March 2021

tripwire

Role of Encryption in GDPR Compliance

Encryption has been a hot topic of discussion during the implementation phase of most data privacy laws. In the age where organizations are dealing with large volumes of data each day, the protection of this sensitive data is critical. The data, which is seen as a business-critical asset for organizations, should be protected against malicious hackers looking for opportunities to steal the data.

netacea

5 Online Shopping Security Tips to Protect Your Data

Protecting yourself when paying online is very important. It’s a scary thought, but fraudsters have lots of ways to sneak in and steal credentials, bypass security and make victims of online shoppers. As we have discussed previously on this blog, criminals don’t just rely on traditional “hacks” to exploit technology. Increasingly, bad actors are using sophisticated bots to exploit business logic in order to breach security and carry out attacks.

redscan

Redscan research suggests cyber security improvements in the NHS despite COVID pressures

The scale of the challenge facing the healthcare sector, even before COVID-19, was significant. In 2020, it became even more pressing with constant reports of critical infrastructure being targeted by cybercriminals. To understand the unique challenges within the NHS, we submitted a Freedom of Information (FOI) request to every trust in the UK.* The results, when compared with those in relation to a previous request in 2018, suggest improvements in cyber security across the NHS. Key Findings

nightfall

How To Conduct A Website Security Check

By one estimate, more than 30,000 websites get hacked every day. Viruses, malware, spam, and DDoS attacks constantly threaten your organization’s valuable information. Customers trust you to maintain website security; so how can you make sure your site is as secure as possible? Follow this website security checklist to make sure you have all your bases covered when it comes to securing your business site.

netskope

Defining Zero Trust Data Protection

The biggest fundamental shift in the era of digital transformation is that data is no longer on a CPU that the enterprise owns. Security teams focused on cloud must invest in the right technology to achieve more complete data protection, and we all need to ensure Zero Trust principles are applied everywhere data needs protection. At Netskope, we describe this as Zero Trust Data Protection. In its simplest form, Zero Trust means: Don’t trust the things you do not need to trust.

forgerock

Six Essential "Must Haves" for Your IoT Deployment

Too many vendor-based IoT blogs and articles go like this: These basic tenets are obvious and generally well understood by anybody in the orbit of IT. Missing here, however, is what are the essential elements that are needed to get your Internet of Things (IoT) project off the ground. What should you be looking for or careful not to miss?

synopsys

Medical device security in a pandemic world

The pandemic has put a lot of things on hold over the last year, but medical device security shouldn’t be one of them. The millions of medical devices that help keep people healthy—and in many cases keep them alive—have drawn mixed reviews from security experts since the internet happened. Even more so in the past year since the pandemic happened. There is just about unanimous agreement that the benefits of those devices outweigh the risks.

Create Users Within Veracode Security Labs or by Using Your Company SSO

In this video, you will learn how to create Security Labs users from within the Security Labs interface. Veracode Security Labs provides interactive training labs that give developers practical security knowledge. Security Labs teaches security and application security (AppSec) skills through hands-on experience. The lab-based approach to developer enablement can improve the time it takes to resolve findings and help developers avoid introducing flaws into the code.
logsign

How Does Insider Threat Detection Work & Why is it Crucial?

Attaining a strong cyber security posture is a multi-layered process and includes various essential components. Among those, insider threat detection holds unignorable importance. Therefore, it is crucial to obtain a deeper understanding of what insider threat detection is. Basically, an insider threat is a security risk that’s originated within the boundaries of the organization itself. Unlike outside attacks, insider threats are mainly caused by employees.

Episode 12 | Employee Training in a Virtual Environment

The pandemic has resulted in changing infrastructure for providing training to employees in this work from home limitation of large gatherings environment. This episode will feature a special guest to discuss how we partner to bring the highest level of security training to our clients – in a high-tech manner that we believe is best in class and exceedingly useful in today's environment.
Snyk

Application security automation for GitHub repositories with Snyk

Snyk provides a wide array of integrations and a pretty comprehensive API to enable you to deploy Snyk across the SDLC and monitor all the code your organization is developing. Of course – this is not always simple. At scale, ensuring Snyk is monitoring all your repositories becomes more challenging. As you grow, more code is added in the shape of new repositories. Not only that, existing repositories keep on changing.

alienvault

What educational institutions need to do to protect themselves from cyber threats

Educational institutions are reaping the many benefits and new possibilities offered by online learning, but these new methods of educational instruction come with serious cyber security concerns. These institutions are also a prime focus for hackers because they often host a lot of sensitive data about teachers and students. Furthermore, schools and universities are an easy target because not every teacher or professor is technologically savvy.

tripwire

Survey: 99% of Security Pros Struggling to Secure Their IoT & IIoT Devices

Organizations are increasingly introducing new Internet of Things (IoT) devices into their environments. According to Statista, the aggregate number of IoT devices deployed by organizations globally increased from 7.74 billion in 2019 to around 8.74 billion a year later. The market and consumer data firm reported that the next few years will see growth in all types of IoT devices, including Industrial Internet of Things (IIoT) offerings like smart monitors.

outpost 24

SAST, DAST, SCA: What's best for application security testing?

With a 43% rise in data breaches tied to web application vulnerabilities according to Verizon, enterprise security teams are looking more closely at how security controls can be integrated to DevOps without impacting productivity. But with so many automated security testing tools (SAST, DAST, SCA) on the market, it’s important to understand the difference and when to use them to ensure robust Application Security.

reciprocity

What is a Compliance Risk Assessment?

As global regulations for data privacy and cybersecurity continue to proliferate, the pressure for organizations to manage compliance risk grows. To meet the demand for greater compliance risk management and value for corporate stakeholders, compliance professionals must be sure they have a thorough understanding of their compliance obligations and potential vulnerabilities.

How SOAR Helps Service Providers Meet MSSP Challenges: A Conversation With Forrester Research

Joseph Blankenship and Chase Cunningham of Forrester Research joined Siemplify for a four-part video series. In the fourth and final part, the pair discusses the role of SOAR for service providers, how they can evaluate their own success, and what selection criteria should look like for end-users shopping for an MSSP – especially in the era of more demanding customers and the death of the “black-box” MSSP model.
netskope

Preventing Recent Microsoft Exchange Vulnerabilities and Similar Attacks Using Netskope Private Access

On March 2, Microsoft released patches to address four zero-day vulnerabilities in Microsoft Exchange Server software. Those vulnerabilities, known collectively as ProxyLogon, affect on-premises Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. (Exchange Online, which is part of Microsoft 365, has not been affected.)

synopsys

Synopsys CyRC named a CVE Numbering Authority

As a CVE Numbering Authority, Synopsys can assign CVE ID numbers and publish newly discovered vulnerabilities. The Synopsys Software Integrity Group has been helping organizations find and fix vulnerabilities in their software for nearly a decade. And now it will be able to help them and the broader software industry even more.

cyphere

Most common types of cyber security attacks (includes threats & attack vectors)

The cyber threat landscape evolves every day following the most basic to more advanced types of cyber attacks that makes daily headlines. It is due to data breaches, causing reputational, financial losses and regulatory penalties. Our aim with this article is to update the reader on various types and categories of cyber attacks that help them make informed decisions about their business to identify what is important and how it should be protected.

veracode

Manufacturing Has the Lowest Percentage of High-Severity Flaws but Needs to Improve Time to Remediation

The past 12 months have been especially challenging for the manufacturing industry. The pandemic affected in-person manufacturing jobs as well as supply and demand, causing many manufacturing companies to shut their doors or lay off valuable employees. Recognizing the vulnerable state of manufacturing companies, cybercriminals saw manufacturing as an easy target. In fact, the manufacturing industry saw an 11 percent increase in cyberattacks in 2020.

Appknox 7th Year Anniversary!

This week #knoxtars celebrate our seventh year in business. During this time we have continually secured businesses across multiple industries to build a safer mobile ecosystem We wish to thank every single team member past and current, clients and partners who we have worked with us over the years. We take great pride in our work and look forward to helping your business grow & add more feathers to our cap.
logsign

How to Overcome the Challenges of Securing a Fully Remote Workforce

One of the most significant changes to come out of the COVID-19 pandemic is the shift to remote work. By late 2020, 58% of U.S. employees worked at home at least some of the time, and this trend will likely continue. While a remote workforce can bring several productivity and morale benefits, it also creates some security challenges such as cyber threats. Most companies’ cyber defenses are designed to handle a single, centralized network in one location with standardized devices.

devo

Using Devo to Stop Black Kingdom ProxyLogon Exploit

Black Kingdom is targeting Exchange servers that remain unpatched against the ProxyLogon vulnerabilities disclosed by Microsoft earlier this month. It strikes the on-premises versions of Microsoft Exchange Server, abusing the remote code execution (RCE) vulnerability also known as ProxyLogon (CVE-2021-27065[2]).

Snyk

Preventing YAML parsing vulnerabilities with snakeyaml in Java

YAML is a human-readable language to serialize data that’s commonly used for config files. The word YAML is an acronym for “YAML ain’t a markup language” and was first released in 2001. You can compare YAML to JSON or XML as all of them are text-based structured formats. While similar to those languages, YAML is designed to be more readable than JSON and less verbose than XML.

Snyk

Secure coding with Snyk Code: Ignore functionality with a twist

When scanning your code with our secure coding tool, Snyk Code might find all kinds of security vulnerabilities. And while Snyk Code is fast, accurate, and rich in content, sometimes there is the need to suppress specific warnings. Typical example use cases arise in test code when you explicitly use hard coded passwords to test your routines, or you know about an issue but decide not to fix it.

alienvault

Adaptive cybersecurity: 3 strategies that are needed in an evolving security landscape

Cybersecurity is no longer an outlandish concept to many business enterprise executives. What is still relatively unfamiliar to many organizations and their leadership, however, is the task of evaluating their cyber strategy and risk to determine how best to adapt and grow to stay secure while remaining competitive. Executives must initiate thorough evaluations of their existing cybersecurity strategies to figure out which types of new technologies and risk management strategies they need the most.

veracode

Veracode Hacker Games: The Results Are In!

