February 2021

tripwire

Fixing the "Human Error" Problem

Last year, Verizon’s data breaches report showed that “human error” was the only factor with year-over-year increases in reported incidents. The average cost of data breaches from human error stands at $3.33 million, according to IBM’s Cost of a Data Breach Report 2020. Even big companies and government entities have fallen victim to data breaches caused by human error.

nightfall

What is Social Engineering?

The phrase “social engineering” sounds innocuous — but, this approach to hacking threatens organizations of all sizes. Social engineering may be an unfamiliar term, but the attacks that fall under this category are well-known. For instance, phishing attacks and ransomware attacks have seen massive increases in the last year. By some estimates, ransomware is up 700% and phishing campaigns are up over 200%.

upguard

How to prevent supply chain attacks by securing PAM

The SolarWinds supply chain attack against the US Government was the largest and most sophisticated breach in history. A post mortem operation is still underway and with every stage of its progression, cybersecurity experts become increasingly flabbergasted at the INNOVATIVE complexity of the techniques used. But despite nation-state's efforts to conceal their tactics, they left some highly-valuable clues about their methods that could be leveraged to sharpen supply chain attack defenses.

upguard

How to prevent supply chain attacks with an Assume Breach mentality

Supply chain attacks are on the rise, yet few businesses are equipped to face this threat. This could be due to a growing despondency towards cybersecurity in light of the SolarWinds attack. If the nation-state hackers were sophisticated enough to bypass highly-secure Government agency critical infrastructures, how could any organization prevent a supply chain attack? The answer is a change of mindset - don't assume a supply chain attack might occur, assume it will occur.

logsentinel

The SolarWinds Hack: What Went Wrong With Missing Alarms and How To Fix It

A few days ago, on February 23, the US Senate Intelligence Committee held a hearing with executives from SolarWinds, FireEye, CrowdStrike and Microsoft about the SolarWinds hack. It’s worth listening in full, but we want to focus on one particular aspect described by the participants – the malware shutting down endpoint monitoring agents.

Snyk

Java configuration: how to prevent security misconfigurations

Java configuration is everywhere. With all the application frameworks that the Java ecosystem has, proper configuration is something that is overlooked easily. However, thinking about Java configuration can also end up in a security issue if it is done in the wrong way. We call this misconfiguration. Security misconfiguration is part of the infamous OWASP top 10 vulnerability list and has a prominent spot on place 6.

How Shutterstock Implemented DevSecOps from the Ground Up

Learn how Shutterstock’s Director of Product and Application Security, Christian Bobadilla, built security into the development culture of Shutterstock from the ground up. Christian will share his experience working with developers on embedding security throughout the SDLC, reducing vulnerabilities in their cloud native applications, and ultimately embracing a new security culture. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
tripwire

ENISA Releases Guidelines for Cloud Security for Healthcare Services

The healthcare sector is undergoing digitalization and adopts new technologies to improve patient care, offer new services for remote patients and reach operational excellence. The integration of new technologies in the complex healthcare IT infrastructure creates new challenges regarding data protection and cybersecurity.

siemplify

Selecting the Best SOAR Solution Series: Throw the (Play)book at 'Em! (Part 4)

Welcome to Part 4 of our series examining how to select the best security, orchestration, automation and response (SOAR) solution for your business. In Part 1, we defined what SOAR platforms set out to do at their core. In Part 2, we listed the key core competencies that you can expect to find in a SOAR solution. In Part 3, we dove into one of those core competencies: case management. Part 4 will focus on the bread and butter of the SOAR category: playbooks.

netwrix

Information Security Policy: Must-Have Elements and Tips

Organizations often create multiple IT policies for a variety of needs: disaster recovery, data classification, data privacy, risk assessment, risk management and so on. These documents are often interconnected and provide a framework for the company to set values to guide decision-making and responses. Organizations also need an information security policy. This type of policy provides controls and procedures that help ensure that employees will work with IT assets appropriately.

netskope

How to Securely Manage Your Shift to the Cloud

All organizations want to take advantage of the cost savings, operational efficiency, and improved capabilities that a shift to the cloud provides. But having the right protections in place is key to make sure not only your users are protected, but that your sensitive data is also protected. Especially as workforces become increasingly remote, improved functionality and cloud security are both must-haves for any organization.

bulletproof

What matters most: VA scans or pen tests

All sources agree that cyber crime is increasing year on year, putting businesses small and large at increasing risk. Attacks jumped by 31% during the height of the 2020 pandemic alone, and is predicted to cost the global economy over $10 trillion by 2025. In order to stay ahead of the hackers, savvy enterprises are stepping up their security scanning regimes by using vulnerability scanning and penetration tests to uncover security flaws.

cyphere

Penetration testing methodologies, frameworks & tools

There is no doubt how regular penetration tests are an essential part of the vulnerability management process to reduce risks. It is important to ensure penetration tests are efficient and to do so, the use of correct penetration testing methodologies is an essential component. A methodology in this context defines the logic using which various test cases are carried out to assess an asset’s security. Let’s start with the basics first and then move on to the topic.

veracode

Announcing the First-Ever Veracode Hacker Games

“Destroying things is much easier than making them.” This quote from The Hunger Games rings true in software; developers spend months perfecting their innovative applications only to see it all crumble at the nimble fingers of a speedy cyberattacker. So how do you beat them? Improve your secure coding know-how early on and keep it sharp. More than half of organizations in North America provide developers with some level of security training annually, or less often.

WhiteSource

Setting Up an Effective Vulnerability Management Policy

Considering the continuous increase in cybersecurity attacks targeting large organizations over the past few years and regulations like PCI DSS, HIPAA, NIST 800-731 – to name a few – it’s no surprise that enterprise investment in vulnerability management is on the rise. Detecting, prioritizing, and remediating security vulnerabilities in today’s rapidly evolving threat landscape is no small feat.

sqreen

Preventing SQL injections in PHP (and other vulnerabilities)

If you’ve been around web development for a while, you’ve almost certainly heard the term “SQL injection” and some terrifying stories about it. PHP, like many other languages, is not immune to this type of threat, which can be very dangerous indeed. But, luckily, protecting your websites from SQL injection and other similar threats is something you can take tangible steps towards.

devo

When Your Organization Should Adopt Centralized Logging

Most security pros know the value of log data. Organizations collect metrics, logs, and events from some parts of the environment. But there is a big difference between monitoring and a true centralized log management. How can you measure the effectiveness of your current logging solution? Here are four signs that it’s time to centralize log management in your organization: This post is based on content from the new Devo eBook The Shift Is On.

styra

Using OPA with GitOps to speed cloud-native development

Devops teams are flocking to GitOps strategies to accelerate development time frames and eliminate cloud misconfigurations. They should adopt a similar ‘as-code’ approach to policy. One risk in deploying fleets of powerful and flexible clusters on constantly changing infrastructure like Kubernetes is that mistakes happen. Even minute manual errors that slip past review can have substantial impacts on the health and security of your clusters.

SIEM for SMEs: Five Myths Debunked

Many people, when reviewing their security strategy, ask the question "is SIEM suitable for my organization?" And for a long time, the answer was "no unless you are a large multinational". The price, the complexity and the hard-to-get value made SIEM a category suitable only for the big corporations with large security teams and budgets. While these used to be correct, that's no longer the case. And the problems that SIEM solves, related to reducing cyber risk, preventing insider threats, covering compliance requirements- are all problems that SME/mid-market organizations have as well.
alienvault

Quantifying CyberRisk- Solving the riddle

In the late 1990’s and early 2000’s there was a concept that was bandied about that was coined “Return on Security Investment” or ROSI. Borrowing from the common business term Return on Investment (ROI) where a return on a particular investment (capital investment, personnel, training etc.) could be quantified, the cybersecurity industry attempted to quantify a return on security investment.

tripwire

10 Database Security Best Practices You Should Know

According to Risk Based Security’s 2020 Q3 report, around 36 billion records were compromised between January and September 2020. While this result is quite staggering, it also sends a clear message of the need for effective database security measures. Database security measures are a bit different from website security practices. The former involve physical steps, software solutions and even educating your employees.

siemplify

How SOAR Helps Service Providers Meet MSSP Challenges, Featuring Forrester Research [Video]

The modern SOC is a hybrid SOC, featuring a blend of in-house and outsourced professionals. For the latter group, security operations is their business, and MSSPs have discovered that SOAR technology provides a slew of benefits, including process consistency, speed and efficiency for analysts, and client collaboration and transparency.

nightfall

A Guide to VPN Security

Many people are familiar with VPNs in the context of trying to stream TV shows for free. A VPN can make it seem like you’re in a different country by displaying an IP address in Europe or the US, for instance. Appearing to be in New York while traveling in the Netherlands gives you access to sites like Netflix, Hulu, and HBO Max — but the advantages of VPN security go beyond streaming the latest TV shows.

netskope

Cloud and Threat Report: Shadow IT in the Cloud

The number of cloud apps being used in the enterprise increased by 20% in 2020, when the COVID-19 pandemic caused a sudden and dramatic shift to remote work for knowledge workers worldwide. Individuals, teams, and organizations all turned to cloud apps to help address some of the new challenges of remote work. The increase in the number of cloud apps was led by an increase in consumer and collaboration apps, the fasting spreading of which included Discord, Zoom, Lumin PDF, and…Xbox LIVE?

