August 2020


Aviation cybersecurity: Hurdles of staying secure on the ground and at 36,000 feet

Digitization has made its way into every industry. With this shift comes many benefits as well as the risk of a cyber attack. This is especially true in aviation. No matter how securely companies can build networks to ward off cyber attacks, the risk is never absent. With planes operating thousands of feet off the ground — often full of commercial passengers — a digital attack can potentially cost lives as well as millions in damages.


SCM in Practice: How to Strengthen Your Organization's Security Processes

Security configuration management (SCM) involves maintaining a secure baseline configuration for an organization’s systems and monitoring those assets for deviations from that baseline. This fundamental control pairs well with other elements of an organization’s security strategy. As such, SCM enables security teams to harden their organization’s cloud workloads, industrial environments and other IT assets against digital threats.


What are the Types of Reports on a SIEM Solution?

A Security Information and Event Management (SIEM) solution collects log data from numerous sources within your technical infrastructure. This acquisition and normalization of data at one single point facilitate centralized log management. It allows businesses to generate reports containing security information about their entire IT infrastructure. Reporting, out of many benefits of a SIEM solution, also helps businesses in fulfilling their documentation and compliance requirements.


What Is the EU Cybersecurity Act and What Does It Mean for US-Based Businesses?

During the previous weeks, we provided a thorough overview of the EU NIS Directive, focusing on the Operators of Essential Systems (OES), the Digital Service Providers (DSP) and the compliance frameworks. Our review of the EU cybersecurity policy and strategy would be incomplete without mentioning the EU Cybersecurity Act.


Top Benefits of Using an Employee Time Tracking App

Did you know that you can use your employee time tracking app for more than digitizing worker timecards? Computer monitoring software with timekeeping capabilities is the ideal tool for maximizing company-wide productivity and profitability. Keep reading to learn about the benefits of using an employee time tracking app.


How Cyber Kill Chain Can Be Useful for a SOC Team? (Part 1)

The world is being digitalized more and more. The technological advancements both in terms of hardware and software are grabbing the attention of cyber criminals towards enterprises of each size (e.g., small, medium, and large). The attackers use a complete chain or number of stages to launch a cyber-attack. A Cyber Kill Chain defines all these potential stages and the SOC team can use them to identify, detect, prevent, and contain attack before it causes real damage to the organization.


Use of Machine learning for pricing strategy in e-commerce and retail Industry

Pricing can be a thorny task. Pricing challenges and intense competition in ecommerce markets have shot up drastically in the emerging age of internet because of price transparency. There is always a cheaper alternative or a costlier alternative of almost everything you see on an e-commerce website. Any person with a high threshold of time would explore all the options before investing the money into something.

INETCO Insight for Payment Analytics and Business Intelligence Data Streaming - 3 minutes

Is your ability to harness massive volumes of payment transaction intelligence over multiple card rails, customer facing channels, and disparate data stores a challenge? INETCO Insight accelerates digital transformation with a real-time, 360-degree view of all card usage, channel performance and customer behavior to help identify new ways to acquire customers, deliver more value to existing ones, and enhance profitability through faster reporting, better device placement and targeted service offerings.

Eliminate Mundane Tasks, Improve Productivity with Egnyte and Microsoft Power Automate

If you’re like most people, you spend far too much time repeating manual tasks. Tasks like saving email attachments, tagging files and writing simple emails are probably not the best use of your talent and energy. Multiply all that work by the number of people in your organization, and you get a clear, if alarming, picture of how much time is wasted on non-essential tasks.

Featured Post

Data Protection Vs. Cyber Security: Why You Need Both

In recent years, both large and small organizations have been affected by data breaches. Business owners, C-suite executives, and CIOs face the reality that they can be a target of security breaches at any time. These incidents can jeopardize your organization's credibility besides leading to financial and productivity losses.


ISO 27001 Firewall Security Audit Checklist

Because of additional regulations and standards pertaining to information security, including Payment Card Industry Data Security Standard (PCI-DSS), the General Data Protection Regulation (GDPR), Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA), California Consumer Privacy Act (CCPA) and ISO 27001, organizations are putting more emphasis on compliance as well as the auditing of their cybersecurity policies and cybersecurity controls.


Part Two: The Current State of Bot Attacks

We recently carried out a survey of 200 UK enterprises across e-Commerce, financial services, entertainment and travel. Amongst our objectives, we wanted to discover the state of bot attacks in the surveyed industries. We now know that many businesses use some sort of bot mitigation, and the few that don’t are in the process of doing so. In part 2 of our blog series, we find out which bot attacks represent the greatest risk to businesses.


How to Improve MySQL Security: Top 11 Ways

In the pantheon of open source heavyweights, few technologies are as ubiquitous as the MySQL RDBMS. Integral to popular software packages like WordPress and server stacks like LAMP, MySQL serves as the foundational data platform for a vast majority of websites and cloud services on the internet today. Unfortunately, its popularity translates to more commonly known attack vectors and security exploits —the following are 11 ways to shore up MySQL security and protect your data more effectively.