The first ever Veracode Hacker Games competition has come to a close, but were the flaws in favor of our brave competitors? Read on to find out. Over the course of the two-week challenge, students from several universities in the U.S. and the U.K. came together to explore vulnerabilities and threats that they’ll one day face on the job.

Shape of the New | Global Art Market Webinar Series - Part 2: Regulation and Risk

Our two-part roundtable webinar series on the future of the global art market, features guests from Hauser & Wirth, HMRC, Demif Gallery and The Society of London Art Dealers. Presented by Gareth Fletcher of Sotheby’s Institute of Art, the series explores change and transformation in the art market, from new technologies, ways of viewing and buying art, and market supervision, to digital art crime, the rise of African artists, and the illicit trade in art and antiquities.
inetco

Fighting Digital Payment Fraudsters in Real-time: A Winning Framework (Part 2)

A customer walks into a bank, asks a question at the information desk, and then leaves. Later that day an operations manager notices an unmarked USB device left on the counter. He doesn’t remember who might have left it, so he plugs it into his computer to see if he can potentially spot the owner. As the USB loads, the malware shuts down the entire system, while the hackers get the bank’s customers’ account details.

tripwire

NIST SP 800-172 (Formerly SP 800-171B) Release Couldn't Come at a Better Time

NIST’s timely new release of Special Publication (SP) 800-172 (formerly referred to in draft form as 800-171B) provides exactly what its title says, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171. Yet it goes a step further to protect controlled unclassified information (CUI) specifically from APTs.

cyberint

Black Kingdom Ransomware

Hot on the heels of 'Dearcry'[1], yet another ransomware threat has been observed as targeting Microsoft Exchange servers vulnerable to recently reported critical vulnerabilities[2]. Dubbed 'Black KingDom', this ransomware threat has reportedly been deployed through a web-shell that is installed on vulnerable Microsoft Exchange servers following the exploitation of the vulnerability chain that results in both remote code execution (RCE) and elevated privileges.

alienvault

SD-WAN vs. MPLS: how do they compare from a security perspective?

SD-WAN and MPLS are two technologies that are often perceived as either-or solutions. For many organizations, however, SD-WAN and MPLS can complement each other. This article will define and compare the technologies, explaining how, in many cases, they work together. We’ll also explore SD-WAN’s popularity and its role in enabling modern security architectures like SASE.

upguard

How to choose a Digital Risk Protection Service (DPRS)

Digital risks are an inevitable by-product of an expanding ecosystem, and an expanding ecosystem is essential to societies' progression into the fourth industrial revolution. This unsettling conundrum has given rise to a novel field of cybersecurity known as Digital RIsk Protection (DRP). But like all novel solutions, it can be difficult to identify the capable minority from the majority still finding their feet.

upguard

What is Digital Risk?

Digital risk refers to all unexpected consequences that result from digital transformation and disrupt the achievement of business objectives. When a business scales, its attack surface expands, increasing its exposure to outside threats. This makes digital risk an unavoidable by-product of digital transformation. Fortunately, digital risk protection strategies have been developed to mitigate digital risk so that organizations can continue confidently scaling their operations.

upguard

What is Digital Risk Protection (DRP)? You could be exposed.

Digital risk protection (DRP) is the practice of protecting organizations from cyber threats during digital transformation. Rather than reacting to cyber threats after they're discovered, cybersecurity strategies must shift to a proactive approach to protection. This is the key to supporting ecosystem expansion while mitigating risk.

synopsys

How to cyber security: Minimize risk and testing time with Intelligent Orchestration

Integrating AST tools into your CI/CD pipeline shouldn’t compromise your development velocity. Learn how Intelligent Orchestration can help. Sometimes it feels like software development is at the crux of the collision between an unstoppable force and an immovable object. The answer to putting security in every phase of development is partly process and partly automating and integrating security testing into the build and test phases of development.

cyphere

What is an SMB Port? How to check for open ports 445 and 139? SMB versions explained.

SMB stands for Server Message Block, once known as Common Internet File System, is a communication protocol for providing shared access between systems on a network. At a high level, it is a set of rules adopted to share files, printers in a network. SMB is a file sharing protocol that involves computers communicating with each other in a local network. This local network could be a small business within the same office or a multi-national company with offices around the globe connected to each other.

Snyk

SQL injection cheat sheet: 8 best practices to prevent SQL injection attacks

SQL injection is one of the most dangerous vulnerabilities for online applications. It occurs when a user adds untrusted data to a database query. For instance, when filling in a web form. If SQL injection is possible, smart attackers can create user input to steal valuable data, bypass authentication, or corrupt the records in your database. There are different types of SQL injection attacks, but in general, they all have a similar cause.

Are we forever doomed to software supply chain security?

The adoption of open-source software continues to grow and creates significant security concerns for everything from software supply chain attacks in language ecosystem registries to cloud-native application security concerns. In this session, we will explore how developers are targeted as a vehicle for malware distribution, how immensely we depend on open-source maintainers to release timely security fixes, and how the race to the cloud creates new security concerns for developers to cope with, as computing resources turn into infrastructure as code.
alienvault

Cybersecurity strategy.... To Plan or not to plan...That is the question

What is a strategy? As defined by Merriam Webster…. ‘a carefully developed plan or method for achieving a goal or the skill in developing and undertaking such a plan or method.’ A cybersecurity strategy is extremely important, but many organizations lack a strategy, or they have not kept their strategy and subsequent roadmap current. A strategy is especially important in this day of digital transformation and for key initiatives like Zero Trust.

tripwire

Average ransomware payouts shoot up 171% to over $300,000

Organisations hit by ransomware attacks are finding themselves paying out more than ever before, according to a new report from Palo Alto Networks. The Unit 42 threat intelligence team at Palo Alto Networks teamed up with the incident response team at Crypsis to produce their latest threat report which looks at the latest trends in ransomware, and compares payment trends to previous years.

reciprocity

Reciprocity Named Leader on G2 Spring 2021 Grid Report for Sixth Consecutive Quarter

ZenGRC Designated ‘Leader’ and ‘Users Love Us’ Among GRC Platforms SAN FRANCISCO – March 25, 2021 – Reciprocity, a leader in information security risk and compliance with its ZenGRC solution, today announced ZenGRC™ earned two badges on the G2 Spring 2021 Grid Report. This marks the 16th consecutive quarter ZenGRC has been recognized by G2 in its quarterly report.

netwrix

What Is the NIST Cybersecurity Framework?

With cyber threats rapidly evolving and data volumes expanding exponentially, many organizations are struggling to ensure proper security. Implementing a solid cybersecurity framework (CSF) can help you protect your business. One of the best frameworks comes from the National Institute of Standards and Technology. This guide provides an overview of the NIST CSF, including its principles, benefits and key components.

forgerock

Hybrid IAM: The Next Phase of Digital Identity

Today we published a new study* conducted by Forrester Consulting on behalf of ForgeRock and our friends at Google Cloud on the state of identity and access management (IAM) in the cloud. It’s a terrific read, and I encourage you to check it out. We introduce an emerging concept called “Hybrid IAM,” which we think is the next phase of digital identity.

bearer

What you need to know about DPIAs

Data protection impact assessments (DPIA), sometimes referred to as a Privacy Impact Assessment (PIA), are a tool used to describe how you intend to process and protect the personal information(PI, PII, etc) of individuals. Many forms of regulation including the GDPR and some compliance standards will require a DPIA depending on the risk levels associated with the data you are processing.

teleport

SSRF Attack Examples and Mitigations

Server-Side Request Forgery (SSRF) is an attack that can be used to make your application issue arbitrary HTTP requests. SSRF is used by attackers to proxy requests from services exposed on the internet to un-exposed internal endpoints. SSRF is a hacker reverse proxy. These arbitrary requests often target internal network endpoints to perform anything from reconnaissance to complete account takeover.

styra

Styra DAS Free Expands to Include Custom Systems

As part of Styra’s vision for unified authorization, we founded the Open Policy Agent project (OPA) to make policy-based control of the cloud-native stack accessible to everyone. OPA has now grown to become the de facto standard for authorization across the stack, leading to a large part of the community looking for ways to manage the OPA policy-as-code lifecycle.

Snyk

Developer Driven Workflows - Dockerfile & image scanning, prioritization, and remediation

When deploying applications in containers, developers are now having to take on responsibilities related to operating system level security concerns. Often, these are unfamiliar topics that, in many cases, had previously been handled by operations and security teams. While this new domain can seem daunting there are various tools and practices that you can incorporate into your workflow to make sure you’re catching and fixing any issues before they get into production.