synopsys

Analysis of an attack on automotive keyless entry systems

The convenience of keyless entry systems can come at a price: your security. Learn how key fob hacks happen and why proactive security measures are a vital part of stopping them. With increased connectivity capabilities and larger and more complex software in automotive systems, modern vehicles are becoming more susceptible to cyber security attacks.

zeronorth

Meet Your New CPSO: The Next Generation of Product Security

Over the past ten years, rising security breaches within leading companies have continually reinforced the need for a chief information security officer, or CISO, to protect critical things like IT systems, brand reputation, revenue and even stock prices. As a result, many boards and other invested figures currently demand a higher level of accountability and focus for managing cyber-preparedness, threat prevention and executive reporting, all of which the CISO must provide.

veracode

Dangers of Only Scanning First-Party Code

When it comes to securing your applications, it’s not unusual to only consider the risks from your first-party code. But if you’re solely considering your own code, then your attack surface is likely bigger than you think. Our recent State of Software Security report found that 97 percent of the typical Java application is made up of open source libraries. That means your attack surface is exponentially larger than just the code written in-house.

wandera

Develop your SASE strategy now, and get ahead of the curve

There are more devices, more networks, and more apps, in more places than ever before and many companies have changed their business practices to move outside of the corporate perimeter. This means revising IT policy to accommodate the new dispersed workforce. The most successful IT operations focus on enabling users while they are working remotely. A cloud-first model is needed to support more agile and flexible security strategies.

lookout

Top Three Threats Facing US Government Employees Amid Telework

We’re all familiar with what happened in 2020. Amid the coronavirus pandemic, organizations worldwide were forced to send their workforces home. Along with the private sector, federal, state and local government agencies and departments across the United States implemented telework programs. Now that we’ve been living with telework for a year now, I wanted to understand how it has affected the government sector.

Octiga

Public vs Private Cloud Security: A Simple Explanation

(Guest Post) There is no worse feeling than the heartache you get after recording your child’s milestones, only for the mobile phone to start warning that the internal storage is running low. Or maybe you cannot function without music, and you have been downloading so many songs that both your internal storage and memory card are full. Most people would rush to delete some of the songs, but you should not have to decide between two of your favourite artists because you are not one of them.

Featured Post

Using Technology to Keep Compliance Costs Down

Regulatory compliance is overwhelming for any company without the right tools. Think of multinational financial firms that have to comply with laws in multiple jurisdictions where they operate. Thus, as various governments continue to implement programs to lower regulatory burdens on businesses, company leaders know there's a need to cut down on regulatory compliance costs. Luckily, technology can help cut compliance expenses without cutting regulations-related oversights and protection.
alienvault

Cybersecurity and online gaming: Don't be a victim

Theresa Lanowitz collaborated on this blog. The proliferation of technology and internet connectivity has made it possible for people to seek out most things online, and gaming and gambling are not exceptions. In addition to online video games, social media, music, and video streaming, there are also online casinos and gambling for real money. Well, for gambling in the USA there are state laws to mind, but in some states online gambling is permitted.

SOCstock 2020 | The Grooviest Event for Security Operations Professionals

Enjoy this sizzle reel recapping the inaugural SOCstock. Dubbed “the grooviest event for security operations,” SOCstock is a world-class virtual event featuring renowned and respected infosec speakers providing attendees with the very latest security operations trends, research and best practices. But it isn't just about what was happening on stage. SOCstock also features funky swag, far-out contests, talented entertainers and more (no mud involved).

Incorporating SOAR into Zero Trust and MITRE ATT&CK: A Conversation With Forrester Research

What happens when two revered security frameworks get a dose of SOAR? Forrester's Joseph Blankenship and Dr. Chase Cunningham join Siemplify CMO Nimmy Reichenberg to assess the role that automation & orchestration play in the Zero Trust and MITRE ATT&CK models.
netacea

Bot Protection Beyond CAPTCHA

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is designed to prevent bots or spam attacks from accessing a webpage. Traditionally users were tasked with typing text from a simple image, but over time CAPTCHA has evolved into more complex images and voice recognition in response to the increasing sophistication of attacks.

nightfall

5 Identity and Access Management Best Practices

Stolen credentials are among the biggest threats to data security across industries, accounting for around 90% of data breaches. The identity and access management market — consisting of expertise, identity access management tools, and software, and training — is predicted to grow from about $10 billion in 2019 to over $22 billion by 2024. Here’s what you need to know about this increasingly important aspect of data security.

nightfall

Nightfall simplifies data security & HIPAA compliance for SimpleHealth

SimpleHealth takes their company name to heart. They are a reproductive tele-health company, focused on building thoughtful and impactful services that enable patients to own their reproductive health journey. Today, the core vertical is an online birth control prescription and free home delivery service.

netskope

Cloud Threats Memo: Hard Times for ARM-based Mac M1 Processors

The Cloud Threats Memo is a weekly series from Paolo Passeri, digging into a recent cloud threat and highlighting how Netskope can best help mitigate it. Just a few months after their debut in November 2020, the new ARM-based Mac M1 Processors have already attracted the unwanted attention of cybercriminals with two adware samples, the details of which have been revealed over the past few days.

upguard

How to prevent supply chain attacks with the Zero Trust Architecture

The SolarWinds supply chain attack has rocked the business world, stirring a whirlwind of supply chain security evaluations. The pernicious effects of the SolarWinds cyberattack (which is likely to take months to fully comprehend) reveals an uncomfortable truth causing stakeholders globally to reconsider their business model - vendors introduce a significant security risk to an organization.

Public Documents and Attack Reconnaissance | UpGuard Summit February 2021

The most frequently used types of documents are often the least monitored, and most vulnerable to opening the door to a cyber attack. Join UpGuard's VP of CyberResearch, Greg Pollock, as he discusses these problems and more. Greg gives us insights into UpGuard's recent into public document vulnerabilities.

Panel Discussion on Third Party Risk Management | UpGuard Summit February 2021

Third Party Risk Management (TPRM) is a relatively new area of focus for a lot of companies. As the world becomes more and more connected, all companies, no matter their size or location, have a responsibility to be aware of any risks to their business , including any risks that vendors might bring across as part of that working relationship. Join world leaders in cybersecurity as they discuss the need for implementing strong Third Party Risk Management programs to maintain good security posture.
synopsys

How to cyber security: Containerizing fuzzing targets

Fuzzing can be dangerous. After all, you’re trying to break things. In fuzzing, you deliver deliberately malformed inputs to software to see if the software fails. If it does, you’ve located a vulnerability and can go back to the code and fix it. It’s an excellent, proactive method for software development organizations to fix security weaknesses. And it should be no surprise that fuzzing is also the preferred method for attackers who want to locate zero-day vulnerabilities.

cyphere

How to perform a cyber security risk assessment? Step by step guide.

Taking cyber security risk assessment out of the equation, risk assessments are nothing new to the world. Industries such as nuclear, aerospace, oil, agriculture, military and railroad have long-established processes to deal with risk. Continuous risk assessments are performed by food, medical, hospital sectors to control risks affecting their environments.

cyphere

What is symmetric and asymmetric encryption? Examples & Use cases (including top mistakes)

Encryption is the process of converting plaintext data into an alternative form known as ciphertext. However, only authorised users can decipher the ciphertext back into clear-text to access the information. There are two types of encryption in widespread use, i.e. symmetric and asymmetric encryption. These names symbolise whether the same key can be used for encryption and decryption processes. These two terms: Encryption and cryptography, are often used interchangeably.

veracode

Message Authentication Code (MAC) Using Java

This is the seventh entry in this blog series on using Java Cryptography securely. Starting from the basics we began diving deeper into various basic cryptographic primitives such as Cryptographically Secure Random Number Generator, symmetric & asymmetric encryption/decryption & hashes. After taking a brief interval, we caught-up with cryptographic updates in the latest Java version. Skip to the TL; DR

teleport

XSS Attack Examples and Mitigations

Cross-site scripting (XSS) is an attack that allows JavaScript from one site to run on another. XSS is interesting not due to the technical difficulty of the attack but rather because it exploits some of the core security mechanisms of web browsers and because of its sheer pervasiveness. Understanding XSS and its mitigations provides substantial insight into how the web works and how sites are safely (and unsafely) isolated from each other.

Snyk

Snyk IaC scanning enhancements include Azure and AWS infrastructure as code

Recently I wrote about Infrastructure as Code (IaC) and how Snyk’s IaC scanning can help catch issues in your templates before they make it to provisioning. Our engineering team continues to expand the breadth of our IaC scanning policies to better protect your platforms from vulnerabilities and issues.

ThreatQuotient

How Effective is Threat Hunting for Organizations?