IIS Security: How to Harden a Windows IIS Web Server in 10 Steps

Microsoft Internet Information Server (IIS) is widely used in the enterprise, despite a less-than-stellar reputation for security. In fact, for many “IIS security” is a contradiction of terms—though in all fairness, Microsoft's web server solution has improved significantly over the years. IIS 8.5 for server 2012 R2 and IIS 10 for 2016 have been hardened and no longer present the dangerous default configurations of older IIS iterations, but can still be further tightened.


Planning Your Vendor Security Assessment Questionnaire [2020 Edition]

Business partnerships require trust, but knowing whether your vendors merit that trust is difficult. With the rise of information technology, the ways in which trust can be broken, intentionally or unintentionally, have multiplied and become more complex. Vendor security assessment questionnaires are one method to verify that service providers follow appropriate information security practices so your business can weigh the risk of entrusting them with your data.


The History of Vendor Risk Scoring

Vendor risk scoring is a practice that has emerged to address the complexity of vendor management by assigning vendors a single score– typically a number or letter grade– to facilitate comparison between vendors and portfolios. The past decades of digital transformation have provided both the need for innovative IT security hygiene assessment techniques and the technological capabilities to gather and analyze the data necessary to give those risk scores predictive power.

ForgeTalks | Your Guide to the ForgeRock Identity Platform - with Mary Writz

Welcome back to another episode of ForgeTalks. The ForgeRock Identity Platform is a workhorse - covering every identity possible and offering a comprehensive set of capabilities. There are few people more knowledgeable about its depth and breadth than Mary Writz, VP of Product Management. In today's episode, Mary compares a tour of our platform to a traveler visiting Paris for the first time. For newcomers, the Eiffel Tower and the Louvre can't be missed.

College Improves Security Posture with Cygilant Cybersecurity-as-a-Service

With back to school upon us for universities, colleges and K-12, and unprecedented IT challenges, today we feature one college Cygilant has helped overcome its cybersecurity challenges with Cygilant Cybersecurity-as-a-Service. Colleges and universities are in a unique situation – they handle some of the most critical data on their networks every day: financial data, healthcare information and research.


How secure is the PDF file?

Portable Document Format (PDF), is this secure or is it something to be suspicious about upon receiving? Jens Müller gave a convincing talk at Black Hat USA 2020, Portable Document Flaws 101, that it is something to think twice about before opening. This article will provide highlights from the insightful talk about the possible PDF-based attacks and the varying security of PDF-readers (purer viewers only and not editors).


Application Security Testing: Security Scanning Vs. Runtime Protection

The application layer continues to be the most attacked and hardest to defend in the enterprise software stack. With the proliferation of tools aimed at preventing an attack, it’s no wonder the application security testing market is valued at US 4.48 billion. Forrester’s market taxonomy breaks up the application security testing tools market into two main categories: security scanning tools and runtime protection tools.


Five OPA and Styra Trends that Prove Kubernetes Adoption

I’m often asked from people outside the cloud-native space how the market is progressing and if Kubernetes is taking off or not. My answer is always the same: Kubernetes is absolutely the de facto approach to managing containerized applications, and, because of that, the market is expanding exponentially. We’re almost two-thirds of the way through 2020, and in the cloud-native space, it’s so far been the year of Kubernetes.


A Typo Shouldn't Impact Your Company's Future

With all the email, documents, Slack messages, and other artifacts that come through my purview each day, I think the language gods will forgive me for a few typos. But I would hate to think that a keystroke error could result in an irrecoverable breach of my company’s most private data. Seems a bit dramatic, no? According to a recent Forbes article, Dropbox users face this very issue when sharing sensitive data.


IoT security explained

The Internet of Things (IoT) is a term used to describe a system of interconnected computing devices that use the internet to send and receive data without requiring human to computer or human to human coordination. The world of IoT encompasses a wide variety of technologies, vendors, and connectivity methods. While cameras, smart kitchen appliances and smart locks often come to mind, IoT devices are prevalent in all industries.


Amazon scammers are becoming oddly specific

A friend contacted me the other day about a scam call purporting to come from Amazon’s customer support department. She wasn’t home at the time, so the scammer left a message stating that a charge of $749 appeared on her account. Of course, she didn’t actually order anything for that price, and, although she suspected it was a scam, something about it caught her attention, so she called the phone number displayed on her caller I.D.


ExpertOps Federal: Managed Services in a FedRAMP Certified Cloud Has Arrived

According to its own website, FedRAMP serves three different of partners: federal agencies, Cloud Service Providers (CSP) and third-party assessment organizations. This article will focus on CSPs and how a good CSP can provide services that provide monetary savings for your agency.


How to Pass an IT Compliance Audit

IT compliance requirements are designed to help companies enhance their cybersecurity and integrate top-level protection into their workflows. But passing an IT security audit can be challenging. Complex requirements, constant changes in standards and laws, and audit processes, and a high number of required security procedures are the key challenges of maintaining compliance. The way out is with careful preparation and smart planning.


5 Reasons to Work with Cygilant

We all know that it’s hard to navigate the cybersecurity space. From tooling to services, recruiting to resource limitations, it poses many obstacles before you can even begin to combat cyber threats. With that said, if you have identified that you need help, cybersecurity-as-a-service is a great option. It allows you to overcome recruiting challenges, resource constraints and provides help on the tools you need to manage, detect and respond to cyber threats.