How To: Build and Maintain a DevSecOps Culture

DevSecOps is the process of integrating secure development best practices and methodologies into development and deployment processes. Reliant on the fast development and delivery of agile software, businesses cannot afford to miss a step when it comes to keeping pace with the competition. However, when the next security breach is a matter of ‘when’ not ‘if,’ organizations are also ill-fated if they fail to ensure that their DevOps processes are just as secure as they are speedy.
alienvault

Stories from the SOC - Propagating malware

While freeware does not have monetary cost, it may come at a price. There may be limitations to freeware such as infrequent updates, limited support and hidden malicious software. Some freeware programs may have added software packages that can include malicious software such as trojans, spyware, or adware. It’s important to have additional layers of defense to provide that your environment is protected.

tripwire

How Tripwire Does Configuration Management Differently

So many times, we hear companies say, “Our tools are just like Tripwire’s,” “We do configuration management just like Tripwire” and “We can push out policy just like Tripwire.” But as we say, this just ain’t necessarily so. You might be able to do configuration management using a “Tripwire-like” tool. You might configure it and use it set up a policy or a configuration of a system.

netskope

Cloud Threats Memo: Keeping Sensitive Data Safe From Personal Instances

Cloud-native threats have multiple implications. We are used to seeing legitimate cloud applications exploited within sophisticated kill chains, and we forget the basics: such as the risks posed by Shadow IT, like when personal email accounts are used to improperly handle corporate data. This is a very real risk right now, when users are working almost completely from home and the line between the professional and personal use of work devices is blurred.

upguard

Overview: CyberResearch by UpGuard

UpGuard has launched an exciting new product called CyberResearch. This post summarizes the solution and its key features. CyberResearch is a suite of fully managed services, encompassing third-party risk and data leak detection. This world-first innovation is designed to further reduce the risk of data breaches while making it easier than ever before to scale your cybersecurity efforts.

cyberint

XR Money Rebellion Planning Movement Vs Banks, Financial Institutions

Extinction Rebellion (XR) is a London-based environmental group aiming at disruptive and nonviolent civil resistance. Launching their first public campaign in October 2018, XR centers their motives on resisting structures that dismiss climate change and degradation of natural resources[1]. XR has been notable in eliciting mass arrest, a Ghandian tactic that garnered them press coverage, funding, and attention from government agencies and policy bodies.

synopsys

Hacking medical devices: Five ways to inoculate yourself from attacks

Healthcare companies must follow medical device security best practices to defend against attacks on devices and the networks and systems they connect to. It’s vital that healthcare companies follow medical device security best practices to defend against attacks on devices and the networks and systems they connect to—especially during a pandemic.

appknox

Top 5 Most Powerful IoT Security Testing Tools

The network of interconnecting devices to exchange data popularly known as the Internet of Things is evolving rapidly in the fast-paced industry of technology. However, advancement in IoT has also taken a toll on security. IoT Systems strive to enhance productivity, efficiency, and flexibility but also invite uncalled risks to the network. IoT Security stands as the need of the hour for secure and holistic development.

lookout

When legit apps turn malicious. (It happens more often than you think.)

A popular Android app Barcode Scanner was recently found to be infected with adware. After an update in late 2020, it started pushing advertising to users without warning. The QR code scanning app has been on the Google Play Store for years with over 10 million downloads and a high rating from users. So what happened? This actually happens pretty often.

logz.io

Case Study - Online Skimming Attack Facilitated by Work-From-Home Arrangements

In May 2020, Kroll was contacted by a purveyor of high-end meats after receiving several customer complaints of potentially fraudulent credit card activity. The fraud allegations were raised after several customers observed unauthorized transactions on their credit cards shortly after placing orders through the purveyor’s e-commerce website. Kroll quickly assigned one of their seasoned Payment Card Industry (PCI) forensics investigators to review and investigate the matter.

Third-Party Risk Management in Healthcare

Third-party risk management in the healthcare industry is getting increased attention (partly due to the worldwide Covid-19 pandemic) because of the new European rules and legislations concerning the Healthcare section. In this video, Matthew McKenna, President of International Sales, speaks about third-party risk management in the Healthcare space.

Hangin' with Haig: Conversations Beyond the Keyboard with Guest Simon Jones of Helping Rhinos

Behind marketing buzzwords, product pitches, and business cycles, the complex cybersecurity market often forgets about the force that makes our world turn: the people that are embedded within it. That’s why we’ve created a livestream series that isn’t a pitch or demo, but a highlight of a star player– whether it be a non-profit partner or SOC leader, who has a tale to tell.
alienvault

Cybersecurity and accessibility for Ecommerce platforms: Is it possible?

Ecommerce store losses to online payment fraud are expected to reach $25 billion by 2024, a new Juniper report reveals — up from just $17 billion in 2020. Undoubtedly, cybersecurity should be a top priority for ecommerce owners. At the same time, accessibility is another pressing concern, with the need for websites to comply with the World Wide Web Consortium's Web Content Accessibility Guidelines (WCAG 2.0 AA).

tripwire

Debunking Top Cloud Misconfiguration Myths

Do you remember all the apprehension about cloud migration in the early days of cloud computing? Some of the concerns ran the full paranoia gamut from unreliability to massive overcharging for cloud services. Some concerns, such as the lack of security of the entire cloud infrastructure, rose to the level of conspiracy theories. It is nice to know that those myths are all behind us. Or are they? It seems that many of the earlier misconceptions have been replaced with new notions about the cloud.

detectify

Detectify Security Updates for March 23

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

zeronorth

How DevSecOps Analytics & Reporting Can Help You Hit 3 Key Goals

With information comes power. The same holds true for the security initiatives we stand up. To gain the most value from an enterprise application security (AppSec) program—and to support a journey toward DevSecOps—organizations must find a single source of truth on the risk they face across the entirety of the application portfolio. How? Through better security analytics.

anlyz

How To Select A SIEM Solution For Your Business?

What is SIEM? SIEM stands for Security Information and Event Management that collects, aggregates, and analyses activity from different resources across the entire IT infrastructure of the organization. It collects security data from network devices, servers, domain controllers and more. It provides organizations with next-generation detection, analytics, and response. It provides information of utmost importance but the critical decision lies in how to choose the right SIEM solution for you.

anlyz

Reducing Response Times with SOAR-Integrated Threat Intelligence

Security teams tend to devote a considerable amount of time to investigating warnings that may or may not be "actual" attacks. A false positive occurs when a natural or non-threatening behavior is mistakenly interpreted as malicious. Thousands of warnings may need to be investigated as a result of this. If your security analysts are actively reviewing false warnings, they can spend a lot of time evaluating false alerts before they can start evaluating legitimate threats.

sqreen

Stored XSS, explained: How to prevent stored XSS in your app

Web applications are one of the most targeted assets these days because they’re both open to the internet and have a larger attack surface. Attackers find various ways to hack web applications. And among all of those techniques, some make it to the OWASP Top Ten list of security risks. Cross-site scripting (XSS) has been one of the consistent toppers of this list, and in this post, we’ll discuss in detail one variant of cross-site scripting—stored XSS.

egnyte

Bridging Cloud and On-Premises Content Storage in a Post-Pandemic World

In the last several years, companies have accelerated their cloud adoption and have invested time and resources to lift and shift their content, development and applications to public and private clouds. The onset of the global health crisis has further accelerated even the more traditional brick-and-mortar companies to invest in cloud technologies. Yet, we still see customers hosting content on on-premises repositories in spite of inexpensive per-GB cloud storage. Why is that?

CloudCasa Demo - Persistent Volume Backup Utilizing on Amazon EKS Cluster

Watch this video to learn how to easily set up backup and recovery jobs for your persistent volumes in Amazon Elastic Kubernetes Service (EKS). Start by adding your clusters to the CloudCasa service and defining backup jobs for your auto-discovered resources. Select from predefined backup policies for your persistent volumes and enable CSI snapshots to establish recovery points in time. Easily select and restore cluster resources and data from your backup data sets.
CloudCasa

Data Protection for SUSE Rancher Managed Clusters is Easy with CloudCasa

Why you Need Data Protection for Kubernetes Now that you have SUSE Rancher managing your Kubernetes applications, you need to consider how to further protect your application data. While Kubernetes is designed to provide a zero-downtime environment, service interruptions can happen, as well as human and programmatic errors and of course the dreaded ransomware and cyber-attacks.

alienvault

Texas power failures highlight dangers of grid attacks

In mid-February, a winter storm left more than 4 million people in Texas without power. These outages lasted days, leading to substantial property damage and even death, and they paint a grim picture for the future. Should a cyberattack successfully infiltrate U.S. power grids, the results could be deadly. The Texas power failures did not result from a cyberattack, but they highlight how destructive grid outages can be.

tripwire

CISO Soup: Data Breaches, Strategy and Cybersecurity Culture

For the longest time, those of us who occupy the role of the CISO have fought for our seat at the ‘big table.’ Although it appears some of us are being invited into the C-suite, there is still a long way for us to go.This is highlighted in a 2021 report provided BT, which places “CISOs under the spotlight” and illuminates some interesting and concerning issues that businesses need to address.

tripwire

6 Cloud Security Resources that You Should Be Using

It’s easy to get overwhelmed with the number of cloud security resources available. How do you know which sources to trust? Which ones should inform your security strategies? Which reports will actually improve your cloud security posture? Let’s first look at six cloud security guides that you should be using. These resources provide action items that you can take back to your team and use immediately.

tripwire

How Can the Trucking Industry Secure Their Telematics?

The trucking sector is essential to countless other industries. Without reliable transportation, supply chains would crumble, and companies and consumers would face shortages. With so much riding on it, it’s no wonder why the industry has fully embraced technology like telematics in recent years. Telematics refers to the suite of technologies fleets use to share data between vehicles and command centers.

outpost 24

4 ways Security and DevOps can collaborate to reduce application vulnerabilities

A collaborative approach between SecOps and DevOps is key to any successful security integration - particularly as developers and security teams have different priorities from the get-go. In this blog we will share 4 tips for getting developers on board to enable true DevSecOps for your business.

nightfall

Identity and Access Management vs Password Managers: What's the Difference?

Identity and access management best practices dictate that an organization provide one digital identity per individual. That identity can be maintained, monitored, and modified as needed while the user works on different projects and in different roles. However, strong IAM requires the use of tools and platforms, in addition to the principle of least privilege, to keep valuable information secure. [Read: 5 Identity and Access Management Best Practices]

cyphere

What harm can computer viruses cause?

It’s often said that coders can make or mar the internet. They make the internet by creating great apps, websites, software etc, and can also mar the internet through malicious programs like viruses. Computer viruses are one of the most discussed topics by regular computer users. You must have found yourself discussing this topic one way or the other. However, many don’t know the details about computer viruses.

anlyz

Enabling Faster and More Efficient Cyber Security Incident Response With SIEM & SOAR

While bad actors have become more organized and sophisticated by refining their craft, they are not the only attackers a security professional needs to be concerned with in 2020. There are still opportunistic, less skilled hackers that utilize commoditized exploits. These attack strategies are made possible by leveraging resources that are highly profitable and simple to use, such as simple phishing kits or even ransomware-as-a-service (RaaS) tactics.

anlyz

Why Is SOAR A Good Bet For Fighting Mega Cyber Security Breaches?