In recent years, threat hunting has become much more widely adopted, but today the definition of threat hunting is still quite a controversial topic. Threat hunting is the art of finding the unknown in your environment, going beyond traditional detection technologies, with active cyber defence activity, proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.

tripwire

4 Key Cybersecurity Trends Confronting Canada's Electric Sector

Digital attackers are increasingly targeting energy organizations including those that support national electric grids. As reported by Morning Consult, security researchers found that utilities worldwide had suffered a recorded 1,780 distributed denial-of-service (DDoS) attacks between June 15 and August 21, 2020. That’s a 595% year-over-year increase.

upguard

10 step guide: How to be GDPR compliant

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world, yet few organizations are completely compliant with its statutes. Complacency is dangerous territory. Non-compliant entities could be fined up to £18 million or 4% of annual global turnover (whichever is greater). This post clearly outlines the standards set by the GDPR and provides a checklist to help organizations remain compliant.

cyberint

3rd Party Security an Achilles Heel

It is common and intuitive to think that a security manager is responsible for the protection of their own team and organization. Spending the company’s resources on the security of another organization may sound unreasonable. However, recent events in the retail industry teach us otherwise. Today more than ever, as 3rd-party risk is gaining speed, executives are exposed to threats from unexpected directions and involving new weak points.

detectify

Detectify security updates for February 22

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

logz.io

Case Study - Electronic Gift Card Fraud Investigation Uncovers Contractual Risks

Having closed brick-and-mortar operations on March 16, 2020 for safety reasons, the nearly overnight shift to a purely e-commerce revenue model brought uncertainty. However, a rapid uptick in online sales provided a sense of relief, albeit short-lived. Our client became concerned when a closer look at the online transactions revealed an unusually large volume of electronic gift card purchases made using their private label credit card.

Snyk

How to choose a Software Composition Analysis (SCA) tool

Whether you’re a developer or a security engineer, Software Composition Analysis—or SCA for short—is a term you will start to hear of more and more. If you haven’t already, that is. The reason for this is simple. Your company is increasingly relying on open source software and containers to develop its applications and by doing so is introducing risk in the form of security vulnerabilities and license violations.

egnyte

Review and Approve Part 11-Compliant Regulated Documents with Egnyte for Life Sciences

Life sciences teams are more decentralized than ever, yet the need for speed persists. Even before the pandemic, the ability to bring together quality, clinical, and regulatory personnel to hit project timelines is what separated successful projects from those that languished. The pandemic added another barrier to an already complex venture.

tripwire

Are Your IT Infrastructures Up to Date with the Cybersecurity Compliance Laws in 2021?

It’s an unfortunate fact that cybersecurity is rarely the foremost of concerns among small- to medium-sized businesses. However, investing in cybersecurity is becoming even more important as these organizations undergo digital transformation. It may seem like there are more important priorities on which a small business could focus, but putting your company and your customers at risk of a cyberattack can have huge consequences.

siemplify

5 Ways a SOAR Solution Improves SOC Analyst Onboarding

The depressingly depleted talent pool in the information security profession is what typically draws most of the attention when personnel and skills challenges are raised, but less talked about is the length of time it takes to backfill a position. Industry group ISACA has found that the average cybersecurity position lies vacant for up to six months, with positions like security analyst one of the most difficult to find suitable candidates for (partially because of issues like burnout).

nightfall

The 2021 Security Playbook for Remote-first Organizations

The sudden shift to remote work in 2020 exposed companies to a variety of new security challenges. Start off 2021 right by reviewing the seven most crucial areas of security for emerging remote-first organizations. Continue reading below or feel free to download a copy of this playbook. We’ll also include our free Post-COVID Security Checklist as a reference you can keep in your back pocket.

netskope

Understanding Cloud as an Attack Vector

In December, Netskope Threat Labs presented our work, “Cloud as an Attack Vector,” at the 23rd International AVAR Cybersecurity Conference. The Association of Antivirus Asia Researchers (AVAR) is a non-profit organization with members from 17 countries and facilitates knowledge sharing, professional development, networking, and partnering for cybersecurity experts and organizations. Ours was one of 27 presentations from 14 different countries featured at the conference.

Extending CyberSecurity Beyond The Office Perimeter

The traditional office has now morphed into a hybrid model where most employees work remotely. The shift to remote work isn't entirely new. Between 2005 and 2018, there was a 173% increase in the US remote workforce. This trend spiked significantly in 2020 when roughly 88% of organizations worldwide encouraged remote work to flatten the COVID-19 spread. Join Dr. How corporate office perimeters continue to evolve in real-time as the world changes Latest threats to organizations in and out of the office in the new year
bulletproof

Brexit Update: What The Trade Deal Means for UK Businesses

As you may be aware, prior to the end of 2020 there was a lot of debate about what would happen to GDPR on 1st January. Given that the trade negotiations went down to the wire, we were all left in the dark until the deal was done on Christmas Eve. But what are the main headlines from this deal and, more importantly, what do they mean for UK businesses?

veracode

AppSec Bites Part 3: Has the New Virtual Reality Created Opportunities for AppSec?

Over the past several months, many organizations have had to shift their operations to a fully digital platform. This sudden shift was more challenging for some industries, like government, than other industries, like technology. And aside from having to adapt to fully remote operations, many organizations were also subject to tighter budgets, forcing them to become more efficient.

Working with Scan Results Using the Veracode Visual Studio Extension

In this video, you will learn how to download, import, and view Veracode scan results using the Veracode Visual Studio Extension. You will also learn how to mitigate findings discovered during the scan in Visual Studio. When the Veracode scan of your application scan has completed successfully, you can download the scan results to your local machine using the Veracode Visual Studio extension or directly from the Veracode Platform. You can also use the Veracode Visual Studio Extension to propose mitigations for flaws discovered in your application during scanning.
wandera

How to secure SaaS applications when everyone is working remotely

By 2021, 73% of organizations will be using all or mostly SaaS solutions. Companies aren’t struggling to adopt SaaS applications, but they are struggling to secure them. In our webinar on ‘How to secure SaaS applications when everyone is working remotely’, VP of Product Strategy at Wandera, Michael Covington, discusses why existing security technologies are not effective in protecting SaaS applications and what companies can do to mitigate risk.

Trade-based Money Laundering and Assets Tracing: Increased Risks and Hurdles Faced by Corporations

Stefano Demichelis, Managing Director in the Business Intelligence and Investigations team at Kroll, a division of Duff & Phelps, recently spoke at a webinar organized by LegalPlus Asia. In this webinar, he shared his views on trade-based money laundering (TBML) and the implications for corporations.

What is Active Directory

The simplest definition of Active Directory is that it is a directory service for Windows operating systems. But what does this actually mean? What is Active Directory used for? How can you manage it? Whether you are a new system administrator who wants to learn Active Directory basics, such as its structure, services, components and essential terminology, or a seasoned administrator looking to find new best practices and improve your skills even further, this eBook has something for you.
tripwire

Industrial Remote Access: Why It's Not Something to Fear

Increased uptime? Check. Better access to outside expertise? Check. Improved first-time-fix rate? Check. These are just some of the benefits of industrial remote access. Yet many customers are reluctant to embrace remote access. Not only that, but incidents such as the breach at the Oldsmar water utility might increase organizations’ reluctance to use remote access.

nightfall

ICYM: 4 SaaS Security Lessons to Keep Top of Mind in 2021

At the end of 2020, we hosted a webinar alongside Sisense’s Chief Security & Trust Officer, Ty Sbano titled Securing Best of Breed SaaS applications in 2021. The discussion focused on reviewing the most important security trends of last year and how that should inform security programs this year. As 2021 continues to progress, these are the 4 trends and lessons we think are worth keeping in mind.

nightfall

CISO Insider S1E6 - CISO Insider Season 1 recap

At Nightfall, we believe in the power of learning from those who have done it before. That’s why we created CISO Insider — a podcast interview series that features CISOs and security executives with a broad set of backgrounds, from hyper-growth startups to established enterprises. Through these interviews, we’ll learn how industry experts overcame obstacles, navigated their infosec careers, and created an impact in their organizations.

forgerock

How Your Organization Can Eliminate Entitlement Creep

Organizations are facing increasing pressure to provide employees and contractors with the right access to the right applications and systems at the right time. But how can they do this with their existing, manually-driven Identity Governance and Administration (IGA) solutions and processes? How can security and IT professionals address the needs of the new remote workforce and its demands for access to new cloud applications and services?

cyphere

Host-based Intrusion Detection System - Overview and HIDS vs NIDS

Although a business appears to make every effort to protect its assets, there is still no security guarantee. Hackers being fully aware of this uncertainty, tend to take complete advantage by tricking users or bypassing restrictions of the technology products in use, allowing them to acquire complete access. Such perils have given rise to the necessity of having a proactive approach towards cyber security to identify, prepare and respond to events.

zeronorth

For DevSecOps to Happen, Everyone Must Be Looking at the Same Data

To achieve DevSecOps, as the term implies, the Development, Security and Operations teams must work together to address the needs of the modern enterprise—secure applications, constantly evolving, delivered at speed. For this to happen, all these teams must be working from the same data set—a single source of truth for all the metrics that relate to application security risk—in order to make informed strategic business and operational decisions.

WhiteSource

The Rise of Software Supply Chain Attacks

Software supply chain attacks are back in the news. Last week, security researcher Alex Birsan executed a novel attack against Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, and Uber by leveraging a design flaw in automated build and installation tools. Along with the recent SolarWinds breach, this most recent attack is renewing attention on software supply chain security.

wandera

Is Multi-Factor Authentication (MFA) enough?

