Companies of all sizes are learning that when it comes to keeping their digital assets safe; being able to monitor what’s going on within their environments makes all the difference. Unfortunately, those same companies have struggled with basic fundamentals such as maintaining accurate asset inventories and deploying the right technology on those assets to gain visibility into their security posture – two components critical to the effectiveness of traditional visibility programs.

Sir Tim Berners-Lee invented the World Wide Web in 1989, and then it became available to the general public by 1991. The web is an internet service that was designed to help scientists and academics exchange information more effectively. But by the late 1990s, the web helped to make the internet popular and accessible to ordinary people all over the world. Over thirty years after Berners-Lee’s first proposal for the web-- that technology has revolutionized everyone’s lives.

Pulse Secure and Fortinet have announced advisories detailing a critical vulnerability found that enables an unauthenticated user to conduct file disclosure in SSL VPN. Thanks to Detectify Crowdsource hackers, Detectify checks your website for these vulnerabilities and will alert you if your version of Pulse Secure or Fortinet gateway is affected.

A cyber attack (or cyberattack) is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to a computer system, infrastructure, network, or any other smart device. In some cases, cyber attacks can be part of a nation-states cyber warfare or cyber terrorism efforts, while other cybercrimes can be employed by individuals, activist groups, societies or organizations. Strong organizational wide cyber security controls are now more important than ever.

Headlines continue to suggest that organizations’ cloud environments make for tantalizing targets for digital attackers. Illustrating this point, the 2019 SANS State of Cloud Security survey found “a significant increase in unauthorized access by outsiders into cloud environments or to cloud assets” between 2017 (12 percent) and 2018 (19 percent). These findings beg the question: how prepared are organizations to defend themselves against cloud-based threats?

It’s no secret that there are a lot of websites on the internet hosting malicious content whether they be phishing pages, scams or malware itself. Every day we hear of new attacks, there’s a common denominator of either a user having clicked on a link to a fraudulent website or a site having played host to code that pulled a malicious payload down from a third-party server.

Cyberbullying and cybersecurity incidents and breaches are two common problems in the modern, internet-driven world. The fact that they are both related to the internet is not the only connection they have, however. The two are actually intimately connected issues on multiple levels.

The cyber kill chain illustrates the structure of a successful cyber attack. It is effectively the hacker’s process from beginning to end, from scoping a target (reconnaissance) all the way to achieving their objective, whether that’s data theft or dropping and executing malware. When approaching your cyber security strategy, you should align your defences to the cyber kill chain. Like Batman becoming fear, to defeat the hacker, you must become a hacker.

Vendor risk management (VRM) deals with the management and monitoring of risks resulting from third-party vendors and suppliers of information technology (IT) products and services. VRM programs are concerned with ensuring third-party products, IT vendors and service providers do not result in business disruption or financial and reputational damage.

What if your job was to break things repeatedly in order to make them work better? Sounds like the dream of every curious six-year old, but it’s actually an emerging software engineering trend based in the transition from devops to devsecops. It’s designed to test systematic limitations with the goal of improving security and performance under any circumstances. The term is chaos engineering.