Not many things keep company executives and heads of federal agencies up at night like mega cyber breaches do. Mega cyber breaches are not only on the rise, but are also becoming increasingly costly to treat. IBM found that a mega-breach can cost an organization anywhere between $40 to a whopping $350 million. There are two variables contributing to mega breaches, and these variables are spread among most organizations.

logsign

Everything You Need to Know to Secure Your Network

SCADA stands for Supervisory Control and Data Acquisition, and although it’s not likely to be the first thing to come to mind when discussing cyber security, it certainly should be. As its name implies, it is a type of software designed to supervise – controlling and monitoring – and collect data and well as analyze data for industrial processes.

logsentinel

Three Reasons Why CCPA Compliance May Require SIEM

CCPA, the recent legal privacy innovation in the US, has introduced a lot of requirements for online businesses. We have previously covered the principle of accountability in both CCPA and GDPR, and how an audit log of all data-related activities as well as handling user rights’ requests is important for CCPA compliance. But we sometimes get the question “Is your SIEM going to help us with CCPA compliance?” or even “Is SIEM required for CCPA compliance?”.

Shape of the New | Global Art Market Webinar Series - Part 1: Markets and Makers

Our two-part roundtable webinar series on the future of the global art market, features guests from Hauser & Wirth, HMRC, Demif Gallery and The Society of London Art Dealers. Presented by Gareth Fletcher of Sotheby’s Institute of Art, the series explores change and transformation in the art market, from new technologies, ways of viewing and buying art, and market supervision, to digital art crime, the rise of African artists, and the illicit trade in art and antiquities.

How Twilio Scaled through Dev-First Security and DevSecOps

As more organizations leverage cloud native technologies such as Kubernetes, IaC, containers and serverless – shifting left and adopting DevSecOps is a must-do. But how does it actually work in practice? Meet Twilio; a billion dollar unicorn that has mastered dev-first security. In this session, you’ll hear from Twilio’s Head of Product Security on how he built and runs an application security program that maintains high velocity outputs.
cyberint

Dearcry Ransomware Microsoft Exchange Exploited

Following high profile headlines of critical vulnerabilities affecting Microsoft Exchange servers, as detailed in our previous blog/bulletin[1], proof-of-concept exploits have become publicly available and appear to have been utilized by a financially-motivated threat actor in the seemingly manual deployment of a new ransomware threat dubbed 'Dearcry'.

netacea

Netacea discusses Bot Groups at Cyber Security Digital Summit

On 16th March Netacea sponsored the virtual Cyber Security Digital Summit where, alongside speakers from Blackberry, Thycotic and Disney, Netacea’s Head of Threat Research, Matthew Gracey-McMinn hosted a session for attendees. During the showcase, Matthew explored “Lessons Learned From An Invite Only Bot Group & Developing A MITRE-Style Framework for Bots”.

Utilizing Employee Monitoring For Operational Efficiency And Data Security

Join us in our latest episode hosted by Christines Izuakor and Anthony Lauderdale, Head of Cyber Defense at Zoom, as we discuss the evolution of Employee Monitoring Software, and how the technology can be utilized to increase operational efficiency in the new remote world. We also discuss Insider Threat Detection and how employees could be influenced by financial data to exfiltrate intellectual property.
bulletproof

What is PECR and when does it apply?

It’s hard to ignore the GDPR these days, with headline-making fines and regular news updates on the continuing impacts of data protection post-Brexit. Most business will be aware of what they have to do for the GDPR, with increasing numbers actively doing something about it. But there is another privacy regulation that UK businesses must comply with.

How to evaluate & select the right SIEM

In this webinar, we discuss how we evaluated and selected LogPoint SIEM. Cygilant is uniquely positioned to present this webinar as we select best-of-breed technology not just for us but for our customers. How we selected SIEMs to evaluate for our customers What criteria and considerations we use Why we decided to partnered with LogPoint Detection capabilities of LogPoint Real world customer use cases (Fitchburg State University) Benefits of best-of-breed tech combined with best-in-class service
synopsys

WLAN under fuzzing with Defensics

A wireless LAN (WLAN), also commonly called Wi-Fi, is a wireless local area network defined in the various IEEE 802.11 standards and certified by Wi-Fi Alliance. WLAN capability used to be listed using the name of the IEEE standard amendment that it supports. Now the Wi-Fi Alliance uses generational numbering for corresponding technology support: Wi-Fi 4 (for devices implementing IEEE 802.11n), Wi-Fi 5 (IEEE 802.11ac), and Wi-Fi 6 (IEEE 802.11ax).

wandera

Following best practice with the Cloud Controls Matrix

This week the Cloud Security Alliance (CSA) released the latest iteration of the Cloud Controls Matrix (CCM), the first major update in two years. The CCM is considered by many to be the go-to standard for cloud risk assessments. As part of best practice, all organizations should use the matrix when evaluating whether a cloud service meets their requirements. In this article, we provide an overview of the matrix, why it is important and how to use it in conjunction with other CSA tools.

logz.io

The 2021 Ransomware Landscape for Risk Managers (Q&A)

David Klopp, Managing Director in the Cyber Risk practice of Kroll, recently spoke at the first session of PARIMA’s Confident Response Series 2021. The series aims to fine-tune incident response preparedness and help risk managers understand the latest tactics, techniques and procedures from the most successful cybercriminals, leading to deeper collaboration with business partners and mitigation of technical, legal and reputational risks.

alienvault

Enterprise-Grade Mobility takes another step forward with new mobile security offers

Companies and organizations of all sizes need mobile technology built for the rigors of business—it’s a must for businesses seeking to stay competitive. Enterprise-grade mobility offers additional business options, features, and services, helping companies perform functions beyond just enabling employees to work remotely.

alienvault

What is a security operations center (SOC)? Explaining the SOC framework

If you’re responsible for stopping cyber threats within your organization, your job is more challenging than ever. The exposure to threats for any organization continues to escalate, and breaches are occurring every day. Consider: If your company doesn’t have a security operations center (SOC), it may be time to change that. In fact, a recent study indicates 86% of organizations rate the SOC as anywhere from important to essential to an organization's cybersecurity strategy.

tripwire

64 times worse than ransomware? FBI statistics underline the horrific cost of business email compromise

The FBI is reminding organisations of the serious threat posed by business email compromise (BEC) scams, declaring that it caused over $1.8 billion worth of losses to businesses last year. The newly-published annual cybercrime report from the FBI’s Internet Crime Complaint Center (IC3) reveals that it had received a record number of complaints and claims of financial loss – with internet crime causing more than $4 billion in losses.

netwrix

What Is FISMA Compliance? Key Requirements and Best Practices

It should come as no surprise that the federal government takes cybersecurity compliance quite seriously. After all, federal agencies manage massive stores of data related to national and international security and public health, as well as the personal information of most residents of the country. FISMA (the Federal Information Security Management Act) defines a set of security requirements intended to provide oversight for federal agencies on this front.

netwrix

HAFNIUM: Protecting Your Exchange Server from Data Exfiltration

In early March, Microsoft reported a large, coordinated attack that exploited critical vulnerabilities in Exchange Server 2010, 2013, 2016 and 2019 in an attempt to exfiltrate credentials and other sensitive information from organizations’ mailboxes. Microsoft attributed this attack to a sophisticated Chinese group code-named HAFNIUM. The first detected attempts date back to January 2021.

WhiteSource

The Internet of Things Is Everywhere. Are You Secure?

From smart homes that enable you to control your thermostat from a distance to sensors on oil rigs that help predict maintenance to autonomous vehicles to GPS sensors implanted in the horns of endangered black rhinos, the internet of things is all around you. The internet of things (IoT) describes the network of interconnected devices embedded with sensors, software, or other technology that exchange data with other devices and systems over the Internet.

logsentinel

SIEM and XDR: The Same Thing Under The Hood

XDR (Extended Detection and Response) is a new trend by large security vendors, and too often people find themselves asking “okay, what’s the difference with SIEM?”. According to Gartner, the main difference is that it is natively integrated with products, typically from the same vendor, which helps in providing better detection and response capabilities. But let’s take a look into what this means in practice.

Integrating security automation in modern application development environments

Automating security has become fundamental to supporting the speed-to-market requirements of modern application development environments. In this video, you will hear from the security teams at Skyscanner and Red Venture on how they are automating application security as part of their application development environments, thus helping their development teams to prioritize and remediate vulnerabilities more effectively.
alienvault

Security checklist for using cryptocurrency in online casino transactions

Cryptocurrency (crypto) transactions are solely reliant on the online space. Billions of people have access to online platforms. The autonomy provided by cryptosystems exposes users to more danger as there are no centralized authorities. Thus, expert fraudsters such as hackers may be able to access your transactions via their computer.

tripwire

Security vs. Compliance: What's the Difference?

Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of reminded me that too often the peanut butter and chocolate sit alone on their own separate shelves.

appknox

Vulnerability Management: Top 6 Best Practices for Developers in 2021

Companies with a presence on the internet and widespread networks are increasingly being targeted by malicious code writers. There’s ample evidence to suggest hackers and Advanced Persistent Threat (APT) groups routinely run campaigns trying to snare employees, contractors, etc. to steal data or hold it for ransom. Simply put, cyber threats and cyberattacks are on the rise.

Snyk

Backstage integration with the Snyk API

Backstage began life as an internal project at Spotify and was released as an open-source project in 2020. Its original intention was to be a central location where the company had a registry of all software they had in production but has since evolved into a much more advanced platform, including a plugins system that helps users extend the platform. This plugin system is a significant reason for Backstages success and drove adoption within the company.

tripwire

4 Strategies to Mitigate Pass-the-Cookie Attacks

Another year, another new set of cybersecurity threats to overcome, outwit and mitigate against. At the beginning of 2021, the cybersecurity world was informed by CISA (the USA Cybersecurity and Infrastructure Security Agency) of a spate of attacks targeting cloud environment configurations, supposedly occurring as a result of the increase in remote working.

tripwire

To Patch or Not to Patch in OT - That Is the Real Challenge

The objective of an organization when implementing cybersecurity controls is to eliminate risk, but this oftentimes involves settling for managing risk at an acceptable level. Each organization defines what that acceptable level is depending on several factors including the environment, the criticality of function, the asset type, etc. There are many methods and techniques that an organization can then use to manage this risk. One of the most commonly used methods is patching.

nightfall

3 BYOD Security Risks and Challenges

It’s estimated that over 50% of employees use their personal devices for some work activities. As more people use their personal smartphones or laptops to do their jobs, the security risks at an organization increase dramatically. BYOD — whether instituted as a formal policy or as an adaptation to the pandemic — opens a company’s systems and platforms up to hacking, data loss, and insider threat.

netskope

Cloud and Threat Report: Was 2020 the Year of the Malicious Office Document?

