July 2021

netskope

Cloud Threats Memo: Watch Out for Google Forms Cloud Phishing

Google Forms is one of the preferred tools used by cybercriminals to quickly set up and deliver phishing pages. We have seen examples of Google Forms pages mimicking Microsoft Office 365 logins (one of the preferred imitated applications), financial institutions like American Express, and in general any applications. Despite the naïve layout, the tool is flexible enough to build an (un)realistic login page with few clicks.

forgerock

Six Terms to Up Your IoT Vocabulary

You know that uncomfortable feeling in the pit of your stomach when you didn’t study for the test and you think you’ll get a failing grade? You stare blankly at the test questions and feel completely lost and adrift. It’s like having a conversation with a colleague who casually drops a term or acronym related to the Internet of Things (IoT), and you suddenly find yourself on unfamiliar ground.

veracode

What Will Cybersecurity Look Like Over the Next Five Years?

As a result of the Covid-19 pandemic, organizations in all industries ramped up their digital transformation efforts to make online operations easier for their employees and customers. But with more and more organizations online, the digital attack surface is growing at a record pace. The more applications with vulnerable code, the more opportunities for a cyberattack. In fact, our research found that 76 percent of applications have at least one security vulnerability.

cyberint

HiveNightmare / SeriousSAM (CVE-2021-36934)

First coming to light as a local elevation of privilege vulnerability affecting pre-release versions of Windows 11 (Figure 1), subsequent investigations into the issue, namely sensitive registry hive files being accessible to all users when 'System Protection' is enabled, confirm that it also affects Windows 10. Initially dubbed 'HiveNightmare' and 'SeriousSAM' by security researchers, CVE-2021-36934 has been assigned to this vulnerability although the CVSS score has yet to be determined.

SecurityScorecard

Actionable Insights with SecurityScorecard Threat Intelligence Partners

Threat intelligence provides valuable insight into contextual business risk. You can gain insight into threat actors targeting your industry or information from your organization located on the Dark Web. According to one report, 79% of security professionals find threat data feeds essential to their organization’s cybersecurity posture. Additionally, 63% of respondents noted that they use feeds to ensure a better defense.

tripwire

A Cure for a Disheartened Cybersecurity Professional

Data breaches and ransomware attacks aren’t just still occurring. They’re also becoming more frequent. According to ZDNet, the number of ransomware attacks detected and blocked by one security firm grew 715% year-over-year in 2020 alone. Another security company calculated the total number of ransomware attacks for the year to be around 65,000, wrote NPR. That’s about seven ransomware incidents every hour.

netacea

11 of the worst data breaches in 2021 so far

It’s no secret that Covid-19 has accelerated the number of cyber-attacks and data breaches witnessed across the globe. Increased reliance on technology as the world worked, shopped and socialised from home increased the surface area for attackers, who capitalised on a growing amount of PII (personally identifiable information) available across the internet.

rezilion

Dogfooding It: How I Used Our Own Vulnerability Validation Technology to Kill 56 Container App Vulnerabilities Without Patching

As every responsible company does, we too scan our containerized applications for vulnerabilities before deploying them in production. In a recent scan, our security team found 56 high and critical vulnerabilities coming from container base-image and open-source components.

WhiteSource

The Complete Guide to Prototype Pollution Vulnerabilities

Prototype Pollution is one of the less known vulnerabilities in the security community. Researchers started to discuss it as a potential attack vector around 2017, and the first vulnerabilities were found in the wild at the start of 2018. In this article, we’re going to take a deep dive into what Prototype Pollution vulnerabilities are, and how they can be mitigated.

alienvault

More businesses lost larger sums of money to phone scams in past year

Fraudulent phone calls have been an issue for years, and they’re becoming more common. According to a recent report from Truecaller, 59.49 million Americans lost money to scam calls in the past year, costing $29.8 billion. These threats have risen in both number and cost, and businesses can’t afford to ignore this trend. Small and medium-sized businesses are popular targets for fraud, as they often have less security.

egnyte

Implement a Multi-layered Ransomware Defense Strategy

Ransomware. Nearly every day, we learn about another major attack on companies such as JBS, Kaseya, and Quanta, a key supplier to Apple. Along with the increase in attacks, recent reports have shown the average ransomware recovery cost skyrocketed to $1.85 million this year. And, as companies have become more willing to accept attackers’ ransom demands to restore their mission-critical operations, the average ransomware payment has jumped to more than $170,000.

siemplify

How to Reduce Noise and Fix Alert Fatigue in Security Operations [With Examples]

Have you ever noticed trees that are marked with spray paint? Now, I’m no tree spray paint marking expert, but it’s my understanding that different colors or symbols can signify different things, such as trees that need to be removed, are damaged but may survive, need to be treated, or are a danger to public utilities.

synopsys

Shift even further left with blazing-fast Rapid Scan SAST

Why fixing software issues as you code matters and how Rapid Scan SAST can help. It’s common knowledge that fixing bugs early in the software development life cycle (SDLC) is much faster and less costly than doing it later. However, did you know that developers prefer finding and fixing bugs as they code rather than getting a list of identified issues even just one day later?

teleport

Preventing Data Exfiltration with eBPF

To keep your business secure, it is important not only to keep the hackers from getting in but also to keep your data from getting out. Even if a malicious actor gains access to the server, for example via an SSH session, it is vital to keep the data from being exfiltrated to an unauthorized location, such as IP addresses not under your organization’s control. In considering a solution to protect against data exfiltration, it is critical to note that one policy does not fit all.

SecurityScorecard

5 Key Cybersecurity Considerations for Insurance Companies

The connected nature of business environments has increased the severity and frequency of cyberattacks in the insurance sector. Insurance companies face a greater threat than most industries because they deal with sensitive and valuable data stemming from numerous avenues. This has resulted in several high-profile cyberattacks on insurance providers over the past few years.

reciprocity

Why Are Ransomware Attacks on the Rise?

Since the Colonial Pipeline incident in May 2021, the word “ransomware” has been circulating in public opinion and even in recent remarks from President Biden and law enforcement, along with warnings about how this type of advanced cyberattack on companies and individuals should be avoided.  But what exactly is ransomware? Why are we suddenly talking so much about it now?

reciprocity

What Is Supplier Risk Management?

The risks that threaten your vendors and contractors threaten your company as well. Every additional party added to your supply chain expands the scope of your risk and creates more opportunities for your compliance program to fail.  Some new suppliers may be reluctant to be fully transparent with you about their own risks and security measures. Nevertheless, it’s crucial that you work with your vendors to keep all potential threats at bay.

tripwire

New Bill Could Force U.S. Businesses to Report Data Breaches Quicker

A bipartisan Senate bill would require some businesses to report data breaches to law enforcement within 24 hours or face financial penalties and the loss of government contracts. The legislation from Senate Intelligence Chair and Democratic Senator Mark Warner with Republican Senators Marco Rubio and Susan Collins is just one of several new cybersecurity bills that will likely be debated this year. If passed, the bill could require certain U.S.

tripwire

IT/OT Convergence or IT/OT Integration?

IT/OT convergence is an oft-repeated term, and maybe it’s the wrong term. From a technology standpoint, IT/OT convergence has been occurring since at least the 1990s when HMI/Operator Stations began running on Windows and when Ethernet began displacing deterministic custom LAN protocols in the OT realm. This technology convergence has continued with networking, cybersecurity, virtualization, edge, zero trust, etc.

upguard

What is Wireshark? The Free Network Sniffing Tool

Wireshark is a free open source tool that analyzes network traffic in real-time for Windows, Mac, Unix, and Linux systems. It captures data packets passing through a network interface (such as Ethernet, LAN, or SDRs) and translates that data into valuable information for IT professionals and cybersecurity teams. Wireshark is a type of packet sniffer (also known as a network protocol analyzer, protocol analyzer, and network analyzer).

zeronorth

What Is An Application Security Vulnerability and How Can It Hurt You?

A software bug, system flaw, security gap—these are all terms you may have heard in the world of application security (AppSec). Yes, they all mean slightly different things, but the reality is each one can lead to a vulnerability—which translates into a weakness that can be exploited to compromise the security of an application.

egnyte

Improve Data Governance for GxP-Compliant Repositories

The need to employ data governance over sprawling repositories is essential in any industry, but it is especially important for the life sciences. The amount and types of data produced are not easily reviewed and organized. The value and sensitivity of the data makes it a lucrative target for cyber attacks. Egnyte’s data governance features give you more control over your data integrity, data privacy, and data security policies across a multitude of public cloud repositories.

