at a time when global challenges like COVID-19 create business disruption and change organizations’ digital environments for months or years to come The types of threats that can be discovered during a threat hunt – from active attacks to the remnants of past intrusions. How leveraging SOAR technology can help automate hunts and better manage security incidents, from identification to remediation, through custom playbooks. Presented By Adi Perez - VP Technology, CyberInt Nimmy Reichenberg - Cheif Marketing Officer, Siemplify

Lnkr Makes a Comeback - This Ad's For Us

Previously Netskope Threat Labs published a blog post about a Lnkr ad injector campaign launched using Google Chrome extensions. As Figure 1 illustrates, the number of Lnkr infections spiked dramatically in November 2019 and again in the spring of 2020, when Brian Krebs uncovered information about the source of the infected Chrome extensions. .


How to Prevent Industrial Espionage

Every organization needs to keep tabs on other players in the industry in order to stay competitive. It’s common for an organization to analyze a competitor’s website, perform secret shopping trips, and monitor a competitor’s marketing strategies. This type of competitive research is perfectly legal. But if an organization unlawfully obtains another company’s sensitive information, it is considered industrial espionage, which is illegal.


What is Adaptive Threat Protection?

According to McAfee, Adaptive Threat Protection (ATP) is an endpoint security’s optional module that analyzes organizational content and decides action based on file rules, reputation, and reputation thresholds. According to another source, the ATP is a security model that monitors threats, improves cybersecurity risks changes, and evolves to meet the need for security systems that are integrated with IT for continuous deployment, as well as in hybrid environments and the virtual cloud.


Stories from the SOC - Credential Dumping

During the Investigation of a Suspicious Security Critical Event alarm, we discovered credentials had been dumped from the NTDS.dit, which is a database that stores Active Directory data, including password hashes for all users in the domain. By extracting these hashes, it’s possible for an attacker to use tools to gain access to user’s passwords, which allows them to act as any user on the domain, including the administrator.


Cosmic Lynx: The Highly-Professional Cybercrime Gang Scamming Businesses Out of Millions of Dollars

Things just got serious. Business Email Compromise is no longer solely the province of chancers and opportunistic Nigerian actors such as the Yahoo Boys. Organised criminal gangs with a high level of professionalism have seen the opportunity and seized it. Security researchers at Agari have published a report detailing their investigations into a Russian cybercrime gang they say have stolen millions of dollars from companies in 46 countries since mid-2019.


PCI Audit Interview Questions

The Payment Card Industry Data Security Standards (PCI DSS) defines the framework for protecting cardholder data. The framework was developed by the Payment Card Industry Security Standards Council (PCI SSC) and enables organizations to assess how well they are protecting cardholder data, training staff, and conducting PCI DSS audits. PCI compliance and accepting credit cards go hand in hand.


The growing importance of endpoint security monitoring

Indeed, with millions of employees now working from remote locations and new services being rolled out to support them, the traditional security perimeter has vanished before our eyes. This has created a significant challenge for the security teams tasked with defending their organisations against threats – a challenge made even harder when the tactics and techniques of cybercriminals are constantly evolving.


Top 5 security topics to consider when releasing your first mobile app

When you’re running a business, it’s important for you to have a great reach to the people using your services. The internet is the easiest way to reach your customers. When the internet era began, people started using web applications as a way to reach a larger audience. And that worked like a charm! Then with the advent of smartphones, people started using mobile applications in addition to web applications.


Introducing Teleport 4.3 - Modern Replacement for OpenSSH

We’re excited to announce the release of Teleport 4.3 - new UI, API driven, expanded audit capabilities, and still open source. This version is so significant, we nearly called it 5.0! In this post, we’ll cover the major new features and you’ll see why we called it ‘Teleport’.


Types of DDoS attacks explained

Distributed denial of service (DDoS) is a broad class of cyberattack that disrupts online services and resources by overwhelming them with traffic. This renders the targeted online service unusable for the duration of the DDoS attack. The hallmark of DDoS attacks is the distributed nature of the malicious traffic, which typically originates from a botnet—a criminally-controlled network of compromised machines spread around the globe.


Zero Trust security model explained: what is Zero Trust?

This blog was written by a third party author Zero Trust is a cybersecurity model with a tenet that any endpoint connecting to a network should not be trusted by default. With Zero Trust, everything and everyone— including users, devices, endpoints —must be properly verified before access to the network is allowed.