In the summer of 2020, there was a big, short-lived spike in malicious Office documents. The Emotet crew had been quiet in the spring and began leveraging their botnet to send extremely convincing phishing emails to their victims, often with a link to download an invoice or other document from a popular cloud service. Those documents contained malicious code that installed backdoors, ransomware, bankers, and other malware on unsuspecting victims’ computers.

upguard

How to Fix The Top 10 Critical CVEs That Can Lead To A Data Breaches

A typical organization’s environment consists of a myriad of applications and services, each with its own unique set of ongoing vulnerabilities and flaws that could ultimately lead to a data breach. This can make IT security and operations’ job difficult, as different departments and groups within a company may utilize specific software offerings to accomplish their job functions.

upguard

Don't get breached: Learn how to prevent supply chain attacks

Cybercriminals are surprisingly lazy. Hackers are continuously cultivating their methods to achieve maximum impact with minimal effort. The adoption of a Ransomware-as-a-Service model is one example of such an achievement. But perhaps the apical point of cyberattack efficiency was achieved with the invention of the supply chain attack. A supply chain attack is a type of cyberattack where an organization is breached though vulnerabilities in its supply chain.

upguard

Critical Microsoft Exchange flaw: What is CVE-2021-26855?

On January 6, 2021. Hafnium, a Chinese state-sponsored group known for notoriously targeting the United States, started exploiting zero-day vulnerabilities on Microsoft Exchange Servers. The criminals launched a deluge of cyberattacks for almost 2 months without detection. On March 2, 2021, Microsoft finally became aware of the exploits and issued necessary security patches. By that point, it was too late.

ekran

Zero Trust Architecture: Key Principles, Components, Pros, and Cons

Whom can you trust within your network? In the zero trust paradigm, the answer is no one. The zero trust approach to cybersecurity states that access should only be granted after a user is verified and only to the extent needed to perform a particular task. In this article, we take a detailed look at different approaches to zero trust implementation. We explore the basic principles of a zero trust architecture and consider the key pros and cons of this cybersecurity approach.

synopsys

Why should DevOps teams choose IAST?

No matter where you are in your AppSec program, IAST tools can grow and scale with your organization’s needs. DevOps principles and practices are continuing to be adopted by a wide variety of companies, and here at Synopsys we’re working with our customers to help them in this journey. When it comes to DevSecOps, we have a comprehensive portfolio of products and services to help build security into every DevOps environment.

cyphere

Different types of malware + examples you should know

Computers are machines driven by specific instruction sets governed by various rules and protocols known as operating systems. Just like the human body’s immune system is vulnerable to new viruses and their mutants, computers are prone to malware infections. We cover these basics and the different types of malware in this article. Malware in electronic devices can result in software vulnerabilities, which may affect legitimate programs in the system.

ioncube24

Stay Safe From Cyber Criminals With These FIVE Simple Steps

Those who are familiar with ionCube and ionCube24 will know we are big on security with our focus being on robust PHP code protection tools and website malware protection. But what about the daily cyber security risks which affect all of us? Cyber crime is a huge deal in the age of technology and not everyone will be as aware of tools we can use to protect ourselves or the tips we can consider every day to keep ourselves safe.

zeronorth

3 Simple Reasons Why Developers Should Become Security Advocates

If you’re a developer, it’s time to embrace security, not for the higher-ups or the tenacious CISO—but for yourself. Because at the heart of any successful DevOps initiative is you, the developer who drives the software agenda and deploys the code. This means not just nodding enthusiastically during security meetings but actually placing yourself, and the meaningful work you do, at the center of an effective application security (AppSec) program.

veracode

Automated Security Testing for Developers

Today, more than ever before, development organizations are focusing their efforts on reducing the amount of time it takes to develop and deliver software applications. While this increase in velocity provides significant benefits for the end users and the business, it does complicate the process for testing and verifying the function and security of a release.

logz.io

Effective Cyber Crime Investigations Demand Thoughtful Disclosures

The lifecycle of a cyber security incident can be broken up into three stages: investigation, remediation and notifications/disclosures, the latter often being the most complex, time consuming and costly. Disclosure challenges are compounded due to breach notification laws that require initial statements before the investigation is completed and the incident is fully contained. They can also stem from improper interpretation of digital forensics findings.

styra

Scaling OPA: How SugarCRM, Atlassian and Netflix Unified Authorization across the Stack

Open Policy Agent (OPA), now a graduated project from the Cloud Native Computing Foundation, has become the open-source tool of choice for millions of users, who leverage it as a standard building block for policy and authorization across the cloud-native stack. Given the flexibility of OPA — with practically limitless deployment options — it has been adopted for dozens of use cases across hundreds of companies.

Snyk

Automate container security with Dockerfile pull requests

Integration with your source code managers and issuing pull requests to fix issues has been part of Snyk’s success in helping our customers fix application dependencies for several years. Now, we want to help you address container security in a similar way. We’re happy to share that we are extending Snyk Container by helping you automatically fix issues in your Dockerfile to keep an up-to-date base image at all times.

Snyk

Defining Developer-first Container Security

Have you shifted left, yet? That’s the big trend, isn’t it? It’s meant to signal a movement of security responsibilities, moving from central IT teams over to developers, but that’s trickier than it sounds. Simply taking tools that are intended for use by security experts and making them run earlier in the supply chain does not provide developers with meaningful information.

alienvault

What is network segmentation? NS best practices, requirements explained

If you follow cybersecurity current events, you may know that the cost and frequency of a data breach continue to skyrocket. Organizations are constantly under attack, and the shift to remote work is only exacerbating the problem. According to IBM’s 2020 Cost of a Data Breach Report, most respondents are concerned that identifying, containing, and paying for a data breach is more burdensome today than ever before.

alienvault

Is automated vulnerability scanning the best way to secure smart vehicles?

To those who pay attention to such things, it seems like a new vulnerability in smart car systems is found every week. In 2020, the numbers beat all previous years. The inescapable conclusion is that smart cars are now among the favorite targets of hackers and APT (Advanced Persistent Threat) actors. One of the main reasons for this is the sheer number of different systems that the average connected car contains today.

tripwire

Navigating Transformation with Managed Cybersecurity Services

The coronavirus pandemic has added new layers to the threat landscape facing corporate security leaders in 2020 and going into 2021, as well. As businesses and workforces sought to adapt rapidly to remote working at scale, malicious groups and other threat actors began exploiting opportunities to target stressed people and systems with malware.

Secure the Supply Chain with Center for Internet Security (CIS) and Tripwire

Events like the recent Sunburst/SolarWinds and Florida water plant breaches serve as a reminder that the supply chain needs to be secured just as much as your organization’s in-house infrastructure. Protecting the supply chain is a matter of implementing the right cybersecurity controls to your multi-vendor environment, such as the 20 Center for Internet Security (CIS) Controls.
nightfall

Quick Guide to the Difference Between a Public and a Private Cloud

Cloud security. Cloud architecture. Cloud storage. As you start scaling your business, you know “the cloud” is an important element of your IT capabilities. But, it can be a little confusing to understand the ins and outs of “the cloud” — especially when it comes to using cloud-based tools for your company to work remotely. Before we get into private vs public clouds, let’s quickly establish what we mean by cloud computing.

netskope

Netskope Threat Coverage: DearCry Ransomware

On March 2, Microsoft released patches for four zero-day vulnerabilities affecting Exchange Server 2013, 2016, and 2019 (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). In the following weeks, attackers have been aggressively targeting vulnerable servers to install web shells that provide persistent remote access to infected servers. On March 9, attackers began installing a new ransomware variant known as DearCry or DoejoCrypt on infected servers.

appknox

Complete Guide on Man in the Middle Attack ( MITM ) For Mobile Applications

Businesses have known for a long time that there always are weak links in security, especially mobile security. The worse part is not that businesses get affected by these security issues, but the fact that public awareness is terribly low on how vulnerable this can be. The man in the middle attack has been one of the most exploited ways hackers have tried and managed to steal information and money.

logsentinel

Failed SIEM Projects And How To Avoid Them

You purchase a license (through an RFP process or not), the integrator comes, gathers information about your environment, two weeks later they come to set up the configuration and then you start seeing beautifully ingested logs from all across your environment, allowing you to define meaningful correlation rules. Well, of course, that’s nonsense. It’s never as smooth and straightforward, no matter what the vendor claimed in their datasheet or proposal.

lookout

The Future of Cloud-delivered Security: Lookout Acquires CipherCloud

Today Lookout announced that we’ve acquired CipherCloud, a leading cloud-native security company that operates in the emerging Secure Access Service Edge (SASE) market. The combination will create the industry’s first company capable of providing an integrated endpoint-to-cloud security solution.

Snyk

Solving Java security issues in my Spring MVC application

The Spring MVC framework is a well-known Java framework to build interactive web applications. It implements the Model-View-Controller architecture pattern to separate the different aspects of your application. Separating the different logic elements like representation logic, input logic, and business logic is generally considered good architectural practice.

Snyk

Docker Hub Authentication: Is 2021 the year you enable 2FA on Docker Hub?

Judging by the reactions I saw in the audience during my past talks on “Securing Containers By Breaking In”, as well as recent reactions on Twitter, not many know about Docker Hub’s fairly recent multi-factor authentication feature. In October 2019, in order to improve the Docker Hub authentication mechanism, Docker rolled out a beta release of two-factor authentication (also known as 2FA).

tripwire

What Does the HIPAA Safe Harbor Bill Mean for Your Practice?

