Another year, another privacy law on the horizon. In 2018, the big push for compliance with the European Union General Data Protection Regulation (GDPR). In 2019, companies are reeling from the new law governing data protection passed by ballot initiative. The California Consumer Privacy Act (CCPA) intends to place on companies who collect California residents’ personal information. But the question remains, in the morass of regulatory writing, “What is the CCPA?

The discovery of a significant container-based (runc) exploit sent shudders across the Internet. Exploitation of CVE-2019-5736 can be achieved with “minimal user interaction”; it subsequently allows attackers to gain root-level code execution on the host. Scary, to be sure. Scarier, however, is that the minimal user interaction was made easier by failure to follow a single, simple rule: lock the door.

A business wants to hire a vendor. However, this vendor does not meet policy standards and has requested an exception. The question you face is whether or not to approve or deny that exception request. What’s good for business sometimes comes with added risk. In fact, many incidents are the direct result of a policy violation. For risk management, and business needs, maybe the answer isn’t a simple yay or nay but a more nuanced approach.

Today we are very excited to announce our latest release — Sysdig Secure 2.3! In this version of Sysdig Secure, we have invested heavily in hardening the compliance posture of Kubernetes, Docker configurations, and container images. We have released a set of features that provide compliance focused image scanning, guided remediation, compliance dashboards, and more.

MITRE ATT&CK™ (Adversarial Tactics, Techniques and Common Knowledge) is a framework for understanding attackers’ behaviors and actions. We are pleased to announce that AlienVault USM Anywhere and Open Threat Exchange (OTX) now include MITRE ATT&CK™ information. By mapping alarms to their corresponding ATT&CK techniques, we are assisting in prioritizing analysis work by understanding the context and scope of an attack.

Threat hunting is a regularly-occurring activity in any high-performance SOC. But for less savvy organizations, it’s a must-have activity that can mean the difference between a malicious hack or a normal, uneventful day. With the stakes so high, it’s time to look at the history of threat hunting, what it looks like today, and the future of threat hunting – particularly as adversaries become more advanced every day.

From time-to-time we are asked “does our Encoder product protect JavaScript and HTML?” While our ionCube PHP Encoder product with its unique features such as Dynamic and External Keys do a wonderful job protecting the PHP code on your server, the same server protected code at the client side will still present all of the HTML, CSS and JavaScript when viewing the source in the browser.

Over the last century, our technology devices have gone from being clunky systems that require tons of human interaction, to modern machines that seem to have a mind of their own. Our phones can do things like autocomplete sentences before we finish typing, suggest purchases based on sites we’ve visited in the past, and even predict our schedules on any given day based on our prior habits. This is all possible due to the growth of artificial intelligence and machine learning.

“We’re under attack” may be the three least favorite words of every cybersecurity professional out there. Luckily, for USA Today, this doesn’t happen often, however, last year one of our 115 media markets was targeted by a distributed denial of service (DDoS) attack.

UpGuard CyberRisk enables organizations to control and monitor third-party vendor risk in real-time and improve their security posture. Since we launched CyberRisk, our team has been speaking to users and evolved the platform into two new modules, BreachSight and VendorRisk. Combined with a redesigned user experience, UpGuard is easier to use than ever.