I Have Antivirus; I'm Protected, Right? Mis-steps Customers Make with their Security and Vulnerability Tools

I’ve worked in the IT field for over 30 years. 20 of those years have been spent in the network security field, employed by some of the largest names in the industry. But to my family, I’m still just the guy who “works with computers”. Many of my family are not computer savvy, which is a nice way of saying I had to teach them where the power button is. However, “Power Button Locator” is just one of my jobs. Windows won’t boot up?


7 Best Practices for Banking and Financial Cybersecurity Compliance

Data is money and power. And the more valuable the data, the greater the power it provides. This is why financial institutions such as banks, loan services, investment and credit unions, and brokerage firms have always been targeted by cybercriminals. Unfortunately, the financial sector was the industry that suffered the second most data breaches in 2019, surpassed only by the healthcare industry.


Common security misconfigurations and remediations

A misconfiguration is exactly what it sounds like; something that is wrongly configured. From a security perspective this can be either fairly harmless, or in the worst case devastating. We have written about misconfigurations before, both here and here. Misconfigurations may derive from many different reasons, such as: Hackers often exploit misconfigurations, since this can have a huge security impact.


Scammers take advantage of Clorox buying frenzy

While the world adjusts to COVID-19 and its deadly spread, malicious actors are mobilizing, attempting to capitalize on the collective attention that is currently focused on the virus. We recently analyzed traffic going to websites related to the Coronavirus, such as the online resources operated by the CDC and WHO as well as traffic to malicious websites that are masquerading as legitimate sources of information.


Role of SOAR for Managed Service Security Provider (MSSP)

In the world of digital warfare, internet security has become a daunting task. Cybersecurity threats and attacks; even state-sponsored cyber-attacks are to the fore. Therefore, achieving effective cybersecurity without a few knowledgeable security practitioners and sophisticated toolset is out of the question. We should not depend so much on many security analysts in the age of automation and orchestration.


Teleport 4.3 Product Release Notes: A New UI & Approval Workflow Plugins

This is a major Teleport release with a focus on new features, functionality, and bug fixes. It’s a substantial release and users can review 4.3 closed issues on Github for details of all items. We would love your feedback - please pick a time slot for a remote UX feedback session if you’re interested. Teleport 4.3 includes a completely redesigned Web UI.


Card Not Present Fraud - Protecting your rails to avoid the payment fraud train wreck

When it comes to card-not-present transactions, security is constantly a moving target. Between February and April, the peak period when COVID-19 was spreading across much of the US, cyber-attacks against the financial sector were reported to have risen by 238%. The exponential growth of digital payment transactions, combined with the increasing variety of customer-facing devices and payment applications, has many financial institutions re-evaluating their approaches to cybersecurity.


Building security culture: How organizations can improve cybersecurity

As our personal and business lives move into the digital sphere, implementing robust cybersecurity practices has quickly become a necessity. Much like brushing your teeth twice a day or making sure you get eight hours of sleep each night, it’s important to regularly protect and clean our data. Indeed, with 70% of Americans conducting their banking primarily online, it’s easy to see that a lapse in judgment or ignorance of how to stay safe could have serious consequences for many.


Ransomware Characteristics and Attack Chains - What you Need to Know about Recent Campaigns

Ransomware has been around for decades going back all the way to 1989. Since then it has only magnified in scope and complexity. Now at a time when working remotely is becoming more universal and the world is trying to overcome the Covid-19 pandemic, ransomware has never been more prominent. Ransomware is a type of malware that prevents users from accessing their system or personal files and demands a “ransom payment” in order to regain access.


Top Things that SysAdmins Really Hate

Being a sysadmin basically means being a superhero. Fighting bad guys (aka hackers), helping ordinary people (aka users), saving your home (aka IT environment) from various disasters — it all sounds very heroic, but it’s just an average day in a sysadmin’s life. But superheroes can feel pain as well. Five years ago, we asked brave sysadmins to blow off some steam and complain about their suffering by letting us know what they really hate about their work.


What's new at Bearer.sh: New Dashboard, Log Collections & Built-in Anomalies Detection

Note: We sent this monthly newsletter on July 7th 2020. Subscribe below to get this newsletter in your inbox. Today, we are releasing major updates to Bearer. They include a new dashboard, a rebuilt navigation, and improvements to many of our existing features. Each improvement has been designed based on your feedback and with your developer experience (DX) in mind. Here’s a short overview.