Snyk

Four steps for hardening Amazon EKS security

In the first part of this blog series, we explored deploying Amazon EKS with Terraform, and looked at how to secure the initial RBAC implementation along with securing the Instance Metadata Service. In this second post, we’ll look at more best practices to harden Amazon EKS security, including the importance of dedicated continuous delivery IAM roles, multi-account architecture for Amazon EKS cluster isolation, and how to encrypt your secrets in the control plane.

wandera

Pegasus spyware slipping into mobile devices unnoticed. Time to take mobile security seriously.

An investigation titled the Pegasus Project by 17 media organizations and Amnesty International’s Security Lab uncovered that surveillance software from NSO Group purportedly used by governments to target criminal and terror suspects is actively being utilized to target journalists, activists and dissidents. As a result, the security industry has dubbed this, the Pegasus Spyware, which bears a remarkably similar resemblance to the recent spyware activity surrounding FinSpy.

redscan

What is SOAR? And how does it improve threat detection and remediation?

SOAR (Security Orchestration, Automation and Response) refers to the convergence of three distinct technology markets: security orchestration and automation, security incident response platforms (SIRP) and threat intelligence platforms (TIP). SOAR technologies enable organisations to collect and aggregate vast amounts of security data and alerts from a wide range of sources.

alienvault

Setting the cyberscene: Leading with a security first mindset

Our current global landscape is testing resiliency. As organizations continue to shift to a remote work business model, the rush to digitally transform has created new and heightened cyber risk concerns. Protecting these digital connections needs to stay top of mind for leaders looking to help their organizations adapt to these changes while continuing to innovate. In this blog, we will look to set the cyberscene and focus on a security first mindset.

tripwire

Last (Executive) Orders Please: Supply Chains, Policy and Modernising Cybersecurity

An EO is a written, signed, and published directive from the President that manages operations of the federal government, and although some EO’s require legislative approval, they effectively become law. It comes on the back of several high profile incidents involving Microsoft (Exchange), SolarWinds and the recent Colonial Pipeline incident. It is seen as a much-needed step to modernise and protect federal networks and improve information sharing between the private and US government.

tripwire

What is a SIEM, And Why Should You Have One?

SIEM (pronounced like “sim” from “simulation”), which stands for Security Information and Event Management, was conceived of as primarily a log aggregation device. However, a SIEM’s primary capabilities are to provide threat detection, better enable incident investigation, and speed up your incident response time, while also giving you a unified, holistic view of your infrastructure.

devo

How Devo Is Working with Google Cloud IDS to Deliver Greater SOC Visibility with Integrated Security Tools

As the only cloud-native logging and security analytics platform that enables organizations to take full advantage of all of their data to run and secure their business, Devo is committed to working with other leading security technology providers to bring advanced capabilities to our customers. That’s why we’re pleased to announce an integration with Google Cloud IDS.

ThreatQuotient

Are You Prepared for the Surge in Ransomware?

Incidents of ransomware have been increasing and evolving steadily for years as financially motivated adversaries shift tactics when one is no longer profitable. Unfortunately, many organizations haven’t been able to adapt their security operations to keep up. Back in 2019, 60% of organizations told ESG that they experienced a ransomware attack that year, with 29% reporting that attacks happened at least on a weekly basis.

styra

OPA, Styra and Terraform: protect your cloud investment

The shift to cloud-native has transformed the way organizations do business, keep up with the competition and meet the demands of customer expectations. From the infrastructure that maintains IT operations to the applications that supply customers with the ability to interact with their data, the velocity in which DevOps teams have to deliver these services has significantly increased, leaving little to no room for error.

Snyk

How Snyk is normalizing authentication strategies with Gloo Edge

Snyk supports multiple authentication (authN) strategies on its APIs. Historically, API keys have been the primary form of authN, but more recently we introduced support for authN using signed JWTs produced as a result of an OAuth integration. This is currently in use by both our AWS CodePipeline and Bitbucket integrations. In the beginning, Snyk began with a hub and spoke architecture with a central monolith making authN decisions.

rezilion

Rezilion Wins Globee in the 6th Annual 2021 American Best in Business Awards

Rezilion Named Winner in the 6th Annual 2021 American Best in Business Rezilion announced today that The Globee® Awards, organizers of world’s premier business awards programs and business ranking lists, has named Rezilion Prioritize, a winner in the 6th Annual 2021 American Best in Business Awards. The American Best in Business Awards are open to all organizations with at least one or more offices in the United States of America. All organizations operating in the U.S.A.

siemplify

CrowdStrike and Siemplify: SOARing with the Falcon is Now Easier Than Ever

Combining security orchestration, automation and response (SOAR) and endpoint detection and response (EDR) is a no-brainer. CrowdStrike has been the greatest evangelist of the 1-10-60 security benchmark (that’s one minute to detect a breach, 10 minutes to triage it, and 60 minutes to contain it), and with most companies falling considerably short of this benchmark, automation and orchestration can bring you that much closer.

zeronorth

When DevOps as a Service Meets Security

DevOps is one of the latest IT methodologies to be offered ‘as a Service’. With DevOps as a Service (DaaS), all tasks related to selecting, managing and maintaining DevOps tools and infrastructure, policies and processes are handled centrally, much of it automated, by a specialist team and provided – as a service – to all the development teams across the organization.

netskope

July 2021 Netskope Cloud and Threat Report

The July 2021 Netskope Cloud and Threat Report is the latest installment of our research analyzing critical trends in enterprise cloud use, cloud-enabled threats, and cloud data transfers.  Enterprise cloud usage continues to rise, driven by collaboration and consumer apps, a continuation of a trend that started at the beginning of the COVID-19 pandemic and continues through today, as 70% of users on the Netskope Security Cloud continue to work remotely.  At the same time, attackers continu

lookout

Protect Yourself from Powerful Pegasus Spyware

Note from the author: This write-up is meant to provide an overview on Pegasus, why you should be concerned, how Lookout can help protect you and what actions security admins should take. For additional information, please read our full technical report. Lookout Customers: If you believe your organization or one of your employees has been compromised by Pegasus, please reach out to our support team immediately.

nightfall

Is Microsoft Teams HIPAA Compliant?

Microsoft Teams, and subsequently Microsoft, likely need no introduction. The popular collaboration tool launched in 2016, providing organizations with a powerful way to communicate and share information within the Microsoft ecosystem. Tools like Teams have only become more important post-COVID with teams being hybrid, decentralized, and distributed.

SecurityScorecard

What is Digital Risk Protection (DRP)?

Technology is always changing, and as it does, businesses are constantly adopting new technologies to streamline their business processes and improve deliveries of goods and services. With those new technologies, however, comes risk. Every new technology opens up a business to digital threats. Sometimes those threats come from the untested nature of leading-edge technology, and sometimes those threats are simply associated with the learning curve of users within an organization.

tripwire

Top 5 NCSC Cloud Security Principles for Compliance

There are many important factors to consider when choosing a cloud provider for your cloud use cases. For organizations in heavily regulated industries, compliance with relevant regulations is one of the most important things to think about. Whether you’re planning for a single cloud workload or a hybrid multi-cloud setup, maintaining compliance for sensitive data in the cloud is imperative.

tripwire

CISO Interview Series: How Aiming for the Sky Can Help Keep Your Organization Secure

Organizations need the right internal personnel like a CISO to keep their systems and data secure. But what kind of skills do these leaders need? And how should they guide their employers in a way that doesn’t overlook the evolving threat landscape? To find out, I spoke decided to speak with Goher Mohammad. Goher is the Group Head of Information Security (CSO) for L&Q. He has held that position there for just under three years.

upguard

What is UPnP? Yes, it's still dangerous in 2021

UPnP (Universal Plug and Play) is a service that allows devices on the same local network to discover each other and automatically connect through standard networking protocols (such as TCP/IP HTTP, and DHCP). Some examples of UPnP devices are printers, gaming consoles, WiFi devices, IP cameras, routers, mobile devices, and Smart TVs. UPnP can also modify router settings to open ports into a firewall to facilitate the connection of devices outside of a network.

veracode

Executive Order Update: NIST Establishes a Definition for Critical Software and Outlines Scan Requirements for Software Source Code

On May 12, 2021, President Biden announced an executive order to improve the nation’s cybersecurity. The order, which outlines security initiatives and timelines, calls for the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) to enhance the security of the software supply chain.

nightfall

ICYM: 4 lessons for securing codebases from secrets exfiltration

Last month we hosted a webinar dedicated to discussing the issue of codebase security. As trends like secrets and credential exfiltration continue to be of concern within systems like GitHub, threats, such as cryptojacking and supply side attacks, have become more of a problem. This makes understanding key aspects of codebase security very important. That’s why we pulled out 4 lessons from our recent session that developers and security engineers must know.