For a long time, we’ve known that single-factor authentication fails to adequately protect applications. The most common way user accounts get compromised is from weak, reused or stolen login credentials, and despite pretty much every security awareness course clearly stating the deficiencies of password reuse, people still do it because it’s the easiest option.

sqreen

Running a coding dojo at Sqreen

At Sqreen, we take training seriously. We’ve always given Sqreeners access to conferences and run community learning events in our Paris office, but, of course, the current health crisis has meant in-person events are no longer possible. To keep up our training standards during these times, and because our ProdEng team is now located in more places, we decided to run our first virtual coding dojo.

idcentral

Digital Identity Verification: Paving the Way to a Secure System

As we look forward to restarting our normal lives in the ‘new-normal’ post the pandemic, we are looking to digital channels and devices to bridge the gap between what was done ‘in-person’ and what we can do safely from home. This is necessary for the financial services industry where consumers and businesses alike must move most of their operations online.

Snyk

10 best practices to build a Java container with Docker

So, you want to build a Java application and run it inside a Docker image? Wouldn’t it be awesome if you knew what best practices to follow when building a Java container with Docker? Let me help you out with this one! In the following cheatsheet, I will provide you with best practices to build a production-grade Java container. In the Java container example, I build using these guidelines, I will focus on creating an optimized secure Java container for your application.

Featured Post

5 Tips for Building a Culture of Security Among Remote Employees

In one of our previous posts, we highlighted the importance that making security a part of your organizational culture played in keeping your remote workforce secure during the COVID-19 pandemic. But what does that entail? In this post, we're going to flesh out key steps that security teams and their leadership should take in order to make a strong culture of security a reality within their organizations.
alienvault

What is an incident response plan? Reviewing common IR templates, methodologies

In today’s threat landscape, it’s no longer if an incident will happen, it’s when. Defending your organization and having a plan for what to do if an incident occurs is more critical than ever. And frankly, the benefits of having an incident response plan are quantifiable. Ponemon’s Cost of a Data Breach Report compared organizations boasting robust security Incident Response (IR) capabilities with those that do not.

tripwire

Coming to Life: A Detailed Tutorial on Building Your First ATT&CK Procedure

The MITRE ATT&CK framework is a universally accepted knowledge-base of tactics, techniques and procedures designed to organize and display how adversaries attack real-world assets. Blue teams use ATT&CK to better understand the multitude of new (and old) attacks and map those to their internal tools and systems.

netwrix

How to Perform a Data Protection Impact Assessment (DPIA)

Conducting a data protection impact assessment (DPIA) or privacy impact assessment (PIA) is a complex and challenging task. Nevertheless, it’s critical to do. Data privacy concerns have become a significant focus across all industries, and for good reason: data is at higher risk than ever before. In its 2020 Q3 Data Breach QuickView Report, Risk Based Security revealed that 36 billion records were exposed during the first three quarters of 2020.

redscan

Emotet is down but its legacy remains: lessons learned

First identified in 2014, Emotet evolved from a niche banking Trojan into what was classified this year by Europol as one of the most prevalent strains of malware in the world. The sheer scale of Emotet’s impact on organisations means that its disruption by authorities in early 2021 ranks as one of the most significant takedowns in cyber security history.

netskope

Modernizing Your Data Protection Strategy

Sharing data is the basis for all business processes and what drives operations and productivity. Today, more than 50% of organizations’ data is in the cloud and the typical enterprise now deploys more than 2,400 cloud applications. Concurrently, data protection remains the nexus between cloud apps, web services, and an increasingly larger number of remote users in support of modern business initiatives.

netskope

Cloud Threats Memo: Surprising Findings from Q4 2020 Phishing Trends Report

The Cloud Threats Memo is a weekly series from Paolo Passeri, digging into a recent cloud threat and highlighting how Netskope can best help mitigate it. The Anti-Phishing Working Group has recently released its Q4 Phishing Trends Report 2020, which analyzes the top phishing attacks and other identity theft techniques, as reported by the members of the group.

ekran

People-centric Security for Remote Workers

In striving to make sure in-office and remote employees’ work is secure, organizations often rely on technology-centric approaches. Although user monitoring tools and other cybersecurity solutions do their jobs, they still can’t affect employee behavior and fully secure remote work. To engage remote employees into cybersecurity, organizations are now shifting to a human-centric approach.

bearer

You Should Be Automating Your Data Flow Map

Mapping and cataloging personal information collected from users is time-consuming. It is error-prone, and relies on hunting down information from multiple departments. For many teams, creating an accurate data flow map will be the hardest part of completing GDPR Article 35's data privacy impact assessment (DPIA) or any privacy impact assessment (PIA). Even for smaller businesses with limited departments and fewer software offerings, determining how data exists and how it moves can be a challenge.

calligo

Calligo acquires US-based Decisive Data to accelerate Data Insights Services

Today, Calligo announces the acquisition of Decisive Data, a pioneer in data analytics, data science and visualization. This is a significant acquisition for Calligo as it not only increases the resources and capabilities of our Data Insights team, but it also creates the most capable, accessible and compliant data insights service for modern businesses.

zeronorth

Why A DevOps Champion Might Look Like a Security Hero

In general, people value results. They value things they can see and use. And they especially value things that make their daily work easier. This is why the DevOps process was created in the first place. DevOps is all about collaboration and getting quality applications out the door quickly; it’s about doing things precisely because they produce certain positive results.

Snyk

Extensibility and the Snyk API: our vision, commitment, and progress

At Snyk, we strongly believe in empowering developers to take ownership of security. Developers are the builders of today and ultimately hold the keys to successfully securing their code. Only a developer-first approach, one that combines developer-friendly tooling together with guidance by security, can help organizations traverse the path to better-secured applications.

How The Dark Web Continues to Threaten Businesses

The Internet is a massive space. Seven days a week, millions of web sites, files, and servers run 24 hours a day. Even so, it is just the tip of the iceberg that we surf and the visible websites that can be accessed using search engines such as Google and Yahoo. The Deep Web, which makes up approximately 90 percent of all websites, is underneath the ground. This hidden network is so massive that it is difficult to figure out at any given time how many pages or sites are currently involved.
netskope

The Root of Your AWS Insecurities

The AWS root account can do anything in your account, and it follows that it should be protected with tight security controls: However, while analyzing root account configuration and use in 915 accounts from 153 production environments over four months, we found that: We will now look at the data in more detail to understand more of the nuances and learnings, including the tradeoffs and the presumed “why’s” behind the problems.

synopsys

Don't let AppSec tool overload slow down your development

Application security testing tools help developers understand security concerns, but having too many tools can do more harm than good. Good tools are essential for building just about anything. But maybe that needs a bit more clarification: Not just good tools. They also have to be the right tools. Because the old cliché, “if all you have is a hammer, everything looks like a nail,” is a warning that using the wrong tool can mess everything up.

calligo

CRN names Calligo in its 2021 'Elite 150' MSPs

Today, CRN published its annual MSP 500 – a ranking of the leading North American IT managed services providers. Calligo was named as one of the Elite 150 – the top subcategory reserved for the largest service providers and those with their own managed cloud services capabilities and services. The MSP 500 aims to recognise innovative and forward-thinking approaches to managed IT services and those MSPs with a focus on delivering powerful business outcomes with their services.

detectify

Vuln of the Month: CVE-2020-10148 SolarWinds Orion Authentication Bypass

Every week, our global community of hand-picked Detectify Crowdsource ethical hackers submit new vulnerabilities that we make available to our users as automated security tests. In the new series Vuln of the Month, we deep-dive into an especially interesting vulnerability that was added to our scanner in the past month. First up: CVE-2020-10148, SolarWinds Orion Authentication Bypass. In January, Detectify added a security test for CVE-2020-10148, SolarWinds Orion Authentication Bypass.

egnyte

Evaluating MySQL Recursive CTE at Scale

Egnyte is a unified platform to securely govern content everywhere. We manage billions of files and petabytes of content. One of the core infrastructure components powering such a scale is called MDB or metadata database. It is a cluster of hundreds of MySQL instances storing billions of metadata records. It stores information about files, versions, folders, custom metadata, and their relationships.

alienvault

CISOs report that ransomware is now the biggest cybersecurity concern in 2021

As the number of remote working arrangements rose substantially in the last year, cybercriminals were quick to take advantage of these new opportunities. Spam and phishing emails increased in number even more rapidly than telecommuting, and company cybersecurity officers found themselves struggling to keep up. Phishing emails often came with a sinister sidekick - a ransomware attack.

tripwire

Cybersecurity Challenges for the European Railways

The European Union Agency for Cybersecurity (ENISA) released in November 2020 its “Cybersecurity in Railways” report to raise awareness about the cybersecurity challenges facing Europe’s railways. The report identifies the current cybersecurity status and challenges as well as proposes cybersecurity measures to combat these challenges and enhance the sector’s security posture.

tripwire

How Joining a Professional Community Can Supercharge Your Career and More

When I was a software developer, I never joined any dev communities. I didn’t see the point. I also worked evenings as a professional musician and mostly spent time within the music community and sports groups I was a part of. I spent time with my dev friends at work; I didn’t understand why I would want to know devs with whom I didn’t work. I was a senior dev.

nightfall

Business Continuity: How to Plan for the Worst

If the last year has taught us anything, “hope for the best and plan for the worst” should be the new mantra of business owners and IT professionals. No one could have predicted the global pandemic that wreaked havoc on industries and businesses around the world; yet, those companies with a business continuity plan were far better off than those without one.

upguard

7 data leak prevention tips for 2021

A news feed isn't complete if it isn't peppered with data breach news. Every day prestigious businesses are falling victim to a pernicious threat expected to cost the world $10.5 trillion annually by 2025. The key to overturning the formidable upward data breach trend is to prevent the events that could potentially develop into data breaches. All data leaks need to be identified and remediated before they are discovered by cybercriminals.

upguard

IIS vs Apache: Which is the Best Web Server?