Week Four Featuring Research From Forrester: See Why Secure DevOps is the Future of Speed

In Forrester’s recent “The State Of Application Security, 2020” report, analysts confirm what many security professionals already know from daily experience—the speed of software development is only growing. And as this trend continues, organizations are now recognizing the need to integrate security earlier into their DevOps processes. But there’s a catch.


Enabling a unified security strategy for VMware Workspace ONE customers

With each new technology that’s adopted by the enterprise, the security team needs to figure out how to protect it. Recent waves of digital transformation resulted in even more enterprise assets that needed to be protected and niche security tools that needed to be managed. It is not uncommon for a security operations team to manage a suite of disparate tools that help them to secure different assets within the enterprise.


Improving workflows to speed security implementation

Limited budgets, limited staff, limited time. Any security professional will have dealt with all of these repeatedly while trying to launch new initiatives or when completing day-to-day tasks. They are possibly the most severe and dangerous adversaries that many cybersecurity professionals will face. They affect every organization regardless of industry, size, or location and pose an existential threat to even the most prepared company.


Entry-Level Career Advice for Aspiring Cybersecurity Professionals

If the global cybercrime forecast took the form of a weather report, it might go something like this: The extended outlook calls for continued online lawlessness, scattered malware attacks and an ongoing blizzard of data breaches. After all, with experts predicting that the cybercrime epidemic will cost the world $6 trillion annually by 2021 as the shortage of qualified cybersecurity professionals climbs to 3.5 million unfilled positions, the metaphor of dark skies is hardly an exaggeration.


Using "Update.exe" as a Case Study for Robust OT Cybersecurity

In 2020, car manufacturer Honda fell victim to a ransomware attack. Using a payload called “update.exe,” the attack crippled Honda’s international customer service and Financial Services wing for days. Although it affected two customer facing branches of this global corporation, the ransomware was designed to target and breach Honda’s critical ICS/SCADA environments.


What Is SIEM? What Is SOAR? How Do They Compare? Do You Need Both?

With all the acronyms floating around in cybersecurity, it is easy to get confused by what means what. Security information and event management, or SIEM, is often confused with security orchestration, automation and response, or SOAR, and vice versa. The reason why stretches beyond their similar syntax. Both SIEM and SOAR live in the security operations center and act as the key technologies to helping organizations detect and respond to threats in an organized and timely manner.

Netwrix Auditor for Windows File Servers - Overview

Netwrix Auditor for Windows File Servers maximizes visibility into what's going on across Windows file servers by classifying sensitive data and providing actionable audit data about all changes made to files, folders, shares and permissions; and reporting on both successful and failed access attempts. Today, it’s hard to imagine an enterprise that doesn’t rely on file servers to store its data — including valuable and sensitive data. This makes file servers a key target for all sorts of attackers, including both anonymous hackers and disgruntled employees.

Buffer Overflow Attack Prevention

Buffers are regions of memory storage that temporarily store data while it’s being transferred from one location to another. A buffer overflow, also known as a buffer overrun, takes place when the volume of data is more than the storage capacity of the memory buffer. Resultantly, the program that tries to write the data to the buffer replaces the adjacent memory locations. If a user enters 10 bytes, that is 2 bytes more than the buffer capacity, the buffer overflow occurs.

How To Build An Insider Threat Program

A functional insider threat program is a core part of any modern cybersecurity strategy. Having controls in place to prevent, detect, and remediate insider attacks and inadvertent data leaks is a necessity for any organization that strives to protect its sensitive data. A functional insider threat program is required by lots of regulations worldwide. For example, NISPOM Change 2 makes it obligatory for any subcontractor working with the US Department of Defense to implement an insider threat program. However, designing an insider threat program that is both effective and efficient can be hard.

5 Levels Of User Behavior Monitoring

User behavior monitoring is a new approach to insider threat prevention and detection. A lot of companies include a user and entity behavior analytics (UEBA) solution in their insider threat program. Implementing such a program is obligatory to comply with a lot of industry standards (e.g. NIST, HIPAA, PCI DSS, etc.). However, each company is free to use any insider threat prevention tool that meets their needs.

Design & Implementation of OEM ICS Cybersecurity Frameworks: The Good, The Bad, and The Ugly

The cyber threat landscape today continues to pose a myriad of unique challenges. This is especially the case for industrial organizations due to factors such as aging equipment, poor design or implementation, skills gaps and a lack of visibility. These shortcomings are exacerbated by the mean time to breach detection, which continues to hover above 150 days on average.