Encryption in the Enterprise: What gets encrypted

In this webinar cut, we are going to review what kind of data should get #encrypted in the #enterprise. 👨‍💼 About the Speaker Bozhidar Bozhanov is co-founder and CEO at LogSentinel. He is a senior software engineer and solution architect with over 10 years of experience in the software industry. Bozhidar has been a speaker at numerous conferences and is among the popular bloggers and influencers in the technical field. He is one of the top-ranked users in Stack Overflow and his tech blog is recognized as one of the top Java developers blogs by international online media.
cyphere

What is Data Leakage? Data Leak Prevention Tips

Data leaks can happen in many ways, and they’re surprisingly common. For example, a company might be hacked by cybercriminals; someone may lose their laptop with sensitive information; employee records could get lost during the relocation process. It doesn’t take much for sensitive information to get into the wrong hands. In fact, research has found that more than half of all data leakages come from human errors like typos and lost files.

Snyk

Why you should upgrade to Maven version 3.8.1

If you are working in the Java ecosystem and building your applications with an older Maven version, this message is for you. Check your Maven version by typing mvn -version! If you are still running on an old Maven version like 3.6.3 or below you definitely need to upgrade to version 3.8.1 because of security reasons. Be aware that to run Maven 3.8.1, Java 7 is required. Luckily we found out in the JVM Ecosystem report 2021 that not many people work with Java 6 or below.

cyphere

Physical Penetration Testing: Top 8 attack methods and tools (2021)

Physical penetration tests are meant to simulate real-world scenarios to help assess the vulnerabilities and risks that could compromise a company’s physical security. Specialists often carry them out in this field who know how to access sensitive information, bypass controls, intercept network traffic and EM waves and more! Physical penetration testing is a vital part of any company’s security.

reciprocity

What Are Supplier Management KPIs?

Key performance indicators (KPIs) are how organizations measure success. Supplier management KPIs assure that value is received for the money spent with suppliers and vendors while keeping one eye on cost savings. When evaluating your organization’s supply chain, you can review several areas, such as: Supplier management across the entire lifecycle can be difficult because of the sheer number of vendors and suppliers a corporate organization typically uses.

nightfall

The NIST Cybersecurity Framework: Security Checklist And Best Practices

The National Institute of Standards and Technology (NIST) is part of the US Department of Commerce and was founded in 1901. NIST was originally established to help the U.S. industry become more competitive with economic rivals and peers, such as the UK and Germany. NIST prioritizes developing measurements, metrics, and standards for technology used in different industries.

bulletproof

Security measures for data protection

All of us take our personal security very seriously – after all, when was the last time you left your house without locking your front door? Sadly the same can’t be said for the care we take about our personal data – both our own, and that of other people. But personal data is an integral and unignorable fact of life, and we need to ensure we’re taking care of it in both our personal and professional lives.

synopsys

Synopsys Defensics R&D team places second in 5G Cyber Security Hack 2021 event

The Synopsys Defensics R&D team put the Defensics fuzz testing tool to the test in the 5G Cyber Security Hack event and placed second in the competition. Finnish transport and communications agency Traficom, together with challenge partners Aalto University, Cisco, Ericson, Nokia, and PwC, organized the 5G Cyber Security Hack, which was held June 18 to 20, 2021.

nightfall

Prevent secrets, credentials, and PII leaking in application logs with the Nightfall Developer Platform

Infosec leaders have a lot of corners to cover in their cybersecurity strategy. When crafting the tactics and onboarding the platforms that will protect sensitive information, the checklist of requirements could be missing a very important vector for attack, compliance risk or data loss: application logs.

nightfall

Preventing data loss in data warehouses with the Nightfall Developer Platform

Data warehouses power your data analysis and business intelligence operations so you can level up your knowledge and progress toward bigger business goals. Like any key component of your tech stack, using data warehouses effectively also requires care and caution — especially when uploading and sharing sensitive information.

logsentinel

SQL Injections: Is There a Way for Real-Time Tracking and Prevention?

SQL injection (SQLi) is one of the most common code-injection techniques used to get information from one’s database. Generally speaking, this is malicious code placing in one’s database via a page input, most often a registration form. SQL injection usually occurs when you ask a user for input, like their username/user ID, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database.

logsentinel

SAP Security Monitoring and Why Is It Important

Security is a key element required by any enterprise technology for ensuring business success and growth as well as trust in their buyers. But where to start in setting up a security posture in your SAP environment? As a security specialist, you know your customers are usually only a click away from your services and products. Your clients might only notice technical deficiencies and will not get into detail about the security aspects of all the systems you use.

netskope

Netskope Enhances Its Leadership Position in Latin America

Netskope recently announced that we have closed a new round of financing of 300 million dollars, which was led by ICONIQ Capital and a group of existing investors, including Base Partners, a technology-focused expansion capital investment firm based in São Paulo, Brazil. Following this over-subscribed round of funding, Netskope achieves a post-payment valuation of $ 7.5 billion.

netwrix

How to Set and Manage Active Directory Password Policy

With cyberattacks exploding around the world, it’s more important than ever for organizations to have a robust password policy. Hackers often gain access to corporate networks through legitimate user or admin credentials, leading to security incidents and compliance failures. In this article, we will explore how to create and maintain a strong and effective Active Directory password policy.

appknox

Appknox Webinar: Secure Coding Practices to Prevent Vulnerabilities in SDLC

Continuing on the successful webinar journey, last week Appknox hosted a webinar on "Secure Coding Practices to Prevent Vulnerabilities in SDLC." Focusing on secure coding best practices, our experts busted several myths and misconceptions regarding mobile app security in the webinar and highlighted several client-side misconfigurations which generally go unnoticed by the app developers.

SecurityScorecard

Taking the Pain Out of Vendor Risk Assessments

Supply chains are an essential part of today’s on-demand economy. However, they also expand your ecosystem, increasing the threat surface that you need to secure. While compliance assessments document vendor controls and enable you to manage third-party risk, responding to and completing them takes time. These delays can make your procurement team feel like you’re trying to disqualify their vendor.

WhiteSource

How Packages' External Resources Threaten Your Supply Chain

Many developers already know that in some ecosystems, open source dependencies might run their custom code from packages when they are being installed. While this capability can be used for both good and evil, today we’ll focus on a legit use case that, when misused, can escalate and be used to compromise your organization’s supply chain. If you haven’t guessed yet, I’m talking about downloading and linking external dependencies during the install process.

tripwire

US offers $10 million reward in hunt for state-sponsored ransomware attackers

The United States Department of State is offering a reward of up to $10 million for information leading to the identification of anyone, working for a foreign government, who participates in a cybercriminal attack against American critical infrastructure. The news of the reward comes at the same time as the White House announced it was setting up a ransomware task force following a series of high-profile attacks in the United States.

Outpost24 and Secure Code Warrior integration

Added links in Outpost24 Scale DAST tool to Secure Code Warrior for findings with a CWE. Where an Appsec finding is linked to a CWE we have introduced direct links to Secure Code Warrior eLearning training platform. This gives users the ability to understand what the vulnerability is and more importantly how to address these findings within their development process. Customers do not have to be customers of Secure Code Warrior (SCW) to enjoy the learning modules presented, though customers who are SCW customers may get further insights as well as tracking scores and other metrics.
zeronorth

Learn How Powerful Metrics Can Help You Manage AppSec Tools and Risk

Bugs and flaws in software are common and unavoidable. In fact, about 84%[1] of software breaches happen at the application layer, which means organizations looking to build secure software must use at least a handful of application security (AppSec) scanning tools to test their code—from code commit to build to deployment.