If you host a website, chances are good that you are running either Apache or Internet Information Services (IIS). Depending on the data source, they are two of the most common web server platforms, comprising a virtual triumvirate with Nginx for control of the market. They each also have their passionate supporters and haters. In fact, IIS vs. Apache flame wars are many times really spillover or proxy tirades of ‘Microsoft vs. Linux’.

cyphere

Role of security in SaaS | SaaS Security Checklist

Software as a Service, also known as SaaS, is a cloud-based service model where a subscriber uses the software via an internet browser. This software could be anything from a simple application such as MS Word to complex business applications such as SAP. All the software tech stack or backend components are located on external servers maintained by the SaaS provider. Before diving into security in SaaS applications, let’s go through basics.

logsentinel

LogSentinel partners with DataAssure to expand its presence in Greater China and Taiwan

15th February 2021 Naarden, The Netherlands – LogSentinel, the innovative next-generation SIEM provider, and DataAssure, a successful value-added provider and integrator of data assurance, data protection, cybersecurity solutions, have announced their partnership to help organizations in Greater China and Taiwan to prevent data breaches and achieve the security posture they need to stay protected in the current challenging work-from-home environment.

logz.io

Cyber Risk in the Boardroom - Addressing the 2021 Threat Landscape

A new year typically brings a renewed sense of optimism; however, 2021 brings with it promises of unparalleled challenges for board members as their role in cyber risk oversight and increasing organizational resilience has never been more important. Over the course of 2020, as organizations shifted already overburdened staff to build capacity to support remote working, threat actors aggressively exploited weaknesses exposed in the transition.

tripwire

Common Criteria Certification: What Is It, and What Does It Mean for Tripwire Enterprise?

The Canadian Centre for Cyber Security performs evaluations on common IT products and releases a report called “Common Criteria Certification.” This process allows for organizations to review an evaluation without needing to set up and configure an IT product that they would like to test. Tripwire Enterprise v8.8.2.2 was recently evaluated and passed the certification.

veriato

Employee Productivity Solution For Remote Workers

Remote work gives employees the opportunity to avoid lengthy commutes and work more flexible schedules. It also allows employers to reduce overhead costs and hire from a larger pool of applicants since employees no longer need to live locally to qualify. But of course, there are some downsides to remote work as well. There are far more distractions at home, so many remote workers find it difficult to stay focused during work hours.

ioncube24

Weekly Cyber Security News 12/02/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Three quite interesting articles this week. The first is unsettling, if it wasn’t for someone spotting it in progress and was able to counteract the activity, who knows what might have happened. The question is then, who did it?

sqreen

Preventing SQL injections in Ruby (and other vulnerabilities)

This post’s topic is very straightforward: SQL injection, Ruby flavored. More specifically, how you can protect your Ruby application against SQL injections—and other common security threats. Ruby is a wonderful language for beginner coders to start with and scale to large, distributed Web and Desktop applications. It has an accepting and helpful community. Also, it strives to keep itself up to date to match the needs of developers.

stackrox

DevOps vs. DevSecOps - Here's How They Fit Together

DevOps, DevSecOps, shift-left, security posture, cloud native, etc. Chances are you’ve heard these terms or similar buzzwords when discussing modern application development life cycles. These new industry words can be beneficial – by providing a framework that explains complex processes – or harmful through misuse or overuse. Whether misuse is intentional or not, a buzzword can convey a context that the user doesn’t truly represent.

alienvault

The Kubernetes API Server: Exploring its security impact and how to lock it down

Organizations are increasingly turning to Kubernetes to manage their containers. As reported by Container Journal, 48% of respondents to a 2020 survey said that their organizations were using the platform. That’s up from 27% two years prior. These organizations could be turning to Kubernetes for the many benefits it affords them.

redscan

Redscan analysis of NIST NVD reveals record number of critical and high severity vulnerabilities in 2020

The report is based on an analysis of more than 18,000 Common Vulnerabilities and Exposures (CVEs) logged to NIST’s National Vulnerability Database in 2020. It reveals that well over half (57%) were rated ‘high’ or ‘critical’ severity – the highest recorded figure for any year to date. Our analysis also looks beyond severity scores, detailing the rise of low complexity vulnerabilities as well as those which require no user interaction to exploit.

netskope

Hairpinning: The Dirty Little Secret of Most Cloud Security Vendors

In more than one conversation with large enterprise clients, we’ve heard the networking and infrastructure leaders responsible for managing the organization’s global WAN jokingly refer to themselves as the “Chief Hairpinning Officer” or CHO. At first blush, this provides a laugh.

WhiteSource

Three Open Source Software Security Myths Dispelled

Used by developers around the world, open source components comprise 60%-80% (and likely more) of the codebase in modern applications. Open source components speed the development of proprietary applications, save money, and help organizations stay on the cutting edge of technology development. Despite the widespread adoption of open source components, myths persist about its usage. The following are the top three concerns associated with open source use.

sqreen

Sqreen's architecture through the ages: part three

Welcome to part three of the Sqreen architecture through the ages series. In case you missed it, here is part one, and here is part two. In this third and final entry to the series, I’m going to discuss how we leveled up the Sqreen backend to handle the growing scale of users and of the Sqreen team, and the journey we took moving from a self-contained product to a proper platform. That will catch you up to the present of where Sqreen is today, from an architecture-perspective.

Octiga

Security Trends for Managed IT Service Providers

The global managed security services market was valued at $19.4 billion in 2017 and is forecast to reach $46.1 billion by 2023 at a CAGR of 14.9%. There has been an upward trend seen in the need for threat-intelligence by several sectors today. Due to an increased requirement to fight against the advanced threat landscape, customers today expect managed IT service providers and MSPs to adopt advanced security technologies to detect better and anticipate potential threats well in time.

alienvault

Budgeting in cybersecurity - Can businesses afford it?

Creating an annual budget is challenging because business owners must consider all expenses in the coming year. Apart from ensuring that everyone is paid, and taxes are taken care of, cybersecurity should be one of the most important factors to consider. Even though there are many methods businesses can use to prevent cybercriminals from stealing information, hackers are always inventing new ways of breaching closed systems.

tripwire

Using Strategic Choices to Ensure Continuous and Effective Cyber Security

Organizations are overwhelmed by the choice of cyber security tools in the market. They need to balance prioritizing and remediating vulnerabilities with managing their secure configurations. What’s more, many organizations are using hybrid clouds where they need to protect assets that are hosted both on premises and in the cloud. This complexity requires a thoughtful approach to cyber security.

siemplify

Stopping Ransomware in Its Tracks With SOAR, Featuring Forrester Research [Video]

Ransomware is unlike most threats security teams face because it is virtually impossible to prevent and uses native processes, built into your trusted operating systems, to rapidly spread. So considering the speed and extent by which ransomware can topple an organization, what is the best approach for addressing this seemingly existential threat? We asked Forrester Research’s Joseph Blankenship and Chase Cunningham to share insights as part of a four-part series with Siemplify.

The Case for SOC Automation: A Conversation With Forrester Research

In the first of a four-part video series hosted by Siemplify, two experts from Forrester Research examine the inherent value of automation for security operations teams, collaboration challenges intensified by remote working and why infosec talent shortage may have more to do with an excess of security tools than a dearth of skilled personnel.
ekran

How to Build an Insider Threat Program [10-step Checklist]

An efficient insider threat program is a core part of any modern cybersecurity strategy. Having controls in place to detect, deter, and respond to insider attacks and inadvertent data leaks is a necessity for any organization that strives to protect its sensitive data. It’s also required by many IT regulations, standards, and laws: NISPOM, NIST SP 800-53, HIPAA, PCI DSS, and others. In this article, we’ll share best practices for developing an insider threat program.

synopsys

Eight must-have features in an IAST solution

Selecting the perfect IAST solution for your organization’s needs can be difficult. Learn about the eight must-have features of any good IAST tool. Interactive application security testing (IAST) has quickly gained momentum in the application security (AppSec) space. According to Gartner, there was a 40% increase in inquiry volume around IAST in 2019. Why is IAST one of the fastest-growing AppSec tools?

detectify

Security Defender Insights: Improving security visibility in the remote-work reality

This edition of Detectify Security Defenders Insights focuses on best practices on how not to lose security visibility in 2021: For many small to mid-sized tech organizations, security visibility is an increasing challenge. 2020 was the true catalyst to their tech transformation from all in-house to suddenly working from home. This meant a pressured effort to make sure security was top-of-mind especially now that everyone was literally out-of-sight.

veracode

75% of Apps in the Healthcare Industry Have a Security Vulnerability

In light of the current pandemic, our healthcare industry has been challenged like never before. Healthcare workers heroically stepped up to the plate, caring for those in need, while the industry itself digitally transformed to keep up with the influx of patient data and virtual wellness appointments.