Data Security in Cloud Computing: Key Components

Businesses of all sizes are moving to the cloud to take advantage of the greater data availability, significant cost savings and data redundancy that cloud computing provides compared to a traditional data center-based physical infrastructure. Moving to the cloud can also reduce shadow IT and get data stores out from storage closets and underneath desks so they can be governed and protected in compliance with regulations and best practices.


How to secure your remote workforce

Since the outbreak of Covid-19, many organisations have had to make a swift transition to remote working to ensure business continuity. What would typically take months of planning and preparation was implemented in a matter of days. The chaos that this created, combined with the already uncertain nature of life during a pandemic, had created the ideal environment for cybercriminals.


Undetected e.04: TomNomNom - Hacking things back together

We know “go hack yourself,” but what about unhack yourself? According to Laura and Tom (@TomNomNom), it means understanding how something is built and how it works, before you can know if you’ve successfully hacked it apart. There were many valuable soundbites to take from this dynamic conversation between host Laura Kankaala and guest Tom Hudson of Detectify.

Undetected E04, Tom Hudson - Hacking Things Back Together

There are many paths you can take to become a security professional. In this episode, host Laura Kankaala talks with Tom Hudson (aka @TomNomNom) about his learning journey with computers and hacking which began with him taking it all apart. Tom’s tinkering obsession introduced him to the world of hacking and bug bounty competitions. Besides chasing bugs, Tom is also passionate about passing on knowledge through his particular teaching style, and he discusses some of the common struggles of people who are just getting started with security, but also what are the kinds of questions are the good questions to ask along the way.

Role of Identity and Access Management in Cybersecurity

In IT security debates, projects aimed at managing access and identifying users are considered fundamental. However, the processes and technologies for controlling permissions have proved challenging. To solve this dilemma, what is now called Identity Access Management (IAM) was created, which involves the definition and execution of identification processes related to the most critical businesses for a company.


KYC - Untying the gordian knot of identity verification

There is a common thread between academy-award winner, Leonardo Dicaprio and the indispensability of know-your-customer (KYC). For most of you Dicaprio fans out there, you would have guessed it by now, that connection is the blockbuster ‘Catch me if you can(2002)’[1]. Dicaprio portrays a master con artist, who some consider as the best of all-time, Frank Abegnale.


3 Steps to better cybersecurity in touchless business solutions (Part 2 of 3)

This blog was written by an independent guest blogger. Image Source In Part 1 of this series, we covered the first step to better cybersecurity in touchless business solutions, which is to practice extra caution in cashless payment solutions. We continue by discussing the second step to improve cybersecurity for touchless systems, which is to increase protocols for cybersecurity and data privacy.


Vulnerability management explained

Every year, thousands of new vulnerabilities are discovered, requiring organizations to patch operating systems (OS) and applications and reconfigure security settings throughout the entirety of their network environment. To proactively address vulnerabilities before they are utilized for a cyberattack, organizations serious about the security of their environment perform vulnerability management to provide the highest levels of security posture possible.


22,900 MongoDB Databases Held to Ransom by Hacker Threatening to Report Firms for GDPR Violations

Hackers are once again finding unsecured MongoDB databases carelessly left exposed on the internet, wiping their contents, and leaving a ransom note demanding a cryptocurrency payment for the data’s safe return. As ZDNet reports, ransom notes have been left on almost 23,000 MongoDB databases that were let unprotected on the public internet without a password. Unsecured MongoDB databases being attacked by hackers is nothing new, of course.

outpost 24

Fix now: High risk vulnerabilities at large, July 2020

In the world of vulnerabilities, we have seen a few interesting ones released in the last couple of weeks since our last Farsight risk-based vulnerability management blog in June, including some recently discovered by Palo Alto affecting D-Link Routers. Read on for more information on how to prioritize these vulnerabilities for patching to mitigate risk.


When's the Right Time for an Open Source Audit?

How much do you really know about your open source usage? Can you identify what open source components you’re using? How about which licenses are in play and whether you’re compliant? Do you have a good sense of how many open source security vulnerabilities are in your code base and how to remediate them? Chances are, if you’re like most organizations, you can’t answer all of these questions.


Protecting Against Kubernetes Threats: Chapter 2 - Execution

We recently published the first part of our nine-part blog series where we take a deep drive into each of the nine Kubernetes threat vectors across 40 attack techniques and provide actionable advice to mitigate these threats. This post is the second in the series and covers tactic #2: Execution.


Understanding the Purpose of Security Controls and the Need for Compliance

What are the brakes on a car designed to do? I have asked this question many times when speaking to customers or organizations who were dipping their toes into the audit space. Invariably, their answer was, “To stop the car.” At this point, I would then ask, “Then how do you get where you want to go?”