One Veracoder's Tips for Setting Up a Successful Security Champions Program

My name is Seb and I’m an application security (AppSec) engineer, part of the Application Security Consultant (ASC) team here at Veracode. My role is to help remediate flaws at scale and at pace, and to help you get the most out of the Veracode toolset. With a background as an engineering lead, I’ve run AppSec initiatives for government and global retailers. I’ve found that successful AppSec is all about people.


Malicious advertising SDK causes major privacy concern for 300M iOS users

Chinese ad network, Mintegral, has made headlines this week for allegedly spying on user activity and committing ad fraud. The Mintegral SDK for iOS is said to contain malicious code designed to monitor user activity in order to facilitate ad fraud, and apparently this has been going on for over a year. Like other third-party advertising SDKs, the Mintegral SDK is a tool that helps developers monetize their apps via advertising.


Cyber Security for Chemical Industry

Physical or cyber, security is one of the most essential concerns for chemical industry. In this article, we will take a closer look at the cybersecurity requirements. Keep reading to learn more! With the advancements in the technology and Internet of Things, most processes related to the production, shipment and storage of chemicals heavily rely on the automation and cyber solutions.


Top 10 security best practices for PHP

While developing a PHP web application, a web developer should also be concerned with security best practices. An insecure web application gives hackers the chance to steal valuable information, such as user data or credit card information. In addition, a data breach may have a drastic impact on the credibility and future operations of your organization. To strengthen your defense mechanisms, this article lists 10 important security best practices for PHP applications. Let’s get started!


Informatica + StackRox - Taking "Shared Responsibility" to a New Level to Enable DevSecOps

I’ve had the good fortune to get to know Pathik Patel, head of cloud security at Informatica, over the past 18 months since he became a StackRox customer, and today we’re sharing the news of our joint success story. Across our numerous conversations, he has repeatedly impressed me with his forward thinking on how to innovate security processes, approaches, and tooling to keep Informatica at the forefront of securely enabling sophisticated data management, detailed in this case study.


Massive Trove of Exposed Files Demonstrates Importance of Data Governance

An unsecured AWS S3 bucket with 5.5 million business files was recently discovered by security researchers at vpnMentor. All of these files were publicly available without any password protection or other security protocols attached to them. This kind of thing happens regularly with cloud service providers, and it often occurs when IT teams neglect to set security and compliance rules within their cloud environments.


Security risk assessments explained

This blog was written by a third party author. A security risk assessment is a formal method for evaluating an organization's cybersecurity risk posture. Comprehensive security risk assessments take stock in business objectives, existing security controls, and the risk environment in which the business operates. When done well, the assessment identifies security gaps in existing controls as compared with industry best practices.


IoT Devices in Different Industries and How to Secure Them

Today, data analytics, automation, connectivity, and remote monitoring have made great progress and have brought innovations in every sphere of modern civilization. The digitization in day-to-day human activities has been revolutionized by the Internet of Things (IoT). Based on Gartner’s Forecast database, we can expect that there will be approximately 14 billion devices connected to the internet by 2022. With more devices connected, it will change the way we do business and use resources.


Supply Chain Risk Management - What You Need to Know to Build a Successful SCRM Program

There is a story from years ago about a warehouse network of computers that was separated from the main network. Those machines were running older OSes. But since they weren’t connected to the company network, didn’t hold company data, and only ran the warehouse machines, they were deemed secure. One day, the sysadmin noticed that all of those computers had a glitch at the same time. He remotely rebooted and went back to his desk. But they all glitched again. What happened?


How to Implement Effective Compliance Testing

Compliance testing, also known as conformance testing, is a periodic, independent, and objective assessment of compliance-related processes and/or controls. The goal of compliance testing is to determine whether the elements, processes, and controls of your compliance program are designed appropriately and operating as designed. Compliance testing follows an established process and plan as well as a risk-based approach.


Staying safe in Slack: Blossom Bariatrics counts on Nightfall for HIPAA compliance

The bariatric surgery market is growing year over year in the United States, from 158,000 surgeries in 2011 to 252,000 surgeries in 2018. Over the last decade, weight loss surgery demand has increased, leading to a boom in the number of clinics offering these procedures. Blossom Bariatrics has become one of the premier bariatric surgery clinics in the Las Vegas area. They provide surgical treatment options for weight loss, plus hernia, gallbladder, and anti-reflux surgeries.


GCP OAuth Token Hijacking in Google Cloud-Part 2

Imagine you’ve protected your production Google Cloud environment from compromised credentials, using MFA and a hardware security key. However, you find that your GCP environment has been breached through the hijacking of OAuth session tokens cached by gcloud access. Tokens were exfiltrated and used to invoke API calls from another host. The tokens were refreshed by the attacker and did not require MFA. Detecting the breach via Stackdriver was confusing, slowing incident response.

ForgeTalks | Digital Transformation vs The Aliens

Welcome back to another episode of ForgeTalks. I was joined this week by ForgeRock Chief Evangelist Allan Foster, to talk about digital transformation, COVID-19 and the pivot to remote work and play. For those of you who know Allan, you know he can talk - so get comfy, you're in for a comprehensive discussion on the new digital experiences that have landed here on planet Earth.