Cyber Security in 2021: Confident Detection and Response

As the volume and sophistication of cyber threats grow, it’s imperative that companies have the ability to rapidly detect and confidently respond to a variety of threats. Devon Ackerman, Head of Incident Response for Kroll’s Cyber Risk practice in North America shares how security leaders feel their organizations are inadequately resourced to run a mature detection and response program.

Cyber Security in 2021: Beware Increased Assault on Endpoints

The COVID-19 pandemic rushed security teams to find ways to support a largely remote workforce, changing the cyber threat landscape with increased opportunities for criminals to exploit vulnerabilities in the work from home environment. Jason Smolanoff, Global Cyber Risk Practice Leader at Kroll, outlines his one big thing for 2021 when it comes to cyber security: the increased assault on endpoints, which will force information security professionals to gain full visibility into a variety of devices and systems now operating outside of the company network.
devo

5 Best Practices for Security Logging in the Cloud

Logs are critical for detecting and investigating security issues. They also provide essential visibility into business operating environments. Many organizations, when they are small and just starting out, can get away with using a local log server and storage to collect data. Almost all security teams start off with this kind of on-premises logging approach. Most teams use an open-source, homegrown solution for this type of short-term, small-scale log analytics.

styra

OPA + Styra DAS free up time and resources for a CRM solution

Let’s say you were going to plan a security project. (Almost any project, really.) The following might be a pretty solid list of goals to aim for: That’s a pretty solid list - and might even read like “too much to ask for.” Yet, it’s exactly what SugarCRM received after deploying Styra DAS to manage Open Policy Agent (OPA) for Kubernetes guardrails.

egnyte

Top 5 Construction Technology Trends to Watch in 2021

The construction industry is not unfamiliar with disruption. In 2008, the Construction Engineering Index plunged 68 percent. Firms that survived the financial crisis that year faced severe margin pressure – dropping from 5 percent in 2007 to 1 percent by 2010. The industry had to act fast and looked for more innovative ways to cut costs and boost profitability. The industry had to act fast and looked for more innovative ways to cut costs and boost profitability.

alienvault

What is cybersecurity testing? Reviewing testing tools, methodologies for proactive cyber readiness

This article was written by an independent guest author. Your organization may boast all the best cybersecurity hardware, software, services, policies, procedures and even culture. If this is the case, you’re way ahead of the curve. But no matter how confident you are about your overall cybersecurity posture, how can you really know? Knowing is where cybersecurity testing comes in.

alienvault

Zero Trust policies - Not just for humans, but for machines and applications too

Hackers are continually finding more and more pathways into an organization’s internal environment. Not only is access widely available, it can also be alarmingly simple. Rather than having to actively hack systems, hackers often just log in using easily-obtained or compromised user identities and credentials.

forgerock

Jeff Bezos Moves On, But Amazon Prevails as a Revolutionary Catalyst for Change in the Online User Experience

Congratulations to Jeff Bezos and the entire Amazon team on their incredible accomplishment of building the most highly valued company on the planet and revolutionizing the face of retail as we once knew it. I am confident that Jeff will successfully tackle even more interesting challenges and projects during the next phase of his career. His announcement last week prompted me to reflect on Amazon’s pioneering work in the areas of ecommerce, cloud computing, supply chain and logistics.

zeronorth

How Emerging AppSec Solutions Can Actually Boost Your ROI

Historically, investments in application security (AppSec) have been seen as financial black holes, with never-ending cost and complexity. And yet, they are a necessity in today’s software-driven world, where getting high-quality products to market quickly is what counts. Companies looking to retain and build a thriving customer base must produce excellent and secure software, no matter what.

sqreen

Preventing SQL injections in Python (and other vulnerabilities)

Python is a wonderful language, ideal for beginners, and easy to scale up from starter projects to complex applications for data processing and serving dynamic web pages. But as you increase complexity in your applications, it can be easy to inadvertently introduce potential problems and vulnerabilities. In this article, I will highlight the easiest to miss that can cause the biggest problems, how to avoid them and tools and services that help you save time doing so.

sqreen

Top 10 Ruby security best practices

Do you know those things that are simultaneously incredibly important to get right but incredibly easy to get wrong? That makes for an explosive combination. One such thing happens to be one of the hardest areas in software development: security. Security is hard no matter the language or platform. Today, we’re here to talk specifically about security best practices in Ruby.

teleport

SaaS Design Principles with Kubernetes

It seems like nowadays, every company is a SaaS company. We’ve even begun stratifying by what is sold, replacing the “software” in SaaS to whatever the product’s core competency is, search-as-a-service, chat-as-a-service, video-as-a-service. So, when we, at Teleport, set sail for the cloud after years of successfully navigating on-prem software, we came in with a different set of experiences.

styra

Using OPA for multicloud policy and process portability

How Open Policy Agent allows developer teams to write and enforce consistent policy and authorization across multicloud and hybrid cloud environments As multicloud strategies become fully mainstream, companies and dev teams are having to figure out how to create consistent approaches among cloud environments.

Best Practices for Securing Modern Cloud Native Applications with ActiveCampaign CISO

The benefits of cloud native development are undeniable – from rapid deployments to scaling operations. However, modern cloud native applications both solve and introduce new security risks at each layer of the application. Join Chaim Mazal, ActiveCampaign CISO, as he shares his experience in the cloud native space and offers tips for others. Mazal will discuss how he transformed ActiveCampaign’s security approach at each layer of stack – including 3rd dependencies, containerization, and infrastructure as code. Join us to learn the key strategies and unique insight for securing cloud native applications.
CloudCasa

Learn About CloudCasa - Kubernetes and Cloud Native Data Protection for Free

Would your team benefit from a simple and easy to use Kubernetes backup service that does all the hard work for you to backup and protect your multi-cloud, multi-cluster, applications and cloud native databases? A cloud-based service so easy to use that even developers won’t mind managing backups?

Featured Post

Six trends in operations management for 2021

2020 was an extremely challenging year for businesses in every industry and in every country across the world. Even those organisations that were able to find a way to continue to operate successfully through the pandemic found that their ways of working were impacted - often negatively - by Covid-19.
tripwire

Amazon Addresses Best Practice Secrets Management with AWS Secrets Manager

Data breaches are becoming increasingly common, and one factor driving this escalation is the fact that today’s IT systems are integrated and interconnected, requiring login information from multiple parties and services. In response, Amazon Web Services has launched the AWS Secrets Manager, a service designed to help organizations get a handle on these “secrets” by storing and accessing them in a secure way.

forgerock

Accelerate Compliance of NIST SP 800-63-3 with ForgeRock

No matter how much security and interoperability it brings, the thought of ‘compliance’ always brings a resigned sigh. Yet, from the U.S. Federal Government (Fed) to state and local governments and educational institutions (SLED), complying with guidelines and standards is a must not only for security but for interoperability and cost reduction.

calligo

Could your IT managed service provider sign this? Have you even asked?

Our IT managed services team talks to dozens of new businesses every month, and they have noticed a new trend emerging. Over the last six months or so, more and more businesses are – without prompt – enquiring about our ability to keep their data safe. This is subtly and importantly different from our ability to provide managed security services. Or to protect their data from internal and external threats.

calligo

Calligo wins twice at the Digital Jersey Tech Awards

2021 is off to a stellar start for Calligo. At the Digital Jersey Tech Awards 2020 virtual awards evening, Calligo was announced as the Digital Growth Business of the Year for its achievements throughout last year, while Julian Box was named the Digital Leader of the Year. Calligo was named Digital Growth Business of the Year because of its growth in five key areas: UK expansion A fourth acquisition was also completed in 2020, this time in the UK.

detectify

Detectify security updates for February 8

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

sqreen

OWASP Top 10 Cheat Sheet

In recent times, hacks seem to be increasingly prevalent, not to mention severe. What’s more, it doesn’t matter whether you’re a small player or a big name corporation such as LinkedIn or Yahoo! If you develop web-based applications, there’s the strong possibility that your application is vulnerable to attack. Not sure why someone might attack your application?

tripwire

White Hat, Black Hat, and Grey Hat Hackers: What Do They Do, and What Is the Difference Between Them?