Getting incentives for the best security practices is a win-win for all healthcare-related entities. For one, you are getting incentives, and secondly, you are making sure that you have a rock-solid defense in terms of security. Many organizations find that the rules and regulations that HIPAA entails are too extensive and overwhelming, however. What’s more, cybersecurity wasn’t a thing when HIPAA was introduced.

alienvault

Stories from the SOC - DNS recon + exfiltration

Our Managed Threat Detection and Response team responded to an Alarm indicating that suspicious reconnaissance activity was occurring internally from one of our customer's scanners. This activity was shortly followed by escalating activity involving brute force activity, remote code execution attempts, and exfiltration channel probing attempts all exploiting vulnerable DNS services on the domain controllers.

siemplify

Making Sense of a Ransomware Pandemic Amid a Pandemic

The vast majority of modern businesses rely heavily on optimized computer networks utilizing shared drives and remote connections. The threat that ransomware poses to this network configuration is second to none. 2020 was tough. The world found itself in unfamiliar territory. We faced the challenges of remote working and while doing so ransomware found a gateway to thrive.

netacea

The biggest bot threats to your brand in 2021

In our recent webinar Netacea’s Head of Threat Research, Matthew Gracey-McMinn and Head of eCommerce, Thomas Platt, delved into the top threats set to shape the bot landscape in 2021. 2020 saw an increasing number of bot-based attacks as everything moved online. From online shopping to working from home, the pandemic has changed the way we interact, communicate and consume. As internet activity increased, so did the opportunity to exploit users.

cyphere

10 steps to cyber security for your business

In this article, you will understand what cyber security entails and the breakdown of NCSC’s 10 steps to cyber security that you must know. During our third party security validation exercises or customer communication, we have often come across customers without an answer to ‘what actually their IT and security products are protecting’. It is vital to be aware of what is important, what to protect and how to protect before shopping for security products.

ioncube24

Weekly Cyber Security News 12/03/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. I’m not going to make any snappy and witty remark over this one as I feel the horror everyone must have felt seeing the photos and aftermath. We never hope to have to enact a DR plan, and after being there many years ago when I had to, believe me it is not fun even when prepared.

Create and Manage API Service Accounts with the Identity API

In this video you will learn how to use the Identify REST API command to: Veracode REST APIs enable you to access Veracode Platform data and functionality using REST API programming conventions. The API provides endpoints for managing users, teams, and business units, using the create, update, read, and delete actions on their respective objects. It also provides a consistent way of onboarding teams by scripting the process from start to finish.
alienvault

A plea to small businesses: Improve your security maturity

Never have I been so compelled to help educate small businesses on the need for cybersecurity. On Saturday morning, March 6, 2021, I awoke to the Wall Street Journal article describing the Hafnium attack. This attack on Microsoft Exchange Servers was shared publicly on March 2nd with a patch for the issue released on Wednesday, March 3rd. This patch appeared to spark action from the hacker who ramped up and automated their attack for maximum scale.

reciprocity

CMMC vs NIST: What's the Difference?

If your firm is a government contractor working with the U.S. Department of Defense, or works anywhere in the DoD supply chain, brace for big changes in the cybersecurity requirements your business will need to meet. By 2026, the Defense Department will require its contractors to comply with new cybersecurity standards known as the Cybersecurity Maturity Model Certification — CMMC, for short.

netskope

Cloud Threats Memo: How Leaky Are Your Cloud Apps?

Leaky cloud services are a major concern these days. As more and more organizations move their data and applications to the cloud, ensuring new forms of collaboration and agility for their workforce, setup errors and misconfigurations (or even the lack of understanding of the shared responsibility model) pose a serious risk for the new, enlarged corporate perimeter. So far, in 2021, I have collected 12 major breaches fueled by cloud misconfigurations, and I wonder how many flew under the radar.

Product Demo | Managed Vendor Risk Assessments

Produce accurate vendor assessments using UpGuard's new Managed Vendor Risk Assessments module. Contact support@upguard.com to learn more UpGuard is a complete third-party risk and attack surface management platform, managing cyber risk across attack surfaces and third-party vendors by proactively identifying security exposures.
forgerock

IAM 101 Series: What Is Hybrid IAM?

Cloud identity and access management (IAM) is a fast-growing trend that is predicted to extend well into the future. For example, Verified Market Research alone projects that, by 2027, the market for cloud IAM will be more than $14 billion. Yet, while the cloud-based IAM market is exploding, the reality is not all roses. In our last IAM 101 post, What are Hybrid IT and Hybrid Cloud?, we discussed the differences, benefits, and disadvantages of hybrid IT and hybrid cloud.

synopsys

Don't let supply chain security risks poison your organization

Supply chain security risks are not new, but recent headlines are a reminder for consumers to re-examine their security practices. The story about the guy who hit his mule between the eyes with a 2×4 to “get his attention first” so the beast would then obey his gently whispered commands is memorable because it uses humor to make a serious point: Don’t wait to get clobbered before you pay attention to exhortations about what you ought to do.

WhiteSource

Hitting Snooze on Alert Fatigue in Application Security

Medical devices, subway car doors, severe weather warnings, heavy machinery, car alarms, software security alerts. They all notify you to indicate that something is wrong so that you can take action to prevent harm. Hospital monitors can detect a wide range of issues, from an incorrect dose of medication to an irregular heartbeat and beyond. They can quite literally save a life. The same goes for severe weather alerts that warn of impending tornadoes or hurricanes.

wandera

Account Takeover (ATO) attacks and how to prevent them

As more businesses move IT infrastructure to the cloud, the threat of employee account takeover becomes more of a concern. If you’ve migrated to SaaS applications like M365, Zoom, and Salesforce, they are going to be exposed to the public internet, and fall beyond the purview of traditional network security technologies like a firewall.

sqreen

Preventing SQL injection in Node.js (and other vulnerabilities)

The database is an essential part of a web application. It’s where you receive and store users’ data, which you can then use to provide personalized services. As such, database security is an important part of every web application to ensure the safety and integrity of data collected from users. In this post, we’ll be looking at SQL database vulnerabilities in Node.js, like SQL injection, and how to prevent them.

teleport

CSRF Attack Examples and Mitigations

Cross-Site Request Forgery (CSRF) attacks allow an attacker to forge and submit requests as a logged-in user to a web application. CSRF exploits the fact that HTML elements send ambient credentials (like cookies) with requests, even cross-origin. Like XSS, to launch a CSRF attack the attacker has to convince the victim to either click on or navigate to a link.

idcentral

Onboarding in the Digital age & two must-haves in your tool kit

If COVID-19 pandemic has made anything obvious to the business community, it is that riding the digital wave is no longer an option for businesses to thrive in the long-run. While several giant enterprises have already switched to a completely remote set up, laggards are still trying to figure their way around justifying such a move. For smaller organizations, however, investing in a digital-first future might not be as easy.

devo

Detection and Investigation Using Devo: HAFNIUM 0-day Exploits on Microsoft Exchange Service

On March 2, 2021, Microsoft announced it had detected the use of multiple 0-day exploits in limited and targeted attacks of on-premises versions of Microsoft Exchange Server. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign—with high confidence—to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.

inetco

Fighting Digital Payment Fraudsters in Real-time: A Winning Framework (Part 1)

A few weeks ago Seattle-based financial services and data management firm Automatic Funds Transfer Services (AFTS) suffered a serious ransomware attack. A gang called “Cuba” hacked and stole approximately 20 months’ worth of AFTS data, including financial documents, correspondence with bank employees, account movements, balance sheets, and tax documents. The compromised data then was offered for sale on the dark web.

Snyk

Snyk Expands Into Asia Pacific Japan

At the beginning of 2021, I noted that Snyk was ready to soar. And soar we have…the rocket ship’s next stop? Asia Pacific and Japan (APJ). I would like to welcome Shaun McLagan, our new Vice President of APJ Sales, and our new partners Temasek, an investment company headquartered in Singapore, and Geodesic Capital, a venture capital firm that specializes in helping technology companies expand into Asia, to the Snyk family.

alienvault

Deepfake cyberthreats - The next evolution

In 2019, we published an article about deepfakes and the technology behind them. At the time, the potential criminal applications of this technology were limited. Since then, research published in Crime Science has delved into the topic in-depth. The study identified several potential criminal applications for deepfakes. Among these categories, the following were deemed the highest risk: This list sparked the idea for this article.

tripwire

Combating Risk Negligence Using Cybersecurity Culture

With a growing number of threat sources and successful cybersecurity attacks, organizations find themselves in a tricky spot if they wish to survive cyberspace. Oftentimes, the adversaries are not the challenge; the obstacle is the organization’s culture. Just like culture influences who we are as a people, culture influences the cybersecurity tone of an organization. Every organization has its own unique fit and feel.

reciprocity

Reciprocity and ZenGRC Honored with Industry Accolades for Information Security Risk and Compliance

SAN FRANCISCO – March 10, 2021 – Reciprocity, a leader in information security risk and compliance with its ZenGRC solution, today announces ZenGRC has been named a winner of four 2021 Cybersecurity Excellence Awards. The company was also recognized as a Grand Trophy Winner, the top honor, along with four category awards by the Globee Awards 17th Annual Cyber Security Global Excellence Awards.

netwrix

Best Active Directory Management Tools

IT teams rely on Active Directory (AD) to keep networks secure and maintain user accounts — but they often need to adhere to strict budget limitations when it comes to selecting software to help. That’s why we’ve put together this list of the top free Active Directory management tools. Our picks focus on AD tools that will help you complete routine AD management tasks much faster so your team has time to focus on other priorities.

bearer

Tips for Implementing Privacy by Design

As builders of software we like to talk about user-centered design. We put ourselves in the mindset of the person using our app, service, or product. Successful user-driven companies bake this process into every part of their software lifecycle. It doesn’t stop at the initial research. Every decision is paired with the question: What about the user? The same approach can be taken when building with privacy in mind. The notion of Privacy By Design (PbD) does that.

synopsys

Get earlier, actionable vulnerability insights from Black Duck Security Advisories

The number of open source vulnerabilities discovered each year never seems to stop growing, emphasizing the importance of developers addressing them quickly and efficiently. However, simply identifying vulnerabilities is insufficient; their sheer scale makes it necessary to have an intelligent way of understanding which ones need to be fixed first to decrease the risk of a breach. For development teams in this environment, remediation prioritization and broad vulnerability coverage are critical.

wandera

How to protect Exchange Server with Zero Trust

The need for a Zero Trust security model has been highlighted in the recent Hafnium hack of Microsoft Exchange servers. Businesses of all sizes and industries have been impacted, with over 60,000 organizations hacked so far, and immediate action is recommended. Read on for guidance on how to remediate the threat and protect your business.

wandera

Four reasons why mobile is a good place to start your ZTNA strategy

Working from outside the office has become a necessity. Even before the pandemic, a huge percentage of the workforce (70% according to this article) wasn’t sitting behind a desk every day. People have moved away from the traditional mechanisms of interfacing with IT systems and mobile connectivity has never been more important. When we talk about mobile, we’re not referring to just smartphones, we’re also referring to SIM-enabled laptops, tablets, and IoT devices.

logz.io

Human Resource and Security Teams Should Work Jointly to Reduce the Risk of Cyberattacks

COVID-19 has not only changed the way we live but also forced many changes to standard business processes. This article will explore some challenges around human resource (HR) hiring, offboarding and contracting activities. As companies in multiple jurisdictions continue to look for advice from state and federal authorities on COVID-19 safe work plans, this article offers some security considerations from a physical security as well as cyber security perspective.