Protect Your Retail Supply Chain Against Cyber Attacks

The consumer goods and retail industry stores customer data in various digital platforms across multiple third-party vendors. This environment is perfect for cybercriminals to look for weak points to gain access to valuable customer data. Oftentimes, cybersecurity teams are focused too much on securing their own organization from the outside. As hacker techniques become more widespread and sophisticated, organizations must be able to see not only their own security posture but also their third parties’ from the viewpoint of the hackers’. What do hackers see and where are the weak points?
siemplify

Sitdown with a SOC Star: 13 Questions With Axel Schulz of the University of Toronto

Today we are joined by Axel Schulz, who, like a few others who have graced the “Sitdown With a SOC Star” series space, did not enter the security operations field in a traditional way. And he wants to scream that fact from the rooftops, as it just may encourage others to not overthink their previous experience and eventually help close the incontrovertible talent deficit facing the industry. He’s also fanatic about threat detection & response, playbooks and bicycling.

netskope

How to Build Your Cyber Crystal Ball Using Step-by-Step, Systematically Modeled Threats

2020 was a tough year. As security leaders, we faced new challenges in protecting applications and users who were shifting rapidly off-premises and into the cloud, and our security teams’ workloads grew at an unprecedented rate. In 2021 and 2022, CISOs need to prioritize ensuring that we’re focused on the right things.

inetco

The Global Real-Time Payments Evolution

In June, our team participated in The 2021 Payments Canada Summit, Canada’s premier payments conference. One of the main topics raised at The SUMMIT was the future of payments: why real-time payments (RTP) will be a game-changer for Canadians and the financial industry. The trend towards instant and faster payments is a global one. While Real-time Rail (RTR) is expected to go live in Canada in 2022, other regions have been using RTP for several years.

Snyk

Devoxx4Kids: Empowering young Java developers and creating future industry stars

Recently, we released the JVM Ecosystem Report 2021. This annual report is full of interesting facts about the current state of the Java ecosystem. If you haven’t seen it yet, you should give it a read. Don’t forget to download the full PDF for all the insightful information.

alienvault

Meaningful security metrics

Security metrics are vital for you as a security leader to track the progress of your security program and have effective risk-focused conversations with business and operations stakeholders. Security metrics pave the way for security initiatives, facilitate resource, help communicate resource allocation and help communicate results with relevant stakeholders throughout the organization.

SecurityScorecard

What is Zero Trust Architecture? 9 Steps to Implementation

As more companies migrate to the cloud, the way that companies protect data changes as well. In a traditional on-premises network architecture, companies were able to follow the “trust but verify” philosophy. However, protecting cloud data needs to take the “never trust always verify” approach. Understanding what a Zero Trust Architecture is and how to implement one can help enhance security.

logz.io

Growing Threat of DDoS Attacks by Extortionist Threat Actors

Kroll experts have noticed an increase in distributed denial of service (DDoS) attacks by cybercriminals seeking to turn a profit in two distinct incident types. First, many ransomware operators are now threatening and conducting DDoS attacks as an additional pressure tactic during the ransom negotiation process. Second, also known as ransom denial of service (RDoS), attackers threaten DDoS attacks that will take down an organization’s public-facing services unless a ransom is paid.

cyphere

What is LDAP Injection? Various types with examples and attack prevention

LDAP is a way for organisations to store user credentials and use them later. It provides access control as well as mechanisms to read and modify data. If the LDAP server isn’t properly configured or secured with another layer of protection, then it could be vulnerable to an attack called LDAP injection. However, you can only protect your applications if you: 1) know what LDAP is and 2) understand what can go wrong with it.

logsentinel

Kaseya Ransomware Attack: How It Affects MSSPs and SMEs, and What to Do to Prevent It

A cybercrime organization with Russian origins called REvil claims to have infected 1 million systems across 17 countries. It is now demanding $ 70 million in bitcoins in exchange for a “universal decryptor” that will return users’ access. Hackers targeted the US IT company Kaseya, and then used that company’s software to infiltrate the victims’ systems, using a zero-day vulnerability.

netacea

Why API testing is critical for today's business applications

An application programming interface (API) enables communication and data exchange between two separate software systems. The application (or service) layer sits between the presentation and database layers and lays out the rules of how users can interact with services, data or functions of the application. API testing is a software testing practice that tests the functionality, reliability, performance and security of an API.

Snyk

Tips for hardening your container image security strategy

In the first part of this blog series, we looked at security best practices for the base images which you might be using. But what happens to container image security when we add other things to it? Perhaps we’re installing additional software from upstream, and we’ve got custom applications of our own which might have their own dependencies also being installed.

rezilion

Streamlining the SBOM: What You Need to Know for Software Bill of Materials Creation and Maintenance

The Biden administration recently passed an Executive Order in the wake of another string of costly and embarrassing cyber attacks. Executive Order 14028 Improving the Nation’s Cybersecurity includes many new initiatives designed to share cybersecurity intelligence, modernize federal infrastructure, and improve the traceability and integrity of applications that store and process vital information. The last provision, laid out in Sec.

egnyte

Make Collecting, Storing, and Collaborating on Large Data Sets More Efficient with Egnyte for Life Sciences

Modern drug discovery and clinical trials produce a volume of data that can quickly overwhelm local storage and bandwidth capacity. Sequencing data, scanned source files, biostatistical (SAS, R, SPSS) databases, and DICOM imaging are all hard to store and collaborate on, especially with a distributed workforce. Egnyte’s platform has been facilitating secure sharing of files for over a decade, accelerating the ability to collaborate without sacrificing security.

netskope

The Network Leader's Punch List for Returning to the Office

Over the last year and a half, we all went through the monumental disruption of having just about everyone work from remote locations. We strained VPN infrastructure and out of necessity split tunnels became the norm, not the exception. Even if it meant the users were a bit more exposed, you really had no choice, as Zoom/Webex/Teams meetings can eat up bandwidth like nobody’s business. But now the users are starting to come back into the office, what’s the big deal?

veracode

Key Takeaways for Developers From SOSS v11: Open Source Edition

Our latest State of Software Security: Open Source Edition report just dropped, and developers will want to take note of the findings. After studying 13 million scans of over 86,000 repositories, the report sheds light on the state of security around open source libraries – and what you can do to improve it. The key takeaway? Open source libraries are a part of pretty much all software today, enabling developers to work faster and smarter, but they’re not static.

redscan

Kroll 2021 data breach outlook: "under-attacked" industries feel the heat

Kroll’s 2021 Data Breach Outlook has identified a 140% increase in data breach notification cases from 2019 to 2020. Industries such as healthcare, education and financial services, which were the most impacted in 2019, continued to be hard hit in 2020 and, so far, in 2021 too. However, the greatest increases occurred in industries that were generally spared in 2019. Data attacks became broader and deeper during the COVID-19 pandemic, a trend that has continued throughout the recovery.

tripwire

What are Product Security Incident Response Team (PSIRT) Best Practices?

In my previous post, I disclosed that SonicWall had quietly released vulnerability fixes over the course of several days before vulnerability advisories were published for CVE-2020-5135. Rather than properly fixing CVE-2020-5135, SonicWall’s fix introduced a new vulnerability in the same code. SonicWall was aware of the new vulnerability but deferred the small fix until the next release, more than 6 months later.

cyphere

What are Advanced Persistent Threats (APT attacks)

An Advanced Persistent Threat is a sophisticated (rarely) multi-staged attack carried out by skilled and well-organised threat actors such as organised cybercrime syndicates and nation-state actors. The majority of the times, Advanced Persistent Threats (APT) are nothing more than a fancy name with much more media frenzy around the topic of cyber attacks.

egnyte

Report: Data Management Trends in Life Sciences

Organizations in the life sciences industry need to maintain regulated data in compliance with a number of global data privacy laws. Ideally, compliance is automatically ensured, and data is easily categorized. But we all know that this is not always the case in a decentralized, dynamic environment. So, how are the leading biotechs efficiently and securely managing collaboration and data?

alienvault

Best practices for a secure ecommerce website

Ecommerce is a popular business model. Many people are getting into this business and looking for ways to secure early retirement from typical 9 to 5 jobs. With the right ideas and execution, there is a good chance that this will happen, but making it in eCommerce isn’t that easy as it was in the past. Yes, there are more options than ever in terms of delivery, logistics, storage, and creating an online store.

armo

Advanced Kubernetes Pod to Node Scheduling

In Kubernetes, the task of scheduling pods to specific nodes in the cluster is handled by the kube-scheduler. The default behavior of this component is to filter nodes based on the resource requests and limits of each container in the created pod. Feasible nodes are then scored to find the best candidate for the pod placement. In many scenarios, scheduling pods based on resource constraints is a desired behavior.

nightfall

GLBA Compliance Checklist: Keeping Financial Data Safe And Secure

GLBA compliance isn’t something to take lightly. These measures are strictly enforced by the Federal Trade Commission (FTC). In 2018, for instance, Venmo and its parent company PayPal reached a settlement after complaints about the company’s handling of privacy disclosures. The peer-to-peer payment app had 150 days to adhere to GLBA compliance, or it faced fines of up $41,484 per violation.