Picture this: a young person is in a dark room. The only thing visible is their figure, as it is just barely lit by the blinding LEDs of their computer screen. They type furiously on an ergonomic keyboard as thousands of lines of neon green monospace text fly across the screen. Click-clack-click-clack-click-clack.

cyberint

ValidCC Shuttered - Another one bites the dust

On January 28, 2021 the dark web community was informed that “ValidCC”, one of the leading marketplaces for compromised payment card details, was unexpectedly closing its services for good. This happened less than a month after “Joker’s Stash”, another popular dark web payment card marketplace, announced its retirement.

cyphere

Sensitive Data and Examples | GDPR Personal Data

This is your go-to reference for examples of sensitive data, definition and GDPR personal data including how to identify, classify and protect sensitive data. Highlights It is now easy to access information relating to an individual from the north pole to the south pole with a fast-moving world. You have ever wondered how your personal information is protected or even handled?

netacea

Part One: The Rise of Scalper Bots

Scalper bots are designed to automatically purchase online goods. Generally, they do this by adding a product to a cart and completing the checkout process far faster than any human could hope to do so. They exploit vulnerabilities in websites to purchase goods before they are even listed as available to the usual human users of a website. Those using scalper bots have a huge advantage over non-bot users when it comes to purchasing limited-quantity items.

bulletproof

Biggest Cyber Attacks of 2020 & What We Can Learn From Them

There’s no doubt that the internet has made almost every element of our lives easier. Virtually everything now has an online presence, from multi-national social media goliaths to your local bakery. Though this has its advantages, it also creates risk. Convenience comes at a cost, and all too often consumers and businesses alike don’t pay enough attention to cyber security until it’s too late.

ioncube24

Weekly Cyber Security News 05/02/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Most of us after almost a year of regular lock-downs are experiencing cabin fever. In some cases it erupts in quite interesting ways – such as this one. I very much doubt it is a hacker, most likely an employee trying to release ‘tension’.

veracode

AppSec Bites Part 2: Top 3 Things to Consider When Maturing Your AppSec Programs

When it comes to maturing an AppSec program, there are several best practices that can help you get started. In part two of our AppSec podcast series, Tim Jarrett, Director of Product Management at Veracode, and Kyle Pippin, Director of Product Management at ThreadFix, share the top 3 things they’ve learned from organizations that have successfully matured and scaled their AppSec programs.

logsentinel

The Importance Of Security Logs For GDPR Compliance

GDPR enforcement (and therefore fines) has been on the rise recently. And after the initial “compliance on paper” that many consultants offered, it’s time to address the cybersecurity aspects underlying GDPR. We have previously addressed the logging requirements of GDPR and now we are going to review the “why” in addition to the “what”.

logsentinel

Using SIEM for Regulatory Compliance: Importance, Best Practices, Use Cases

Why is SIEM Important for Regulatory Compliance? A security information and event management (SIEM) system can improve the security of your business’ computer network with real-time automation, monitoring, logging and event alerts. By leveraging SIEM Software, your security team is able to track events concerning your company’s information security, such as potential data breaches, helping you to react in a timely manner.

alienvault

Intrusion Prevention Systems explained: what is an IPS?

The goal of every cybersecurity strategy is to stop cyberthreats before they have a material impact. This has resulted in many organizations seeking to be more proactive in their response to potential threats by employing solutions to detect and prevent specific types of cyberattacks by monitoring for the earliest indicators of attacks found within network traffic.

alienvault

Rooting out the cybersecurity risk in your CI/CD pipeline

When it comes to productivity, agility, and efficiency - continuous integration/continuous delivery (CI/CD) pipelines are great. When it comes to ensuring cybersecurity, they leave a lot to be desired. In fact, and especially given the popularity of CI/CD pipelines now, securing continuous environments might turn into the most important security challenge of the next decade.

nightfall

CISO Insider S1E5 - "There's no one way to be a CISO" with Ross Young

At Nightfall, we believe in the power of learning from those who have done it before. That’s why we created CISO Insider — a podcast interview series that features CISOs and security executives with a broad set of backgrounds, from hyper-growth startups to established enterprises. Through these interviews, we’ll learn how industry experts overcame obstacles, navigated their infosec careers, and created an impact in their organizations.

cyberint

Turla - high sophistication Russian-nexus threat group

Believed active since 2004, if not much earlier, Turla is a high sophistication Russian-nexus threat group with espionage and intelligence gathering motivations targeting organizations worldwide. We have wrote about them in the past here. Known by many security vendor assigned names over the years including Turla Team, Uroburos and Venomous Bear, this bulletin provides an overview of Turla-attributed threats as observed over the past six months.

cygilant

Best-of-Breed Cybersecurity Technologies: What does this really mean?

For security professionals, the term “best-of-breed” is used at length to describe the latest and greatest technologies. Often seen as a buzz word, how do you tell if something is truly best-of-breed? In a haystack of cybersecurity vendors, how do you find the needle? That’s why today I ask: so what? I’ve heard it before, I’ve said it before, so what do we really mean by best-of-breed technologies? Cygilant is a cybersecurity services company.

cygilant

Cyberattacks & Remote Work: Services to Secure Your Endpoints

The requirement to secure endpoints has been increasing for the last few years. When the pandemic hit, those endpoints spiraled beyond many security professionals’ wildest dreams. But as our partner SentinelOne said: “Security fell to the backburner because a.) organizations assumed this would be short-lived, and b.) they figured they could circle back to security once everything was up and running.” So while security fell to the backburner, malicious actors seized the opportunity.

cyphere

What is PCI Compliance? Requirements, Maintenance and Fines

PCI is an information security standard for organisations that handle credit card transactions. It includes any entity that processes, stores or transmits credit card information. This standard is mandated by major credit card companies – Visa, Mastercard, and American Express – and administered by Payment Card Industry Security Standards Council (PCI SSC).

WhiteSource

Gray Box Testing Guide

In order to develop stable and secure applications, you need to inspect and verify that your software performs as expected. The most common approaches to testing software are white box testing, black box testing, and gray box testing. While white box testing and black box testing have their pros and cons, gray box testing combines the two testing approaches in an attempt to overcome their deficits.

sqreen

Preventing SQL injections in Go (and other vulnerabilities)

Go has taken the programming world by storm. When it recently passed its ten-year anniversary, estimates suggested as many as 2 million people use the language. As that number continues to grow, common mistakes have emerged that can lead to bugs and security vulnerabilities. In this article, I will address some of them so you can arm yourself with the knowledge to write more robust, secure Go applications, and avoid SQL injections and other security issues.

How Internal Audit Can Raise the Bar on Fraud Risk Management

In a recent webinar, speakers from Kroll and Institute of Internal Auditors (IIA) Hong Kong discussed the findings from a global IIA/Kroll fraud risk survey. The findings of the research include perceptions of the effectiveness of a fraud risk management program in organizations, including prevention, detection and response; the tools used in the fight against fraud; instances of fraud versus perception; the tone from the top; and resourcing for successful fraud risk management in an organization.
styra

Open Policy Agent Graduating in the CNCF proves need for cloud-native authZ

We’re really excited to announce that Open Policy Agent (OPA) is now a graduated project in the Cloud Native Computing Foundation (CNCF)! OPA joins projects like Kubernetes, Envoy, Prometheus, Fluentd (and ten others) that the CNCF recognizes for achieving broad adoption by the cloud-native community and maturity in its development processes. As the creators of OPA, we couldn’t be prouder!

stackrox

What is KubeLinter?

The KubeLinter is an open-source command-line interface to identify misconfigurations in Kubernetes objects. KubeLinter offers the ability to integrate checks on Kubernetes YAML files and Helm charts before deployment into a Kubernetes cluster. With 19 standard built-in checks and the room to configure your own, you get immediate feedback about misconfigurations and Kubernetes security violations.

Octiga

Top 4 Security Pain Points in Office 365 and their Solutions

According to research by Spanning Cloud, a lack of expertise is one of the most significant issues with the company's Office 365 security and compliance strategy. When referring to Microsoft Office 365 security pain points, it is necessary to understand that the lack of security features in Office 365 is not the issue. The learning curve that follows with these features, is.

CyberSocial IV '21 and Over: A 2020 Threat Intel Recap & Look Ahead

The New Year is here - but what does the future hold for the world of cybersecurity and threat intelligence? Aylea Baldwin, Threat Intelligence Lead, Reddit Jonathan Couch, SVP Strategy, ThreatQuotient Justin Henkel, Director, Cyber Threat Intelligence, CME Group Kurtis Minder, Chief Executive Officer, GroupSense
alienvault

New 5G consumption trends demand a new approach to security

We are in the midst of unprecedented transformation – both business transformation and technical transformation. From a technology perspective, 5G will change where and how we harness compute power and promote unforeseen product and service innovation. Once 5G attains critical mass with a robust ecosystem, it will touch nearly every organization, promising new revenue potential across a myriad of industries.

outpost 24

What our attack surface study says about top retail applications

Retail and ecommerce web applications are big targets for hackers. Attack surface assessment is important to help build a complete risk profile of web applications and combat opportunistic hackers looking for vulnerabilities to exploit. Here’s how the biggest online retailers fare against the most common application attack vectors

reciprocity

ZenGRC Named 2021 Governance, Risk and Compliance Emotional Footprint Award Champion

SAN FRANCISCO – February 4, 2021 – Reciprocity announces today that ZenGRC, the industry-leading information security risk and compliance solution, was named 2021 Governance, Risk and Compliance Emotional Footprint Award Champion by Info-Tech Research Group’s SoftwareReviews. The Champion designation is awarded to the vendors that receive top user scores.

netwrix

Best Server Monitoring Software Tools

If you don’t know the state of your network and server health every second of the day, you’re like a blind pilot inevitably headed for disaster. Fortunately, the market now offers many good tools, both commercial and open source, for network and Windows Server monitoring. We’ve put together a list of best open source, free and paid Windows Server monitoring tools that have proven their value in networks of many sizes.

nightfall

Cloud DLP and Regulatory Compliance: 3 Things You Must Know

It’s well-established that a data breach is an extremely costly event. By some estimates, a data leak can cost a small to medium-sized business more than $7.68 million per incident. Compliance regimes may seem burdensome, but the goal of these policies is to prevent a devastating data breach that can bankrupt a business and cause myriad problems for consumers.