Sort, Filter, and Remap API Data in Python

Are you taking data from an API in the format the web services gives it to you? You should not dictate the structure of data inside your application based on how an API provider structures their data. Instead, you can take advantage of the power of Python's list manipulation techniques to sort, filter, and reorganize data in ways that best suit your needs.


Undetected e.05: Cecilia Wik - A Lawyer's Take on Hacking

When is hacking legal? Host and security researcher Laura Kankaala delves into this topic with guest and Detectify General Counsel Cecilia Wik. NOTE: this episode does not give any official legal advice, but Laura picks Cecilia’s brain about the legalities of hacking with her area of expertise, the law. Their discussion covers different laws concerning the information security community such as copyright law, the Computer Fraud and Abuse Act and Wire Fraud Act.


Reducing the Impact of False Positives on Your Resource Workload and Fraud Investigation Speeds

Payment fraud is exploding. So are false positives, customer friction and investigation costs. Unfortunately, as customers continue to pull us down the river of rapid digital transformation, traditional fraud detection systems are being left in the sand.


2020: the year cybersecurity went from a technology problem to a business issue

In March when businesses enforced a work-from-home policy because of the pandemic, many probably thought the move would last a few weeks or so. Well, here we are, in the heat of the summer or depth of winter, depending on your hemisphere, and some businesses are still working remotely, while others have made the return to the office.


3 Areas of Your IT Infrastructure that SCM Can Help to Secure

Gone are the days when security teams could focus all of their efforts on keeping attackers out of the network. There’s no inside or outside anymore. The modern network is porous; it allows greater numbers and types of devices to connect to it from all over the world. This characteristic might serve organizations’ evolving business needs as they pursue their respective digital transformations. But it complicates their security efforts.

CIS Controls: Use Cases and Cost Justification

Across the cybersecurity community, there’s wide agreement that the Center for Internet Security’s 20 CIS Controls act as a gold standard framework for system hardening and attack surface reduction. What’s not so widely agreed-upon is the best way to implement the controls, as organizations have a surplus of cybersecurity solutions to choose from to get the job done.

Your Ultimate Guide to Managing Productivity in a Remote Workplace

The age of the digital nomad is here, and people realize that working 9 to 5 within the confines of an enterprise office isn’t the only way to make a living. Today’s technology allows people to work anytime and anywhere. Even within an office environment, work is often largely carried out online.

Create and Manage API Users in the Veracode Platform

In this video, you will learn how to configure an API service account in the Veracode Platform. To be able to access the Veracode APIs, you must either have a user account or API service account with the required user roles for performing specific API tasks. Before you can configure these two account types, you must log into the Veracode Platform using an account with the Administrator role or Team Admin role. A user account with the required role permissions can access the Results XML API, Upload XML API, and the Mitigation and Comments XML API.

What Are the Ways to Respond to an Unintentional HIPAA Violation?

Accidents or mistakes are bound to happen. Even if healthcare providers and business associates are compliant to HIPAA Standards, there is always a possibility of unintentional or accidental disclosure of Protected Health Information (PHI). Accidental disclosure of PHI includes sending an email to the wrong recipient and an employee accidentally viewing a patient’s report, which leads to an unintentional HIPAA violation.


How IT-OT Security Has Changed in the Wake of COVID-19

After the global outbreak of coronavirus 2019 (COVID-19), organizations quickly transitioned to remote work in order to enforce social distancing and to keep their employees safe. But this work-from-home arrangement opened up organizations to more risk as well as less redundancy and resilience.


Selecting the Best SOAR Solution Series: Case (Management) in Point (Part 3)

Welcome to part 3 of our series examining how to select the best security, orchestration, automation and response (SOAR) solution for your business. In part 1, we defined what SOAR platforms set out to do at their core. In part 2, we listed the key core competencies that you can expect to find in a SOAR solution. In part 3, we are going to dive deeper into one of those core competencies: case management.


Cloud Storage Security: Common Issues, Best Practices and Software Solutions

Cloud storage has become mainstream. It is one of the fastest-growing segments of IT spending and an indispensable tool for many modern businesses. However, not enough is being done to secure data residing in the cloud. According to Gartner, 90% of organizations that fail to control public cloud use will share information inadvertently or inappropriately through 2025. Almost all cloud security failures will be due to the cloud customer, not the service provider.


Getting cyber security buy-in from the board

As any seasoned cyber security professional will tell you, good security only works when it’s embedded as culture within an organisation – and that must come from the top. But sometimes, the top doesn’t want to know. Even with recent events highlighting the vital importance of cyber security and the average cost of a breach reaching an eye-watering £3 million, many organisations still struggle to get security on the boardroom agenda.


How to reduce your attack surface

In a fast-paced tech environment, the potential attack surface increases with each release. Tech companies can no longer only safeguard themselves with a firewall alone and network monitoring. Web applications are the new perimeter that security warriors are tasked with protecting as they can introduce new entry points into the company infrastructure. We look at how you can reduce attack surfaces.


How to Move Your Innovations Along on the Application Security Range

In our third installment of a six-part series on how CISOs can find success in the “Wild West” of application security, we’ll take a look at what equipment is needed to bring innovation to market without falling prey to an outlaw. Stick with us as we travel through this modern territory of security while offe­ring up unique insight on how CISOs today can find a secure home on the range.