Snyk

Our Journey to Today

Today we came a step closer towards our ultimate vision – to empower every one of the world’s 27 million developers to develop fast while staying secure. On behalf of the entire extended Snyk family, every current and former employee, partner and customer, I’m humbled to announce that today marks another important milestone in the Snyk journey: the closing of our Series E funding round.

Fast or Secure? You can only pick two

In this live hack session with our partners Dynatrace and Cprime you see how developers and security teams can work together to integrate vulnerability management into Bitbucket workflows. Snyk's Simon Maple shows how the Snyk and Dynatrace integration delivers 100 percent visibility into risks anywhere in production, including third-party applications that haven't gone through pre-production inspection.
Featured Post

Security Monitoring and Risk Analysis for Office 365 - A maintainable Journey

The NIST framework tells us that it is crucial to treat security as both an action that is not a singular fix but a chorus of proactive and reactive measures. It also teaches us that it is a continuous journey. In this article, we shall apply these concepts of measures and continuous journeys to some real-world examples. Here we choose Office 365 as, for many organizations, it exposes the dominant risk surface.
Featured Post

Why cloud native apps need cloud native security

A cloud native approach to infrastructure and application development enables simplification and speed. Many of the traditional tasks involved in managing and deploying server architecture are removed, and high levels of automation deployed, making use of software-driven infrastructure models. Applications can be deployed at scale, be resilient and secure, while also allowing continuous integration technologies to accelerate development and deployment. Cloud approaches are set to dominate the future, most authorities agree: according to Deloitte, for example, global cloud spending will grow seven times faster than overall IT spending until at least 2025.
tripwire

How FIM Is More Than Just About Maintaining Compliance

The purpose of every security team is to provide confidentiality, integrity and availability of the systems in the organization. We call it “CIA Triad” for short. Of those three elements, integrity is a key element for most compliance and regulations. Some organizations have realized this and decided to implement File Integrity Monitoring (FIM). But many of them are doing so only to meet compliance requirements such as PCI DSS and ISO 27001.

outpost 24

How to secure your cloud services with CSPM

As enterprises fast track cloud adoption plans without security considerations, we’ve seen the dangers of cloud misconfigurations and how it continues to cost millions in lost data and revenue for failure to comply. In this blog we’ll explain how to spot the telltale signs and secure your clouds with adequate Cloud Security Posture Management (CSPM).

reciprocity

What is Compliance Management?

Compliance management ensures that an organization’s policies and procedures align with a specific set of rules. The organization’s personnel must follow the policies and procedures to ensure compliance with the set of rules. These rules are based on legal, regulatory, and industry standards.The goal of the compliance management program is to reduce an organization’s overall risk of non-compliance with the legal, regulatory, and industry standards that apply to the business.

Stopping Ransomware in Its Tracks With SOAR: A Conversation With Forrester Research

Considering the speed and extent by which ransomware can topple an organization, what is the best approach for addressing this seemingly existential threat? Forrester Research’s Joseph Blankenship and Chase Cunningham shared insights with Siemplify CMO Nimmy Reichenberg as part of a four-part series with us.
redscan

Redscan a five time gold winner at the Cyber Security Excellence Awards 2021

The Cybersecurity Excellence Awards honor individuals, products and companies that demonstrate excellence, innovation and leadership in information security. Awards are given out based on a combination of the strength of individual nominations and a popular vote by members of the information security community. We were winners in the following categories: We also received a silver award in the Best Cybersecurity Company – Europe category.

netskope

A CISO's View of SASE

Traditional security programs were predicated on protecting the typically internally hosted technology infrastructure and the data within that environment. This led to an ecosystem composed of numerous discrete tools and processes all intended to detect adversaries and prevent harm. It included a multitude of controls spanning network and infrastructure security, application security, access control, and process controls.

veracode

Putting the Sec in DevSecOps

Whether a seasoned professional or a fresh computer science grad, every developer has his or her stressful moments of trying to dig through scanning results to mitigate or remediate a vulnerability. Since you work at the speed of “I need this yesterday,” it’s a hassle to slow down and fix flaws or even stop to rewrite code entirely. Effective AppSec today is about executing essential application security (AppSec) tests as you’re writing code.

veracode

Veracode Wins IT Central Station's 2021 Peer Award for AST

Veracode was recently named the winner of IT Central Station’s 2021 Peer Award for application security testing (AST). Winners were chosen based on reviews from verified customers to help prospective buyers make well-informed, smart business decisions. “Receiving positive feedback from our customers on the leading technology review site for cybersecurity, DevOps, and IT is a true testament to our products and services,” said Mark Bissell, Chief Customer Officer at Veracode.

lookout

On-prem or Cloud? Lessons from the Microsoft Exchange Attack

As I’m writing this blog, malicious actors are actively exploiting vulnerabilities in the Microsoft Exchange Server software. These were zero-day exploits, which means that even organizations that were diligent in their patching were vulnerable. So far the estimates are that more than 60,000 organizations have been compromised.

styra

Linting Rego with... Rego!

One of my absolute favorite aspects of Open Policy Agent (OPA) is the general purpose nature of the tool. While commonly seen in deployments for Kubernetes admission control or application authorization, the large OPA ecosystem includes integrations with anything from databases, and operating systems to test frameworks and REST clients for most common languages.

Snyk

10 Kubernetes Security Context settings you should understand

Securely running workloads in Kubernetes can be difficult. Many different settings impact security throughout the Kubernetes API, requiring significant knowledge to implement correctly. One of the most powerful tools Kubernetes provides in this area are the securityContext settings that every Pod and Container manifest can leverage. In this cheatsheet, we will take a look at the various securityContext settings, explore what they mean and how you should use them.

tripwire

Compliance - The Invisible Hand of Cybersecurity

Have you ever worked with a company that operates as “close to broken” as reasonably possible? Companies that follow that mindset usually do not have the most robust security practice, and they certainly will walk very close to the edge of compliance. Even if you don’t work in such a dysfunctional enterprise as described above, many companies still do not appreciate the interconnection of security and compliance.

cyphere

What is NIST Framework in risk management? How to implement?

In 2013, the U.S. President, Barack Obama, passed an order to boost cybersecurity. The order required the development of a risk-based cybersecurity framework for managing cybersecurity risks for essential infrastructure services. A framework was later developed through an international partnership between small and large businesses spearheaded by the National Institute of Standards and Technology (NIST). Here is a look at the NIST Cybersecurity framework and why it is essential.

detectify

Detectify Security Updates for March 8

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

teleport

Teleport Compared to AWS SSM Session Manager

Amazon’s AWS Systems Manager, better known as SSM to long-time AWS users, was announced at the end of 2017, replacing the similarly named EC2 Systems Manager that had launched a year prior. Similar to other AWS products, System Manager provides a broad spectrum of features instead of a focused and opinionated product.

Multi-Faceted Investigation Methodology

When incidents or traumatic events occur, there are a set of investigative techniques and methodologies that need to be deployed quickly and with the right expertise. In this episode of Kroll’s Security Concepts, three of Kroll’s investigative experts Marco De Bernardin, Francesca Castelli and Nick Doyle come together to discuss their experience with the lifecycle of investigations.
Octiga

Zero Trust Model for Cloud Security

(Guest Blog) For decades, companies have relied on perimeter protection solutions to restrict their digital resources. These included passwords to authenticate users, intrusion detection systems and firewalls. With time, passwords became inadequate in preventing unauthorized access, and most shifted to two-factor authentication systems like one-time SMS codes or tokens. This change significantly enhanced security, but the approach only focused on securing the perimeter.

netacea

Content scraping: How does it affect your business?

Content scrapers are automated bots that steal your content from websites and mobile apps for their own use without permission, usually for malicious purposes. Content scrapers typically copy all the content from a webpage and portray it as their own content. Bots can scrape all of the content on a website in a matter of seconds, even for large websites such as eCommerce sites with thousands of product pages. These bots can scrape public website information such as text, images, HTML and CSS code.

upguard

How to prevent supply chain attacks with Honeytokens

Honeytokens act like tripwires, alerting organizations of malicious threats lurking at the footsteps of their sensitive data. They're a very effective intrusion detection system. So effective, in fact, that the European Union Agency for Cybersecurity (ENISA) highly recommends their use in network security. If strategically distributed thought an ecosystem, honeytokens could event prevent supply chain attacks.

nnt

When Old News Is More Dangerous Than Fake News: Vulnerability Scan Blind Spots

Out of all the cat videos you could watch, how do you decide which one to view first? The beauty of social media is its real-time, democratic operation. Everyone gets to vote and the content with the most shares is the People’s Choice, rightfully ‘The Best’. But we now know this Facebook-era notion of ‘most popular equals best’ is open to abuse. It turns out that a significant proportion of social media interaction is in fact, manufactured.

logz.io

CVE-2020-10189: Zoho ManageEngine Vulnerability Still Dangerous Nearly a Year Later - The Monitor, Issue 15

Zoho ManageEngine Desktop Central is an endpoint management solution offered by Zoho. A server running this software can push updates to managed systems, remotely control and lock them, apply access controls and more. In March 2020, a remote code execution (RCE) vulnerability was identified (tracked as CVE-2020-10189) in the ManageEngine software due to the deserialization of untrusted, user-controlled input in the getChartImage function of the FileStorage class within the application.