nightfall

Looking ahead to infosec's biggest challenges in 2021

The Nightfall blog is a resource for information security professionals to learn more about the challenges we face in the industry. Every week, Nightfall publishes news and insights from the world of cloud security to help you stay current with the cybersecurity world and better prepare for threats before they become serious problems. In January, we hosted two additional infosec leaders on the CISO Insider podcast: Compass CISO J.J. Agha and LifeOmic Chief Legal Officer Lisa Hawke.

netskope

This is the Year We Strengthen Cybersecurity Through Collaboration

Cybercrime pays no regard to international borders, and effectively fighting cybercrime is a process that has always relied upon countries collaborating and sharing data. As geopolitical manoeuvres have cast uncertainty around some of our established mechanisms for collaboration, many in this sector have felt a degree of trepidation heading into this year.

forgerock

How to Compare Workforce IAM and IGA Providers

Without question, comparing workforce identity and access management (IAM) and identity governance and administration (IGA) providers is a massive undertaking. The stakes are high to meet digital transformation requirements, support and secure a remote workforce, and be prepared for future disruptions. And, sadly, ramifications of a poor IAM and IGA purchase decision live long.

bearer

What the CPRA Means for the CCPA

In the fall of 2020, voters in California approved the California Privacy Rights Act (CPRA). Touted as California Consumer Protection Act (CCPA) 2.0, the CPRA is more an addendum and expansion of CCPA rather than an entirely new law. Think of it as an update that fixes unclear parts of the previous law and adds new systems to better handle the existence of the law itself. As there are a few “breaking changes”, the 2.0 moniker is pretty apt for those in the software world.

synopsys

How to integrate automated AST tools in your CI/CD pipeline

The benefits of application security (AppSec) tool integration in the continuous integration/continuous delivery (CI/CD) pipeline are greater the earlier (the “further left”) you perform them in the process. Development organizations are continuing to shift left to implement security earlier in the CI/CD pipeline. But software security group leaders need to know where AppSec tools should go in the CI/CD workflow, and their purposes in different phases.

logz.io

Case Study - Spearphishing Compromises Fuel Chain Credit Card Transactions, Ends in Ransomware

Credit card attacks typically target point of sale (PoS) terminals at retail locations such as stores, restaurants and hotels. In the early stages of the COVID-19 pandemic, in-person retail activity greatly diminished, forcing criminals to seek other targets and to virtualize their operations.

styra

Styra and Amazic partner to accelerate growth in EMEA

In order to meet the increasing demand for OPA in EMEA, Styra and Amazic have signed a distributor agreement. With Amazic network of partners and resellers, Styra will significantly increase the reach and ability to support OPA users across the region. I’m excited to announce that Styra is now partnering with Amazic in Europe! Amazic empowers the IT individual by providing them with a unique platform of brands to discover, learn, purchase and market the latest IT technologies.

alienvault

Card-Not-Present fraud (CNP): Five things retailers can do to protect themselves from CNP attacks

Cybercriminals have been well ahead of the curve when it comes to cybersecurity in the online retail industry. Specifically, criminals have been exploiting changes in purchasing behavior that favor online transactions and adapting their methods to take advantage of the authentication challenges arising when a card is not present (CNP) at the time of the transaction.

tripwire

REvil, Ryuk and Tycoon Ransomware: How They Work and How to Defend Against Them

It is the Tuesday morning after a long weekend. You come into work early to get caught up on emails only to find you are completely locked out. You have been hit by a ransomware attack. You ask yourself, “What happened? And how do I fix it?” This post will explore three of the most significant ransomware families of 2020: Tycoon, Ryuk and REvil.

siemplify

Introducing the State of Remote Security Operations [Survey Research]

Security operations professionals are constantly being forced to adapt, whether it is to the latest threat evolution, adversary techniques or changing attack surface. Until this year, they had at least one reliable routine: the ability to collaborate in person. Then COVID-19 disrupted the status quo and forced security analysts, engineers and others to remote settings. Teleworking naturally delivered havoc to security operations programs and teams, but to what extent?

armo

Don't get attached to your attachment!

As a product manager, I am always concern about the value my customers will get from the product, and this is my main focus. In order to achieve this, I often meet with customers and talk about pain points, problems,offer a solution, see how the product can help. In the past few years, one of the items that get raised in these discussions is not related to any pain pointor feature requirement, it is the attachment method when dealing with K8s security.

zeronorth

It's Time to Understand Risk in The Software Supply Chain

By now, everyone has heard about the malicious December 2020 attack on SolarWinds’ Orion software platform, which affected the US Treasury, US Department of Commerce and the cybersecurity company FireEye, among others. While the breach itself sounds too massive to believe, we don’t have to look far to find the culprit. All it takes is one small security hole to open up a world of trouble. The question is, when will we learn our lesson?

veracode

Embracing the Digital Shift: Implementing DevSecOps in the Cloud with AWS

To keep up with increasing time and productivity demands in software development, it’s important that organizations are staying on top of their digital shifts through rapid technology adoption and the prevention of common snags in application security (AppSec).

appknox

How Healthcare Can Combat Cybercrimes? | Appknox

One of the most crucial things for the healthcare sector during the ongoing global pandemic, amidst many other competing priorities, is keeping a check on its cybersecurity measures. During the first half of 2020, HHS or the Department of Health and Human Services recorded a 50% increase in cybersecurity breaches in the field of healthcare itself.

logsentinel

Using SIEM for Simplifying PSD2 Compliance

In today’s dynamic world, the fifth generation of global wireless technology (or as we know it, 5G) is driving innovation in the financial sector, and the global pandemic is changing everyone’s lifestyle and payment habits, online payments become more and more important. Against this backdrop, the most dominant tendencies are mobile and online banking, as well as investment banking.

sqreen

What it takes to build great product documentation

Though it is rarely the shiniest, most exciting, or most innovative part of a software product, documentation most definitely has an impact. You can be sure that a poorly documented product (I’m sure anyone reading this can think of at least a few examples) makes a distinct impression on users as they flail about in a frustratingly shallow, contradictory, incomplete mess of tautologies.

Snyk

The State of Cloud Native Application Security survey-2021

Cloud native application security—or CNAS for short— is our passion here at Snyk. CNAS focuses on the security of your code, open source dependencies, container and infrastructure as code. Snyk is expanding on our annual State of Open Source Security report, by adding a new report in which we take a holistic view of the overall application developers work with on a day to day basis.

CloudCasa

CloudCasa Security Overview

As a developer of copy data management and data protection products for 20+ years, Catalogic Software has considerable experience in securing and protecting our customers’ data. For our new CloudCasa backup service for Kubernetes and cloud native databases, security is built into every step of the service using a modern DevSecOps approach. In addition, we are adding new capabilities to meet specific enterprise security and data custodian and governance requirements.

alienvault

Protection for your e-commerce needs

One of the biggest barriers to successful e-commerce business is protecting user data. If online shoppers don’t feel their information is safe, they won’t make a purchase. Luckily, there are actions you can take to secure your own e-commerce experience, whether you’re running a digital business or shopping with one. These protections make e-commerce safer at a time when it’s desperately needed.

siemplify

How SOAR Fits Into the Zero Trust and MITRE ATT&CK Frameworks, Featuring Forrester Research [Video]

Security operations teams that continue to rely on manual processes are squarely sitting behind the proverbial eight ball. The times are a-changing – only hurried along by the COVID-19 pandemic – and Forrester’s Joseph Blankenship and Chase Cunningham are here to share their perspective on the future of the SOC as part of a four-part series with Siemplify.

nightfall

How to Create a Cloud Security Framework

Protecting your valuable information is a multifaceted process that requires a layering of tools, policies, and approaches to ensure proper data loss prevention. In addition to having a range of network, endpoint and cloud DLP tools in place, businesses need a strong foundation of policies, guiding principles, and rules underpinning the approach to data security. A cloud security framework is part of this holistic approach to protecting your information in the cloud.

forgerock

The UK's Department for Work and Pensions (DWP) Tackles Fraud and Improves Service to Citizens with ForgeRock

The Department for Work and Pensions (DWP) is the United Kingdom’s largest government department. The organization is implementing an identity-based digital transformation in order to reduce fraud, keep costs down and help citizens more easily and securely access benefits. I had the pleasure of speaking with James Randall, the Lead Identity and Trust Architect for DWP, who gave us a peek into the department’s strategy and execution. Q.

wandera

How to protect remote workers from the surge in malware

The Great Pivot forced every business to adapt its operational model to enable mass remote access. In the first instance, priorities were geared towards business continuity, getting employees set up, and able to access the needed services. In the rush to do so, this will have led to improvisations and best practices being neglected, particularly security configurations. Some may have retraced their steps and revisited configurations to tighten up, but many won’t have.

ThreatQuotient's Anthony Stitt with Ticker News

[January 28, 2021] Check out ThreatQuotient's Anthony Stitt with online news channel Ticker TV. This interview explored the vital role employees play and how organisations can empower their employees in identifying and reporting cyber threats while also exploring the value of gathering internal threat intelligence within an organisation.