TL;DR: NIST Guidance on Zero Trust Architecture (ZTA)

On 11 August, the National Institute of Standards and Technology (NIST) released a 50-page guidance document on Zero Trust Architecture (ZTA), specifically with the enterprise in mind. It is not intended to be a single deployment plan for ZTA as every enterprise will have unique use cases and assets that need protection. We’ve poured over the guidance to provide a TL;DR, you can read the full publication here.


Data enrichment for hyper-personalization

Back when everyone wanted long, thick dense hair bun to flaunt their beauty, it was easy for businesses to market a hair oil highlighting the benefits and ingredients. Soon, as times changed, competition increased, the market became consumer centric, it was the time to create differentiation in the product by making the consumer recognize different hair problems.


Security policies for your remote workforce

Current events are driving dramatic changes to many business industries around the planet. One of the most notable shifts is how the office-based framework for employees transformed to a remote workforce environment. Remote working has now become the norm for many enterprises and organizations worldwide. While the remote working environment is not new in the market, it has gained momentum because of the current pandemic. Many people are now turning their home to be their extended office.


Work from home cybersecurity explained: should your business have a WFH policy?

Global organizations are sharpening their strategies that enable their employees to work from virtually any location at any time. But working in different types of remote settings brings with it the potential for significant cybersecurity threats that must be anticipated, defended against, and quickly remediated. Working outside the traditional office setting has accelerated during the past decade.


Drovorub "Taking systems to the wood chipper" - What you need to know

On August 15th the NSA and FBI published a joint security alert containing details about a previously undisclosed Russian malware. The agencies say that the Linux strain malware has been developed and deployed in real-world attacks by Russian military hackers.


The Impact of Lockdown Remote Working-A Conversation with the Law Firm Herbert Smith Freehills

Recently I participated in a webinar with Toks Oladuti (Netskope customer, and senior IT security manager at the international law firm Herbert Smith Freehills), and my colleague Neil Thacker (Netskope’s CISO EMEA). The conversation was hosted by Janet Day, a long-time technology consultant to the legal industry. During the webinar, we touched on a lot of topics and I was particularly interested to hear Toks’ stories of HSF’s journey to the cloud.


Our Favorite Web Vulnerability Scanners

Web vulnerability scanners crawl through the pages of web applications to detect security vulnerabilities, malware, and logical flaws. They do this by generating malicious inputs and evaluating an application’s responses. Often referred to as dynamic application security testing (DAST), web vulnerability scanners are a type of black-box testing; they perform functional testing only and don't scan an application’s source code.


How I Found Myself in a Command Line vs. GUI Meeting

“Ev, do you have time later today to discuss the new web GUI for the command line terminal?” said the Slack message. It came from Alex, our user experience chief and the product in question is the SSH client. Part of me was worried. The command line environment had a sanctuary where I found peace and happiness away from the world of browser-based tools.


gRPC Anywhere

Many applications rely on gRPC to connect services, but a number of modern load balancers still do not support HTTP/2, and, in turn, gRPC. In an earlier blog post, we showed a way to take advantage of the gRPC-Web protocol to circumvent this issue. That solution works well for non-client-streaming gRPC calls — with this new approach, we can support client/bidirectional-streams.


How to check the effectiveness of phishing

You can install the latest generation of security software to protect against evil hackers, but what is the use of it if your employees continue to follow phishing links? Several security companies conduct social and technical research of real-life phishing attacks aimed at different businesses and are impressed with the scale of the problem.


User and Entity Behavior Analytics (UEBA) explained

User and Entity Behavior Analytics (UEBA) is an area of cybersecurity that focuses on analyzing activity – specifically user behavior, device usage, and security events ­– within your network environment to help companies detect potential insider threats and compromised accounts. While the concept has been around for some time, it was first defined in detail by Gartner in 2015 in its Market Guide for User and Entity Analytics.


Zero Trust Network Access (ZTNA) explained

This blog was written by a third party author In today’s ever-changing cybersecurity landscape, Zero Trust is here to stay. Before the concept of Zero Trust was well known, organizations followed the belief that anything within the network is trusted, and anything outside of it is untrusted. Zero trust is built on the idea that all traffic, whether incoming or outgoing, should be inspected, regardless of the source.


Snail Mail With a Privacy Twist

A friend of mine received an interesting piece of snail mail the other day. It was one of those inheritance scam letters that usually arrive in E-Mail. In summary, the author, a high-ranking bank official, has an unclaimed inheritance that he is willing to split with the letter’s recipient if the recipient will accept the responsibility of being appointed as the heir to the deceased’s money, etcetera, etcetera. As you can see, it bears all the earmarks of the traditional scam message.

Netwrix Auditor for Exchange - Overview

Netwrix Auditor for Exchange simplifies IT auditing across your Exchange Online and on-premises Exchange environment and provides actionable audit data, all in one place. See who has access to what, monitor non-owner mailbox access events, and track Exchange configuration and permission changes, so you can prevent data breaches, prove IT compliance and ensure ongoing availability of email services.

Netwrix Auditor for SharePoint - Overview

Netwrix Auditor for SharePoint empowers you to reduce the exposure of sensitive data and detect suspicious user behavior and policy violations before they result in data leaks or business disruptions. Plus, its ready-to-use intelligence enables you to automate many of the compliance and security-related tasks that until now required hours to complete so you can meet the demands of your organization without constantly being overburdened.