ThreatQuotient

ThreatQ Data Exchange Unlocks the Value of Industry Threat Intelligence Sharing

There’s no doubt that an analyst’s ability to efficiently share curated threat intelligence has a significant impact on the success of their organization’s overall security operations. In fact, this capability is so important that removing barriers to sharing threat information is the first requirement outlined in the Executive Order issued by the White House on May 12, 2021.

lookout

Don't Let Attackers Crumble Your Cookies: Electronic Arts Breach Lessons

Leading American video game company Electronic Arts (EA) recently disclosed a breach that resulted in the theft of hundreds of gigabytes of data. The exfiltrated information included source code and software that power popular games like FIFA and Battlefield. What’s notable about this attack is that the attackers gained access to EA’s infrastructure through stolen Slack cookies that contained cached employee login credentials.

Snyk

Managing Node.js Docker images in GitHub Packages using GitHub Actions

If you’re doing open source development today, chances are high that you’re active within the GitHub community — participating in open source projects and their repositories. A recent addition to the GitHub ecosystem is GitHub Packages, which was announced back in 2019 and is now receiving even more updates with the general availability of the GitHub Packages container registry.

synopsys

Intelligent Orchestration and Code Dx: Security superheroes

Building security into DevOps has its challenges. Address them with a modern approach to AppSec using Intelligent Orchestration and Code Dx. As a kid, I was fascinated by superheroes like Spider-Man and Superman, and now as an adult I enjoy watching Wonder Woman. There is something about these movies—all the superheroes are unseen and come to the rescue at the right time, and once they have helped, they just disappear without even taking any credit.

Image

SANS 2021 Report: Top Skills Analysts Need to Master

Organizations are steadily investing in and improving their security operations, leading to an unprecedented demand for security-related roles and skills. According to the U.S. Bureau of Labor Statistics, it is expected that information security analyst jobs will increase 31% from 2019 to 2029. With this, analysts are expected to be masters of the craft, or "all-around defenders." In this report, you will learn: Learn the skills security analysts need to master to make them successful by downloading the report.
Image

SANS 2021 Cyber Threat Intelligence Survey Report:

The past year has been filled with changes to almost every aspect of daily life, and cyber threat intelligence (CTI) work did not go untouched. CTI is analyzed information about the capabilities, opportunities, and intent of adversaries conducting cyber operations. Adversaries tend to operate in and across digital networks and equipment that shape and impact businesses, critical infrastructure, and people's daily lives. Even with the difficulties that 2020 brought, CTI work has continued to grow and mature.
SecurityScorecard

6 Strategies for Cybersecurity Risk Mitigation

This past year saw nearly a 300% increase in reported cybercrimes, according to the FBI’s Internet Crime Complaint Center (IC3). There has been a clear rise in threat volume and sophistication as many cybercriminals shift to techniques that can effectively evade detection and easily go after high-value targets. IoT devices are becoming a focus for threat actors, and threats related to credential harvesting and ransomware are also growing in number.

devo

Cloud Security Best Practices: Four Tips for Moving Security Technologies to the Cloud

In my previous post, I discussed cloud-computing security challenges identified in our new report, Beyond Cloud Adoption: How to Embrace the Cloud for Security and Business Benefits. Based on a survey conducted by Enterprise Strategy Group (ESG), the report found that while cloud computing does initially introduce security challenges and increased complexity, it’s worth it in the end. That said, CISOs need to strategically invest time and resources to achieve better security outcomes.

reciprocity

Reciprocity Expands Partner Program

New IT Distribution Partner to Enable Simplified Support for VARs SAN FRANCISCO – July 12, 2021 – Reciprocity, a leader in information security risk and compliance, today announced it has expanded the Reciprocity® Partner Program to now enable InfoSec solution providers and Value Added Resellers (VARs) to develop and deliver innovative products and services supported by the award-winning ZenGRC® platform.

upguard

Critical Data Breach Stats for Australian Businesses in 2021

If you're an Australian business reading this, there's a 30% chance you will suffer a data breach. Such cutthroat statistics, as uncomfortable as they are to read, are important to be aware of if you want to avoid becoming one. To help you achieve a data-driven approach to cybersecurity, we've aggregated some of the most critical data breach stats for Australian businesses. This list also includes global data breach statistics that could be a window into Australia's future modified threat landscape.

Kaseya Ransomware Attack: How Did It Affect the MSSPs And What To Do To Prevent The Risk?

Kaseya #Ransomware Attack A #cybercrime organization with Russian origins called #REvil claims to have infected 1 million systems across 17 countries. It is now demanding $ 70 million in bitcoins in exchange for a "universal decryptor" that will return users’ access. Hackers targeted the US IT company #Kaseya, and then used that company’s software to infiltrate the victims’ systems, using a zero-day vulnerability.
detectify

Top 5 high severity CVEs detected by Detectify since June 2020

We’re going to highlight the Top high severity CVEs found by Detectify. Thanks to the Crowdsource global community of handpicked ethical hackers, Detectify users get continuous access to the latest threat findings “from the streets” – even actively exploited vulnerabilities for which there aren’t yet any official vendor patches or updates.

synopsys

Reduce open source software risks in your supply chain

Knowing what’s in your open source software, whether you’re a consumer or producer, can help you manage security risks in your supply chain Modern open source software (OSS) is a movement that started in the eighties as a reaction to commercial software becoming more closed and protected. It allowed academics, researchers, and hobbyists to access source code that they could reuse, modify, and distribute openly.

forgerock

The Identity Brief: Why Going Passwordless is Even More Important Than You Think

Earlier this year, the ForgeRock Communications team came to me with the idea of doing a podcast. There are other Digital Identity centric podcasts already out there, so I wanted to figure out a way to make this one different and engaging. It starts with my co-host Fraser Wallace. We often joke that Fraser is the face of ForgeRock - he seems to be everywhere! When he’s not on stage hosting Identity Live, he’s behind the camera producing our awesome video content.

Empower Your Data Governance

Learn how Egnyte protects your organization’s sensitive content from vulnerabilities that can stifle your productivity, including Insider Threats, Ransomware and Data Breaches. You’ll also find out how Egnyte can help you to maximize your GDPR, CCPA, GxP and HIPAA compliance initiatives. To gain visibility into your sensitive content, sign up for Egnyte’s complimentary Data X-Ray today: pages.egnyte.com/Schedule-Complimentary-Data-X-Ray.html
teleport

RBAC and ABAC with AWS IAM

This is a guest blog post from Shuo Yang in his blog series “Transitioning to Programming the Cloud”, as a part of our blog posts focusing on Identity, Security and Access. We talked about how AWS CIP, STS and IAM can serve as the foundation of application authorization in our last post, i.e., how the application gets the temporary credential representing a specific role (i.e.

Featured Post

Measuring security for cloud native applications

Modern cloud-native applications - and the DevSecOps culture and practices used to manage them - introduce a fresh layer of challenges to the already thorny topic of security measurement. Historically, security has been typically measured on a regular but intermittent basis, at particular points in time. However, the pace of change at modern, cloud-native organisations, who've implemented DevSecOps and/or CI/CD, is relentless. Many deployments might be made in a single day, and the security posture of businesses might thus change dramatically over that time.
Featured Post

Remote possibility: how to help remote staff achieve better work-life balance

The Covid-19 pandemic has dramatically altered working experiences and what we consider to be normal. Almost every industry has been affected and businesses were forced to scramble to find ways of operating at such a difficult time. Things have begun to improve, and we may be through the worst of the pandemic, but it has had a lingering effect.
ioncube24

Weekly Cyber Security News 09/07/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Not a great week for a couple of large vendors. One, Kaseya is scrabbling for recovery with their customer base no doubt weighing up the legal cost of the attack. This article from the start just shows how little time it takes for an attack to be leveraged.

netwrix

[Infographics] Data Breach Statistics 2021

Cybercrime has been on the rise for years now, and it is not showing any signs of slowing down. Indeed, the arrival of the COVID-19 pandemic in 2020 just fueled the situation, and the number of attacks is escalating. Here are important data breach statistics that can help you better understand the risk landscape for 2021.

redscan

PrintNightmare (CVE-2021-34527): what is it and how could it affect your organisation?