A Checklist for Preparing for Your Organization's Next PCI Audit

Organizations cannot afford to neglect their PCI compliance obligations. According to its website, PCI could punish offending organizations with a monetary penalty ranging in value from $5,000 to $100,000 per month. These fines could spell the end for a small business. Acknowledging those consequences, organizations need to make sure they’re PCI compliant. More than that, they must ensure they’re prepared for when auditors come knocking on their door.


Veteran CISO Tammy Moskites on Budgets, Incident Spikes and the "Best BC/DR Experience of Our Lives" (Video)

Before COVID-19 arrived, Tammy Moksites was a road warrior, hand-shaker and self-professed big hugger. So while she misses how life was before a worldwide pandemic exploded on the scene, the former corporate CISO for Home Depot, Time Warner Cable and Venafi (and now founder of strategic advisory firm CyAlliance) views this period as an opportunity for cybersecurity professionals, albeit one rife with new risks and challenges.


ISO 27001 Requirements Checklist: Steps and Tips for Implementation

ISO 27001 enables organizations of any size to manage the security of assets such as employee information, financial information, intellectual property, employee details, and third-party information. ISO 27001 is primarily known for providing requirements for an information security management system (ISMS) and is part of a much larger set of information security standards. An ISMS is a standards-based approach to managing sensitive information to make sure it stays secure.


Uncovering Bots in eCommerce Part 4: The Impact of Credential Stuffing

Credential stuffing is one of the most common forms of online crime, it is the act of testing stolen passwords and usernames against website login forms, to validate the credentials for malicious reuse. Once a match is found, the attacker can easily commit various types of fraud. When credentials are stolen through a database breach, malware, or other means, they are kept for use in future attacks against many different targets.


Why is Cybersecurity Important?

Cybersecurity is important because cybersecurity risk is increasing. Driven by global connectivity and usage of cloud services, like Amazon Web Services, to store sensitive data and personal information. Widespread poor configuration of cloud services paired with increasingly sophisticated cyber criminals means the risk that your organization suffers from a successful cyber attack or data breach is on the rise.

10 Questions for Assessing Data Security in the Enterprise

It's hard to imagine an organization today that does not rely on file servers, SharePoint or Office 365 for storing data, including valuable and sensitive information such as intellectual property and personal data. This makes these systems particularly attractive targets for all sort of attackers, from external hackers to disgruntled employees. To protect data from both external and internal threats, businesses must regularly conduct thorough data security assessments as part of their broader cyber security assessments.

Compliance Demystified

Compliance regulations are designed to provide a unified set of rules or guidelines to help IT organizations implement policies and measures that deliver the required levels of integrity, security, availability and accountability of data and operations. This white paper provides an overview of various types of IT compliance, explores their basic concepts and commonalities, and offers guidelines for implementation.

How To Protect An Enterprise Database From An Admin

A system administrator is essential for almost any organization. Whether they're an in-house employee or a subcontractor, a system administrator plays a huge role in keeping your business operating continuously and smoothly and keeping it compliant with enterprise data protection requirements. System administrators have full control over the ins and outs of your database and, in many cases, over its underlying physical infrastructure. That's why you need to pay close attention to an admin's actions in order to protect a database. In this article, we discuss best practices and tools to do that.

How Financial Services Security Leaders Can Confidently Face Their Next Audit

Creating an effective in-house security program for mid-market financial services is getting harder every day. Security leaders should evaluate a new, auditable approach by third-party service providers to create and strengthen a modern security capability. Download this whitepaper on how financial services security leaders can confidently face their next audit.

As the Security Talent Shortage Intensifies, How Do You Upskill Your Development Team?

Developers want to create secure code, but lack training, so they must rely on AppSec experts to create secure applications. But the severe cybersecurity talent shortage leads to: As a result, developers are often conducting their own security research, which takes substantial time, increasing software delays and costs. With Veracode, you enable developers to write secure code and decrease flaws, so you can make your developers security self-sufficient.

What Are The Most Secure Programming Languages

Behind every developer is a beloved programming language. In heated debates over which language is the best, the security card will come into play in support of one language or discredit another. We decided to address this debate and put it to the test by researching WhiteSource's comprehensive database. We focused on open source security vulnerabilities in C, Java, JavaScript, Python, Ruby, PHP, and C++, to find out which programming languages are most secure, which vulnerability types (CWEs) are most common in each language, and why.