Tracking COVID-19's Effect on Remote Working by Industry and Geography

The COVID-19 pandemic caused an abrupt and dramatic shift to remote work that has lasted five months so far and is expected to continue into 2021 as companies like Google have extended their work from home policies through July 2021. In this blog, we examine how geography and industry effect who works remotely during the COVID-19 pandemic.


5 Steps Towards Improved Cybersecurity with Continuous Security Monitoring

The challenges to cybersecurity grow more every day. One way to stay on top is to use security monitoring as part of your arsenal of weapons. Here are 5 ways security monitoring can help. The best way to effectively communicate threats iis to have a common language. Create what is called an “apples-to-apples” framework for threat assessment. The easiest way to open your network to threats is to talk at cross-purposes. To avoid that, create a table of risk priorities and ranks.


Cybersecurity in Hospitality Industry

With the invention and widespread use of new technologies, many processes related to the hospitality industry are reliant on the use of internet and electronic devices. Keep reading to learn how you can keep your business safe while keeping up with the technology. As of today, we can book a hotel room, specify our needs regarding the stay (e.g. extra towels, room service, airport shuttle etc.) and even pay for it using only our smartphones.


Accomplish More with Less with the Basic CIS Controls

Data breaches are a common occurrence in the world we live in today. Whether its personal data that relates to an organizations’ customers or data referencing the inner workings of an organization’s infrastructure, when it falls into the wrong hands, the consequences are disastrous. It’s for that reason that organizations need to ensure that they have all of the necessary controls in place so that their data is safe and secure.

Webinar | Best Practices for SSH + Auditing w/ Panther | Gravitational | Gus Luxton | Jack Naglieri

In this webinar, Ev hosts a conversation with Gus Luxton, Gravitational DevOps Engineer, and Jack Naglieri, CEO of Panther Labs, about SSH, why certificate authorities are a must have, how to audit that activity, and what to do with those audit logs once you have them. Both Gus and Jack demo the open source platforms that they are working on Teleport, and Panther.

What's New in Kubernetes 1.19? New Features and Updates

The last several months have been a busy time for the Kubernetes community, and especially the Kubernetes release team, amid the challenges caused by the ongoing pandemic. The Kubernetes project itself has felt the impact, with the upcoming release of version 1.19 having been postponed and the project’s release schedule adjusted to accommodate the ongoing disruption to people’s lives.


How Your SOC Team Can Triumph With Tabletop Exercises

Tabletop exercises are a proven, hands-on way to learn how your team will handle unforeseen cyber emergencies while also helping to clarify roles and responsibilities. Although many existing online resources provide the basic elements of simulating a cyber incident, not as available is an understanding of what is required to experience true success. This white paper shares five master tactics for winning at tabletop exercises, courtesy of Siemplify security operations experts who have personally performed these crisis preparation activities, uncovering secrets you may not have considered.

Security concerns and solutions regarding blockchain use in healthcare

The healthcare industry is transforming with the integration of ground-breaking technologies capable of storing patient records electronically. The shift to the digitization of systems makes a variety of healthcare solutions possible that never could have been imagined — but it also puts healthcare data at risk to hackers and cyber attacks. In answer to this problem, blockchain technologies are emerging as a viable option for the storage and updating of electronic health records (EHRs).


Taking Care of Your Data Responsibilities in a Shared Responsibility Model in the Cloud

“Send it to the cloud” has been the increasingly common response over the years for dealing with the issue of how to handle massive amounts of data. On one side, I understand it. Another infrastructure owned by a third party who has teams dedicated to implementing security by design, continuous testing and validation – this all sounds attractive.


ISO Audit Tips

During an internal International Organization for Standardization (ISO) audit, your company assesses its quality management system (QMS) to determine if it complies with ISO 9001. Companies use the ISO 9001 standard to demonstrate that they can consistently provide products and services that meet customer needs and regulatory requirements. Organizations also use ISO 9001 to demonstrate that they are continually improving their products, services, and processes.

Siemplify for Service Providers: Product Overview

This video is for service providers that want to learn how to use the SIemplify Security Operations Platform to deliver successful services and satisfy your customers. With more focus on service providers than any other SOAR vendor, Siemplify provides everything you need to deliver high-value security services at scale while keeping your customers delighted and your margins healthy.

What is an MSSP (Managed Security Service Provider)?

Some organisations fully outsource their cyber security requirements to MSSPs, while others only outsource specific aspects. MSSPs differ from MSPs (Managed Service Providers) in that they specialise in cyber security. By contrast, MSPs are more focused on the remote management of IT infrastructure. Many MSPs do offer security services but, owing to the highly specialised nature of cyber security, some chose to partner with MSSPs.


5 Cyber Threats That Won't Disappear After The Pandemic

In 2020, security trends have mutated in a matter of months. Since February, the FBI has reported a 300% jump in reported cybercrimes related to the COVID-19 pandemic. The Federal Trade Commission (FTC) alone has registered over 18,257 COVID-19 security complaints that consequentially equates to nearly $13.44 million in losses.