Anatomy of a Data Breach - How to Protect Your Clients and Brand

Industry veterans Brian Lapidus and David White recently hosted a 40-minute dive into data breaches, how to expedite your response and what to expect when facing a breach of sensitive data, regardless of how it happens. The session was followed by live Q&A. Together, Brian and David have responded to thousands of data breaches worldwide and supported over 300 million customers safeguard their identity.

CloudCasa Demo - How to Install the CloudCasa Agent from the SUSE Rancher Apps & Marketplace

Watch this short video to learn how to install the CloudCasa backup agent on your Rancher clusters from the Helm chart in Rancher Apps & Marketplace. Use the CloudCasa free service tier to protect your cluster resource data and create and manage snapshots of your persistent volumes, with no limits on the number of snapshots, worker nodes or clusters.
alienvault

Tips for minimizing security risks in your microservices

Organizations are increasingly turning to microservices to facilitate their ongoing digital transformations. According to ITProPortal, more than three quarters (77%) of software engineers, systems and technical architects, engineers and decision makers said in a 2020 report that their organizations had adopted microservices. Almost all (92%) of those respondents reported a high level of success.

tripwire

Wall Street targeted by new Capital Call investment email scammers

Business Email Compromise (BEC) scammers, who have made rich returns in recent years tricking organisations into transferring funds into their accounts, have found a new tactic which attempts to swindle Wall Street firms out of significantly larger amounts of money. According to a newly published-report by Agari, scammers are seeking to defraud Wall Street businesses and their customers out of US $809,000 on average per incident.

siemplify

Sitdown With a SOC Star: 11 Questions with Cyrus Robinson of Ingalls Information Security

This installment of “Sitdown” shifts from the end-user world to the vendor world, where we schmooze with Ingalls Information Security’s Cyrus Robinson, whose upbringing exposed him to computers and later a stint in the U.S. Air Force got him hooked on cybersecurity.

nightfall

Yieldstreet protects PII in Slack with Nightfall DLP

Yieldstreet is an alternative investments platform that strives to democratize access to financial products historically only available to institutional investors. With Yieldstreet, there are investment opportunities available to both accredited and non-accredited investors looking to invest in funds in the litigation finance, marine finance, and art finance asset classes.

netskope

Cloud Threats Memo: Protecting Against Hancitor Distributed Through Malicious Office Documents

Hancitor (AKA CHanitor, Tordal) is a popular macro-based malware distributed via malicious Office documents delivered through malspam. In the latest campaigns, particularly active between October and December 2020, the malware has been distributed via DocuSign-themed emails asking the victims to review and sign a document. The fake DocuSign link downloads a Microsoft Word document whose malicious macro, once enabled, installs the Hancitor malware.

forgerock

IAM 101 Series: What are Hybrid IT and Hybrid Cloud?

Organizations are rapidly adopting hybrid IT and hybrid cloud architectures. In fact, Gartner predicts that spending on public cloud services in 2021 will total more than $304 billion. And, as it pertains to identity and access management (IAM), Verified Market Research projects that, by 2027, the market for cloud-based IAM will be more than $14 billion.

forgerock

It's an Amazing Time to Be in Digital Identity

ForgeRock has a rich history of transforming the digital identity experiences for the most successful companies on the planet. The announcement of Okta’s intent to acquire Auth0 underscores the importance of this market. It’s more exciting than ever to be part of ForgeRock as we execute on our mission of helping organizations create digital identity experiences that are frictionless and intuitive while still protecting the security of the enterprise in a Zero Trust environment.

synopsys

If you want to succeed in gaming, don't play games with security

Video game security risks are on the rise. Building security into your software development life cycle can help protect your reputation and customers. You’re supposed to have fun and relax when you’re playing video games—maybe with a bit of self-generated competitive stress. What you’re not supposed to do is have to worry about a hacker stealing your personal and financial information.

cyphere

Cyber security in universities: Threats, threat actors and defence

This blog post aims to provide an overview of the state of cyber security in universities and other higher education organisations. Security has been a challenge for a long time at schools, colleges and universities. Aligning ourselves with the glass-half-full attitude, these organisations and institutions have shown good progress with basic security controls. Information security is a prerequisite for various business dealings in the public sector, grant funding and procurement processes.

cyphere

Purple teaming: Bridge between Red Teams and Blue Teams

Although offensive and defensive controls work towards the same goal, how do you ensure red and blue teamwork follow a collaborative approach? The answer is purple teaming. There is a gap between the red team and blue team capabilities in multiple ways i.e. approach, methodology, tool-sets and timelines. Both teams must work collaboratively and constantly to maximise their company’s investment towards ongoing defensive improvements.

detectify

How to hack smarter and find critical vulnerabilities with the new fuzzing engine

There is a common tendency that the typical DAST scanner finds the easiest to locate known security vulnerabilities. If you need to find vulnerabilities that are more difficult to detect – you need the help of security experts. But what if the DAST product could behave more like an automated hacker? The Security Research team at Detectify set themselves up to solve this problem and fundamentally upgrade the way we do fuzzing in our vulnerability scanner, Deep Scan.

veracode

AppSec Bites Part 4: What Do Teams Implementing DevOps Practices Need to Know?

The key to successfully implementing DevOps practices is relationships. It’s about breaking down the existing silos between different functions that deliver software, like development and operations. These functions need to work toward a common goal, efficient software delivery.

WhiteSource

Managing Security Debt: How to Reduce Security Deficit

Recent years have seen a sharp increase in the number of reported security vulnerabilities, along with quite a few notorious attacks on enterprise applications. Organizations have reacted by increasing their investment in AppSec and DevSecOps, including the widespread adoption of AST (application security testing) tools.

lookout

Why We Need More Women in Cybersecurity

To celebrate International Women’s Day on March 8 and the upcoming Day of Shecurity conference on March 23, I guest hosted the Lookout podcast Endpoint Enigma for an episode. I enlisted the support of my colleague Victoria Mosby to share our experiences navigating the cybersecurity sector. In addition to working as a federal sales engineer at Lookout, Victoria is also an active member of the Lookout Foundation and the Day of Shecurity initiative.

sqreen

Server-side request forgery (SSRF), explained

Web applications have become one of the most important assets for companies of all sizes. And due to this, they have also become a target. Web applications are getting more complex and bigger in size. This results in an increase in the attack surface for malicious actors. Bad actors are growing more skillful every day, and they use different tools and techniques to hack web applications.

teleport

In Search For a Perfect Access Control System

Every cloud has its own identity and access management system. AWS and Google use a bunch of JSON files specifying various rules. Open source projects like Kubernetes support three concurrent access control models - attribute-based, role-based and a webhook access control, all expressed using YAML. Some teams are going as far as inventing their own programming language to solve this evergreen problem.

idcentral

Nigerian fintech landscape

The saying “Good people, great nation” truly captures the essence of Nigeria- also known as the land of hope and opportunity. It is a nation that promotes healthy business growth with vibrant people with friendly energy expressed through diverse creative expressions. The development of the fintech industry in the past few years has been a shining star in the Nigerian economy, with the potential to shine brighter—even through the hurdles posed by the ongoing COVID-19 crisis.

devo

Choosing a Centralized Log Management Solution: Top 5 Criteria

In previous posts, we’ve written about two topics covered in the Devo eBook The Shift Is On, which presents the use case for centralized log management (CLM) in the cloud. First, we looked at the 5 best practices for security logging in the cloud. Next, we delved into the question of when your organization should adopt centralized logging. In our final installment, let’s examine the five key evaluation criteria for choosing the right CLM solution for your business.

stackrox

New Year, Better StackRox: Extending Our Lead in Kubernetes-Native Security

StackRox is continuing to shape the future of Kubernetes by enabling customers to build, deploy and run cloud-native applications at scale securely. In recent months, we have released several new, important features covered in this post, focusing on enhanced detection capabilities and simplified administrative workflows.

alienvault

Extended threat detection and response (XDR): Filling out cybersecurity gaps

Image source Business technology generally advances on a rapid basis, however, so do the cyberthreats that can endanger your security. According to BusinessWire, more than half of enterprises believe that their security cannot keep up, and according to IBM News Room, more than half of organizations with cybersecurity incident response plans fail to test them.

tripwire

MalwareTech, WannaCry and Kronos - Understanding the Connections

As Marcus Hutchins was on his way home to the UK after attending Def Con and Black Hat in Las Vegas, NV, the FBI arrested him. This event sparked immediate internet outcry, especially among the cybersecurity community, as Hutchins was better known as MalwareTech and had just made cybersecurity fame by stopping the WannaCry ransomware outbreak a few months prior. So, why did the FBI arrest a newly famous cybersecurity expert?

tripwire

PCI DSS 4.0 Is Coming - Are You Ready?

Ransomware today is a billion-dollar industry. It’s crippled industries like healthcare. In 2017, for instance, WannaCry brought much of the United Kingdom’s National Health Service to its knees using the EternalBlue exploit. It was just a few weeks later when the NotPetya ransomware strain leveraged that same vulnerability to attack lots of industries.

netwrix

NIST 800-53: A Guide to Compliance

The NIST 800-53 standard offers solid guidance for how organizations should select and maintain customized security and privacy controls for their information systems. NIST SP 800-53 Revision 5 is one of many compliance documents you need to familiarize yourself with if you are working with information technology. This post breaks it down for you into digestible pieces that emphasize the standard’s practical meaning and application.