But what is PrintNightmare, why are people so worried and what can organisations do to defend themselves? We address these issues and others in this PrintNightmare security advisory, which will be updated as new information becomes available.

logz.io

Addressing the Ransomware Attack Against Kaseya VSA Customers

On the afternoon of July 2, 2021, Kaseya reported that it had been impacted by a ransomware attack affecting its Virtual System Administrator (VSA) product and advised users to shut down VSA servers immediately. Initial reporting indicates this was a well-orchestrated supply chain attack impacting about 60 managed services providers (MSPs) and up to 1,500 client organizations by leveraging a zero-day vulnerability (CVE-2021-30116).

tripwire

98% of Infosec Pros Say Multi-Cloud Environments Create Additional Security Challenges, Reveals Survey

Organizations have multiple reasons for embracing a multi-cloud strategy. First, it enables them to avoid “vendor lock-in” where they need to rely on a single vendor for all their cloud-based needs. Second, it empowers them to take advantage of the perks offered by several cloud service providers at once. Lastly, such a strategy helps to protect them against data loss and/or downtime, as an issue in one environment won’t necessarily spill over into another.

tripwire

Lazarus gang targets engineers with job offers using poisoned emails

Security researchers at AT&T Alien Labs report that a notorious hacking group has been targeting engineers working in the defence industry. In recent months there have been a series of reports of malicious emails that use the disguise of a job offer to target defence contractors in the United States and Europe.

cyphere

What is data security breach? Examples and prevention

Many compliance standards focus on protecting individual personal information and sensitive data in a world rife with cyber-attacks and data breaches. Now, companies need to make their systems immune to digital intrusion and prepared to reduce the attack surface for strong information security measures around private information. Data breaches are becoming a norm through the more and more rapid transition of physical businesses to online businesses and more online activities.

synopsys

Getting started with writing checkers using CodeXM

Writing a good checker can take a lot of effort. CodeXM makes writing certain types of checkers much easier. Static application security testing (SAST) is best described as a method of debugging by automatically examining the source code before the application is deployed. It provides an understanding of the code structure, finds quality and security flaws present in the code, and helps ensure adherence to secure coding standards.

rezilion

Rezilion Wins Globee in the 13th Annual 2021 Golden Bridge Business and Innovation Awards

Rezilion Receives the Golden Bridge Awards’ Silver Award for Startup of the Year in Security Cloud/SaaS ST. CHARLES, MO; JULY 06, 2021 – Rezilion, a leading autonomous DevSecOps platform, announced today that The Globee® Awards, organizers of world’s premier business awards programs and business ranking lists, has named Rezilion a winner in the 13th Annual 2021 Golden Bridge Business and Innovation Awards.

siemplify

6 Sessions That Wowed SecOps Pros at SOCstock 2021

SOCstock 2021 is now in the rearview mirror, but thanks to the magic of recording technology, you can still relive it in the present. The day was filled with thought provoking and trailblazing content, delivered by security operations professionals for security operations professionals, across enterprises and MSSPs.

Discover How Businesses Have Adopted Cloud Computing Security

Devo and ESG partnered to research the latest cloud security trends and adoption statistics. As cloud computing becomes more prevalent, it’s more important than ever to recognize how it will impact businesses and how cloud infrastructure security is more crucial than ever. Learn how SecOps teams can leverage new strategies to overcome challenges from cloud-shift
devo

Detection and Investigation Using Devo: REvil Ransomware Kaseya VSA

On July 3, 2021, Kaseya reported1 a potential attack against its Virtual System/Server Administrator (VSA) that apparently had been limited to a small number of on-premises customers. Kaseya recommended an immediate shutdown of the VSA server until further notice. The small number of affected customers grew to thousands in just a few hours.

netskope

Cloud Threats Memo: Preventing the Exploitation of Dropbox as a Command and Control

IndigoZebra is a Chinese state-sponsored actor mentioned for the first time by Kaspersky in its APT Trends report Q2 2017, targeting, at the time of its discovery, former Soviet Republics with multiple malware strains including Meterpreter, Poison Ivy, xDown, and a previously unknown backdoor called “xCaon.” Now, security researchers from Check Point have discovered a new campaign by Indigo Zebra, targeting the Afghan National Security Council via a new version of the xCaon backdoor, dubbed

egnyte

Customize Egnyte with Your Own Apps

Egnyte is excited to announce the ability for our customers to build custom apps for their domains. Now our customers can create apps with tailored actions and workflows that can help increase efficiencies and boost productivity. Create your own Application that uses Egnyte’s public API, giving you a full set of enterprise features while helping with compliance of industry standards like HIPAA and FINRA to ensure you are enterprise-ready on day one.

rezilion

Security Isn't Just a Hobby for Gaming Companies

Back in the 90s, gaming companies were mainly occupied with physical security and less with cyber threats. With single-player PC games or consoles like Sega, Nintendo, and PS1, the only perceived threat to gaming companies was someone burning CDs or using the notorious modchip that allowed potential customers to use illegal copies of their favorite games. As technology grew more advanced, gaming companies offered their customers a much more robust experience.

wandera

Roaming charges are back. Here's what you need to know.

Roaming charges are back! You can practically hear everyone jumping for joy. With lockdown restrictions easing, vaccination programs going well, and more and more countries being given the green light for travel, roaming charges are on the horizon. Since 2017, we’ve been able to enjoy domestic phone tariffs when traveling in the EU. Then Brexit happened and this guarantee disappeared.

netskope

Demoing the Netskope and Mimecast DLP Integration

Protecting the data of an organization is a complex task. Data is the crown jewel of any organization which the adversaries continuously seek to get their hands on. Data is threatened both by external attackers and internal threats. Sometimes the threats are malicious, and in many cases, they are accidental. Both these cases have to be addressed by modern enterprise security departments.

Hangin' with Haig: Conversations Beyond the Keyboard with Guest Mark Bartlett

Behind marketing buzzwords, product pitches, and business cycles, the complex cybersecurity market often forgets about the force that makes our world turn: the people that are embedded within it. That’s why we’ve created a livestream series that isn’t a pitch or demo, but a highlight of a star player– whether it be a non-profit partner or SOC leader, who has a tale to tell.
ThreatQuotient

5 Tips to Improve Threat Report Analysis and Action

Most organizations have more threat intelligence than they know what to do with, from a variety of sources – commercial, open source, government, industry sharing groups and security vendors. Bombarded by millions of threat data points every day, it can seem impossible to appreciate or realize the full value of third-party data.

alienvault

Cybersecurity and government

Photo by Katie Moum on Unsplash In May, after many months of dedicated effort, our compliance team received word that a U.S. Federal Risk and Authorization Management Program (FedRAMP) moderate certification was granted for the AT&T Threat Detection and Response for Government solution. FedRAMP is a program coordinated by the US General Services Administration and the Department of Homeland Defense that inspects cloud-based solutions for compliance with 325 distinct security controls.

lookout

Lookout Unearths Android Crypto Mining Scams

Cryptocurrencies, once the exclusive domain of an idealistic fringe movement, have recently become attractive to mainstream retail investors. During the COVID-19 pandemic, the valuation of cryptocurrencies rose exponentially, reaching a market capitalization of over $2 trillion. Cybercriminals are always looking for the path of least resistance to make money and cryptocurrencies are now in their crosshairs.

ekran

7 Best Practices for Building a Baseline of User Behavior in Organizations

Securing an organization’s sensitive data is hard, especially when the danger comes from within. A careless coworker may insecurely share credentials, an intruder may compromise an account, or a malicious insider may misuse their access rights. According to the 2020 Cost of Insider Threats Report [PDF] by IBM, 60% of organizations experienced more than 20 insider-related incidents in 2019. One promising solution to prevent insider threats is user and entity behavior analytics (UEBA).

tripwire

What is Asset Discovery? A Look Beneath the Surface

The corporate network can be a busy place with devices connecting, reconnecting and disconnecting every day. With the ever-growing landscape of today’s corporate networks, the difficulty of knowing and understanding what is on an enterprise network has highlighted the importance of effective asset discovery. So what does asset discovery involve? Asset discovery involves keeping a check on the active and inactive assets on a network.

netskope

Netskope Threat Coverage: REvil

The REvil ransomware (a.k.a Sodinokibi) is a threat group that operates in the RaaS (Ransomware-as-a-Service) model, where the infrastructure and the malware are supplied to affiliates, who use the malware to infect target organizations. On July 2, the REvil threat group launched a supply chain ransomware attack using an exploit in Kaseya’s VSA remote management software. REvil claims to have infected more than one million individual devices around the world.