Use Javascript's Array Methods to Handle API Data

Manipulating data is a core skill for any developer. In an API-driven environment, so much of the data you receive is formatted in a way that doesn't directly match the way that your application or UI needs it. Each web service and third-party API is different. This is where the ability to sort, normalize, filter, and manipulate the shape of data comes in. In this article, we'll explore some common ways to work with data in Javascript.


7 Questions to Ask When Prioritizing a Vulnerability

Vulnerability management is a tough but essential part of business risk management. It is an ongoing process to assess and manage risk. Imagine you just got the results of a vulnerability scan from a scanner. The data is overwhelming, hundreds or thousands of potential vulnerabilities detected. You cannot reasonably remediate every single vulnerability detected, and many may be false positives, but how do you determine which vulnerabilities to fix and which to accept the risk?


69% Say Their AppSec Is Effective but Don't Have Tools to Measure It

Veracode recently sponsored Enterprise Strategy Group’s (ESG) survey of 378 developers and security professionals, which explored the dynamic between the roles, their trigger points, the extent to which security teams understand modern development, and the buying intentions of application security (AppSec) teams.

xona systems

3 Priorities For Securely Transitioning to Remote Plant Operations

Few industries are undergoing a digital transformation as quickly or as thoroughly as the energy sector. Complex market forces and unique challenges have converged to create an environment where new digital solutions are required to produce greater efficiencies, better safety standards, and a more compelling work environment. A critical part of this change is a transition to a remote environment, which has only accelerated in response to the Coronavirus pandemic.


Cloud security

There’s no doubt that the adoption of public cloud deployments has accelerated for most organizations recently. In fact, according to metrics released by Oracle recently, nearly half (49%) of all respondents to the Oracle and KPMG Cloud Threat Report expect to store most of their data in a public cloud by the end of 2020. Effectively managing the security and compliance of public cloud deployments can be tricky for many organizations.


From Customer to Employee - A Tripwire Journey

Tripwire is very much household name within the cybersecurity community. It’s been around from the early days of creating intrusion detection software that would later be known as File Integrity Monitoring (FIM) all the way through to deploying a portfolio of products that focuses on SCM, Vulnerability Management, Asset Management, Industrial Cybersecurity and much more!


Security Execs' Advice on Overcoming the Challenges of Remote Work

At the outset of the global coronavirus 2019 (COVID-19) pandemic, many organizations decided to enforce social distancing by requiring that their employees begin working from home. This decision changed the fundamental way in which many employees were accustomed to working. It also created new security challenges for organizations that had larger remote workforces.


Part One: How Well Do UK Businesses Understand Bots?

Data breaches are becoming increasingly common, with cyber criminals able to gain quick and easy access to usernames and passwords. Despite efforts to inform consumers about cybersecurity best practices, many still use the same weak passwords across multiple accounts. Netacea, along with independent researchers Coleman Parkes, recently carried out a survey 200 UK businesses to discover how well the bot threat is understood across travel, entertainment, e-commerce and financial services.


The Secret to Reducing False Positives: You will only be as good (and fast) as your data

As efforts increase to protect customers from card-present and card-not-present fraud, there is an increasing risk lurking for banks and retailers: false positives. According to KPMG’s 2019 global fraud survey, 51% of respondents reported a significant number of false positives resulting from current technology solutions and decreasing efficiencies in fraud detection.


SCM: Understanding Its Place in Your Organization's Digital Security Strategy

Digital attackers can compromise a system in a matter of minutes. But it generally takes organizations much longer to figure out that anything has happened. In its 2020 Data Breach Investigations Report (DBIR), for instance, Verizon Enterprise found that more than half of large organizations took days or even months to detect a security incident. Such dwell time gave attackers all they needed to move throughout an infected network and exfiltrate sensitive data.


The Forrester Wave: Global Managed Security Services Providers, Q3 2020

AT&T Cybersecurity is ranked among the top managed security service providers in The Forrester WAVE™: Global Managed Security Services Providers, Q3 2020. Among the findings, Forrester recommends customers look for MSSPs that can offer remediation support across hybrid environments and help create efficiencies within your environment. AT&T Cybersecurity managed security services offers: The report notes key differentiators as: native cloud support, automation, and remediation.


Most Popular HIPAA-Compliant Cloud Storage Services

Cloud computing provides undeniable benefits for storing and accessing electronic health records. Files stored in the cloud are accessible anytime and anywhere from any device, which makes it easy to share critical medical information between healthcare workers. But is cloud storage secure enough to store, access and transfer sensitive personal and medical information?


Crowdsource Success Story: From an Out-of-Scope Open Redirect to CVE-2020-1323

Scope-creeping doesn’t always end up in a 0-day with a CVE assigned, and this was the fortune of Detectify Crowdsource hacker, Özgür Alp. He is an ethical hacker with 7+ years experience, well certified within offensive security and also high ranked on hacker leaderboards. Here is his success story on how he, with the help of the Detectify Crowdsource team, turned an open redirect into a public disclosed vulnerability known as CVE-2020-1323.


10 Elements of the Most Effective Application Security Programs

Veracode’s Chris Wysopal and Chris Eng recently joined Enterprise Strategy Group (ESG) Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast, Graham Cluley, at Black Hat USA to unveil the findings from a new ESG research report, Modern Application Development Security.