CloudCasa

Another Major Feature Release for CloudCasa

CloudCasa is a simple, scalable, and inexpensive cloud backup service for protecting your Kubernetes and cloud native applications. We worry about protecting your Kubernetes environment so that you don’t have to! Since the introduction of CloudCasa in November of last year, we’ve been making improvements and adding new features at a steady rate. The CloudCasa team has been very busy this spring, and we’re now pleased to announce yet another major release of new service features!

CloudCasa Demo - How to Backup Kubernetes Persistent Volumes to CloudCasa

Learn how to backup Kubernetes Persistent Volumes to protect your data from ransomware attacks and for disaster recovery. Not only can CloudCasa create and manage Persistent Volume (PV) snapshots for you, but now you can backup those snapshots to our secure cloud storage as well. Just choose the “Snapshot and copy to CloudCasa” option when you create a Kubernetes backup job and you can also add this option to existing jobs by editing them.
egnyte

Streamline Review and Approval Workflows in Egnyte for Life Sciences

Life science companies must implement quality processes into procedures in order to meet regulatory requirements and endpoint validation. But the implementation of quality processes is not an easy task. Managing the process of gathering feedback and gaining approval can be slow and comlex. In today's video, we will show how to handle Standard Operating Procedures or SOPs on the Egnyte platform and how to enable Part 11-compliant workflows for the review and approval process.

Snyk

Hardening AWS EKS security with RBAC, secure IMDS, and audit logging

Misconfigurations in infrastructure as code (IaC) can be just as dangerous as vulnerabilities in code. Small mistakes in configuration can lead to the sensitive data being readable on the internet, or private endpoints and dashboard accessible to the anonymous users and abused as the initial point of compromise. Recent security research findings indicate the rise in malware targeting the Kubernetes platform which showcases the need for secure configuration.

CloudCasa

Azure Cloud Storage, PV Backups, and Ransomware Protection with New CloudCasa Release

CloudCasa is a simple, scalable, and inexpensive cloud backup service for protecting your Kubernetes and cloud native applications. We worry about protecting your Kubernetes environment so that you don’t have to! Since the introduction of CloudCasa in November of last year, we’ve been making improvements and adding new features at a steady rate. The CloudCasa team has been very busy this spring, and we’re now pleased to announce yet another major release of new service features!

upguard

What is Ransomware as a Service (RaaS)? The dangerous threat to world security

Ransomware attacks are on a steep upward trend and the gradient isn't softening its progression. In Q3 2020, ransomware attacks have increased globally by 40% to 199.7 million cases. In the U.S. alone, attacks have increased by 139% year-over-year, totaling 145.2 million cases in Q3 2020. The impetus to the sudden recent spike in ransomware attacks, was the dramatic shift from a linear attack model, to an insidious multi-dimensional Ransomware as a Service model.

alienvault

How to protect your site against lethal unauthorized code injections

Lethal unauthorized code injections like XXS (cross site scripting) attacks are some of the most dynamic cyber-attacks. They are often very difficult to detect and can result in credit card theft, fraud, and endpoint data breaches, having a huge impact on small to medium sized businesses. In a recent AT&T cybersecurity survey, 88% of respondents reported that they had experienced at least one security incident within the past year.

alienvault

Lazarus campaign TTPs and evolution

AT&T Alien Labs™ has observed new activity that has been attributed to the Lazarus adversary group potentially targeting engineering job candidates and/or employees in classified engineering roles within the U.S. and Europe. This assessment is based on malicious documents believed to have been delivered by Lazarus during the last few months (spring 2021). However, historical analysis shows the lures used in this campaign to be in line with others used to target these groups.

SecurityScorecard

How to Ensure Password Hygiene at Your Organization

In a SecureAuth survey, 62% of respondents claimed to use the same password across three to seven different accounts. It begs the question: If passwords play an integral role in cybersecurity performance, why are people so remiss when it comes to practicing good password hygiene? Practicing good password hygiene is a security measure that organizations must take to protect against cyber threats.

logz.io

Updated Cyber Security Fundamentals for Financial Services Organizations

The recent slate of breaches and regulatory actions has prompted many companies who had been doing the minimum in terms of proactive cyber risk management to rethink their approach. In the U.S., new regulations are emerging (for states like Virginia, Colorado, Massachusetts and many others), and existing regulators are increasing their enforcement, as we’ve seen by the NY Dept of Financial Services (NYDFS) and the SEC.

tripwire

Protecting Your Online Privacy: Three Levels of Security

Data leaks happen once every few months at least. Millions of users can have their phone number, address, and Social Security Number smeared across the internet in a matter of seconds. Your online browsing behavior is also sold legally by tech companies to the highest bidder. Ever seen an ad that is a little too specific? Most major tech companies rely on some form of data harvesting for revenue. As consumers, should we do anything? Can we do anything?

tripwire

Bringing Governance, Risk, and Compliance to Life

I was recently asked to host a round table discussion on ‘Governance, Risk and Compliance‘ (GRC), and I have to admit I was more than a little excited. Why? Because the other people around the table were leading lights in the world of Cybersecurity, Risk and Resilience, and I was looking forward to exploring how a GRC framework can work across industries and learning some valuable lessons from those around our virtual table.

tripwire

The Rundown on Google's Cloud Security Foundations Guide

Google recently released the new Cloud Security Foundations Guide. We’re going to take apart Google’s guide and show you what’s worth looking into. First, an introduction. “This comprehensive guide helps you build security into your Google Cloud deployments.” – Google What’s going on: Google Cloud Services are out there, being deployed in the wild, untamed. This guide is Google’s self-proclaimed “opinionated” view on keeping them safe.

Snyk

Tips and best practices for building secure container images

When you start scanning your container images, it can be disconcerting to discover that you have large numbers of vulnerabilities. Below is a scan I did last week on a vulnerable node image that I built. While a fairly extreme example, you can see that this image out of the box is showing as having over 800 vulnerabilities in it.

AppSec Decoded: The state of mobile application security during the pandemic | Synopsys

In this episode of AppSec Decoded, we spoke with Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Center (CyRC), to learn about the state of mobile application security during the pandemic. The information is based on a new Synopsys report, "Peril in a Pandemic: The State of Mobile Application Security."

Use the Jenkins Credentials Binding Plugin to Protect Your Veracode Credentials

In this video, you will learn how to: You can use the Jenkins Credentials Binding Plugin to hide your Veracode API credentials from the Jenkins interface and logs. You use the plugin to associate, or bind, your Veracode API credentials to environment variables and save them to the Jenkins credentials store. During a build, Jenkins uses the environment variables to secretly access your credentials. The Jenkins interface and logs only show the bound environment variables.

Learning application security by finding and fixing insecure code in OWASP NodeGoat

Wouldn't it be great if we, developers, learn about application security by training on purposely-built vulnerable applications rather than finding our mistakes in production? Yes, we think so too. In this session, we welcome Priscila Oliveira, Software Engineer at Sentry and core contributor of open source npm proxy project Verdaccio, to chat about her appsec experiences as developer, and learn together about secure coding practices, how to hack a live application, open source vulnerabilities and how to fix them.
zeronorth

Are Any of These Top Open Source Vulnerability Testing Tools in Your Program?

Sorting out the differences and similarities among the various open source (OS) security tools is no easy task. In fact, many security practitioners today agree, it can be staggeringly complex. Although automated OS security scanning tools make it easier to find and patch existing vulnerabilities in web applications, thereby reducing the burden on security and development teams, they do require a good deal of management and oversight.

inetco

How to Prevent Man-In-The-Middle Attacks and Fight Financial Fraud

You just started reading this blog post. But are you reading it alone? Or is there a “man in the middle” watching and recording everything you do online? While it may sound like a plot from a Hollywood blockbuster, the reality is far from amusing. A man-in-the-middle (MitM) attack can quickly occur when an unsuspecting victim joins the same public Wi-Fi network as a malicious attacker, for example, at a cafe.

appknox

Internal vs External Vulnerability Scans: Understanding the Difference

When it comes to establishing a robust mobile application security posture, vulnerability scanning is certainly the go-to option. But given the complex cybersecurity challenges of modern times, it might be complicated and challenging to implement vulnerability scanning properly. According to the 2020 Edgescan Vulnerability Statistics Report, around 35% of the vulnerabilities discovered in external-facing apps were of critical or high risk.

reciprocity

What Is RegTech and Why Does It Matter?

Financial institutions lost $16.9 billion to account takeover and identity fraud in 2019 alone, and the shift to online financial services during the pandemic only exacerbated the problem. At the same time, the 60 percent jump in compliance costs and risk management spending since the 2008 financial crisis has left retail and corporate banks with little discretionary funding.

tripwire

The Aviation Industry Needs to Move Towards Cyber Resilience

2021 is a significant year for aviation. It marks the 20th anniversary of the 9/11 attacks, the worst acts of unlawful interference in the history of aviation. It is also the Year of Security Culture for the ICAO community, which aims to enhance security awareness and foster a security culture throughout the industry.

upguard

Biggest Data Breaches in Australia (Includes 2021 Attacks)

Data breaches in Australia are on the rise, particularly in the financial and healthcare industries. In an effort to DISRUPT this pernicious trend, the Australian government is revising its cybersecurity frameworks and policies to strengthen resilience against nation-state threat actors. But Australian businesses cannot solely rely on the government's cybersecurity initiatives. Even the Australian Signals Directorate (ASD) admits that proposed security frameworks only raise the baseline of security.

cyphere

Differences between hashing and encryption and salting explained with examples

Hashing is a one-way function that outputs a fixed-length string, where it’s impossible to decipher back into the original input. Encryption is a reversible process used to scramble data so that it can’t be read. So, if you’re looking for a way to keep your passwords safe and secure, look no further than hashing! But there is a slight catch here that relates to the term salting.

armo

Networking with a Service Mesh: Use Cases, Best Practices, and Comparison of Top Mesh Options

Service mesh technology emerged with the popularization of microservice architectures. Because service mesh facilitates the separation of networking from the business logic, it enables you to focus on your application’s core competency. Microservice applications are distributed over multiple servers, data centers, or continents, making them highly network dependent.

tripwire

Top 5 Scam Techniques: What You Need to Know

Scammers are increasingly resourceful when coming up with scam techniques. But they often rely on long-standing persuasion techniques for the scam to work. So, you may hear about a new scam that uses a novel narrative, but there is a good chance that the scam relies on proven scam techniques once the narrative is stripped away. These scam techniques often exploit our characteristics and heuristics, or things that make us human and fallible.

ioncube24

Weekly Cyber Security News 02/07/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. While the sensitive security documents were reported as lost, the published reason as to why saying it is not know sounds rather suspicious. I fully expect this will be brushed under a bush somewhere – much like the documents.

detectify

The Buyer's Guide to Scalable Application Security

Detectify is helping tech organizations bring safer web products to market by providing crowdsourced, cloud-based, continuous web app security. Here’s a buyer’s guide on how you can get scaleable application security in 2021 and beyond. There are so many appsec tools out there with the same features. It’s hard to see value clearly amongst all the noise.

netwrix

What Is Privileged Access Management (PAM)?

Users with privileged access to an organization’s systems and networks pose a special threat. External threat actors often target privileged accounts using phishing schemes and social engineering techniques, since gaining control over these credentials helps them move more freely inside the network. Moreover, people sometimes misuse their own privileged accounts; this type of cyberattack takes the longest to discover, according to the Verizon Data Breach Investigation Report.

netacea

Price monitoring services are increasing scraping risks for retail

A scraper bot or web scraper is a bot trying to precure, aggregate and parse data, publicly available or otherwise, from an internet-enabled source. Not all web scrapers are bad bots. In fact, some are vital to business success. Good bot activity includes content scraping for display on aggregation sites or content scraping by affiliates to market your products and services. Malicious web scrapers on the other hand can have the opposite effect.

CYSIAM partners with CrowdStrike to secure clients' operations

Cyber security firm CYSIAM has announced it is partnering with CrowdStrike, a leader in cloud-delivered endpoint and workload protection, to utilise the CrowdStrike Falcon Overwatch in its new Cyber Defence Operations service.
redscan

How much does penetration testing cost?

Commissioning a penetration test is an important step in helping to enhance your organisation’s cyber security resilience. Pen testing costs vary from a few thousand pounds to several thousand more, so it’s essential to ensure that the pen testing you select enables you to achieve the best security outcomes from your budget.

tripwire

How Dockershim's Forthcoming Deprecation Affects Your Kubernetes

Container orchestration platform Kubernetes announced in December 2020 that its third and final release, Kubernetes v1.20, would deprecate dockershim and subsequently Docker as a container runtime. This deprecation has brought multiple changes that admins must be aware of and accordingly respond to.

calligo

Calligo wins at the DevOps Excellence Awards 2021

Calligo wins ‘Best DevOps Transformation’ up against a heavyweight shortlist including IBM, Infosys, Sky, Accenture and Telefonica. Computing’s annual DevOps Excellence Awards aim to recognise and celebrate the best DevOps deployments, teams, outcomes and impacts in business over the last 12 months. Calligo was shortlisted in the Best DevOps Transformation category, alongside such industry heavyweights as IBM, Infosys, Sky, Accenture and Telefonica.

alienvault

REvil's new Linux version

The ransomware-as-a-service (RaaS) operation behind REvil have become one of the most prolific and successful threat groups since the ransomware first appeared in May 2019. REvil has been primarily used to target Windows systems. However, new samples have been identified targeting Linux systems. AT&T Alien Labs™ is closely monitoring the ransomware landscape and has already identified four of these samples in the wild during the last month, after receiving a tip from MalwareHuntingTeam.

SecurityScorecard

Speed Up Security and VRM Workflows with Zapier and SecurityScorecard

Security ratings are one out of the myriad of tools that security, IT, and vendor risk management teams rely on. In fact, we know that companies deploy an average of 47 different cybersecurity solutions and technologies; yet only 39% of security leaders believe that they are getting full value from their security investments. That’s why we built our Zapier app, enabling you to connect SecurityScorecard to over 3,000 apps and automate key workflows based on SecurityScorecard data.

Leading indicators for the leading indicators: SecurityScorecard & HackerOne

During this workshop, Mike Wilkes (CISO, SecurityScorecard) and Alex Rice (CTO and Co-Founder, HackerOne) discussed more advantages of combining VDPs, bug bounty programs, and continuous external cyber monitoring, including the impact it can have on reducing risk, preventing breaches, and vetting third parties. Watch the recorded workshop to learn.
Snyk

Talking visibility, scalability, and relationships in secure development with Phil Guimond of ViacomCBS

I recently caught up with Phil Guimond, Principal Cloud Security Architect at ViacomCBS. He describes his role as a fancy way of saying he likes to be involved in All The Things™. This includes cloud security and architecture, application security, penetration testing, and digital forensics and incident response, and even vendor reviews and risk management from time to time. He works in a very cross-functional team. We had a great discussion, and I wanted to share it with all of you.

netskope

Optimizing Cloud Security Efficacy & Performance Through a Single-Pass Architecture

Cybersecurity has a bad rap for getting in the way of business. Many CIOs & CISOs dedicate a lot of time to minimizing security solutions’ performance drag on their network traffic while ensuring that the solutions continue to do their job keeping the network secure. The move to the cloud exacerbates this challenge.

egnyte

Life Science Top 10 Market Trends for 2021

For over a year the future has lacked clarity. As parts of the world start to open up and the life sciences industry ramps back up to pre-pandemic activity, the fog of uncertainty is starting to lift. We are seeing an acceleration of digital transformation across the Life Sciences industry with the adoption of decentralized trials, real world evidence, and remote monitoring.