How to Maintain Service Oriented Architecture Security

Service Oriented Architecture has been one of the buzzwords in the cyber security community for a while. In this article, we will discuss what it is and how you can implement SOA security. What is Service Oriented Architecture Security? Service Oriented Architecture (also known as SOA) refers to a unique style of software design. In Service Oriented Architecture, the services are provided by application components using a communication protocol over the network.


AlienApps and plug-ins combined into one framework

The heart of any detection and response solution is the ability to collect events from the environment, perform corrective response actions, and integrate with customer workflows. Today, we’re proud to announce the launch of a complete redesign of the user interface for these third party integrations.


Integrating the Risk Management Framework (RMF) with DevOps

Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cybersecurity assessment.


How Remote Work is Reshuffling Your Security Priorities and Investments

Roughly five months into the pandemic, stark stories of unsustainability have emerged, from personal debt caused by months-long unemployment to restaurant capacity restrictions to the number of coronavirus cases themselves. Eventually something has to give. But at least one area of life that was knocked off its atlas when the virus came bearing down in March appears to have no other option but to forge on: remote working.


Audit Checklist for SOC 2

If your company is a service organization and your customers trust you with their data, you may need to pass a SOC 2 (System and Organization Controls 2) audit. Compliance and certification are the goals of a SOC 2 audit. Because the integrity, confidentiality, and privacy of your customers’ data are on the line, they’ll want you to prove that you have the internal controls in place to protect that data. The SOC 2 compliance audit gives them that assurance.


Why Security Monitoring and Vulnerability Management

Selecting your cybersecurity tools and services can be overwhelming. There are so many vendors, so many tools, and so many threats. If one of your biggest problems is resourcing to help you meet all your cybersecurity requirements, then a cybersecurity-as-a-service provider can help. Security monitoring and vulnerability management are two services that when working together can help you prevent cybersecurity threats.


8 Important Factors to Look for in a SOC as a Service Provider

When sourcing SOC as a service, it's important to know what you should expect from the provider. Discover 8 important factors to look for when choosing a SOC as a service provider. Experts believe that the cybersecurity problems companies are facing will increase in frequency and complexity – and that the demand for new cybersecurity professionals will outpace supply, making it even harder than before to bring talented people into your organization.


Now Is The Perfect Time For CISOs to Tame the Security Frontier

This is the second installment of a six-part series offering guidance to CISOs who tell us finding success in the world of application security is a lot like trying to survive in the “Wild West.” After listening to their individual concerns and challenges, we’ve decided to share our unique insights on how these digital frontiers can be tamed and what it takes to become an effective security pioneer in this modern age.


Breaking Down Risky Open Source Libraries by Language

You work hard to produce quality applications on tight deadlines, and like every other development team out there, that often means relying on open source code to keep projects on track. Having access to plug-and-go code is invaluable when you’re racing the clock, but the accessibility of open source libraries comes with a caveat: increased risk.


License Compatibility: Combining Open Source Licenses

Free and open source software (FOSS) components have become the basic building blocks of our software products, helping today’s developers build and ship innovative products faster than ever before. Many developers tend to forget that while open source licenses are free, they still come with a set of terms and conditions that users must abide by.


Security risks of digital transformation in the Public Sector

Every company is undergoing its own digital transformation project, but there is a clear gap between the public and private sectors; analyst research suggests that governments have a low to moderate maturity when it comes to digital. Gartner highlights that due to inflexible business models that aren’t easy to disrupt, government agencies struggle with digital transformation.


What Will You Choose - Big Brand or the Most Intelligent FIM & Change Control Solution on the Market?

There are two things that you might consider when selecting a File Integrity Monitoring (FIM) and Change Control solution – 1) Depth of useable features such as efficiency in suppressing change noise and 2) Brand recognition. Some organizations might choose smart features such as powerful, closed-loop intelligent change control over the brand while some might focus on the brand name at the risk of not paying as much attention to the software’s really useful features and capabilities.


Protecting Against Kubernetes Threats: Chapter 7 - Discovery

Part seven of our nine-part blog series – where we examine each of the nine MITRE ATT&CK tactics and techniques for Kubernetes – examines the technique known as Discovery. The tactics in this category are intended to help an attacker effectively explore a Kubernetes environment to achieve lateral movement and gain access to a wider scope of resources with or beyond the cluster.


Being onsite for an assessment is better, but a lot of it is possible remotely

The way we shop for groceries has changed because of the unusual circumstances the world is in today. Instead of spending as much time physically in the store selecting our own items, we now have the option to order online and arrange for a time to pick them up, or better yet, have them delivered. Of course, there may be a few items you’d prefer to go in and see in person, like fresh produce.


What is endpoint protection? Endpoint security explained

5G is here and changing the way business is done. With this comes an increase of devices to take advantage of low latency and high bandwidth that will allow businesses to truly transform. Because of those devices, the attack surface is also rapidly expanding and will increase opportunities for bad actors. This new wave of endpoints presents both a business opportunity and a business risk. The need for proper endpoint protection is more important today than ever before!


Survey: 76% of IT Pros Say It's Difficult to Maintain Security Configs in the Cloud

Cloud misconfigurations are no laughing matter. In its “2020 Cloud Misconfigurations Report,” DivvyCloud revealed that 196 separate data breaches involving cloud misconfigurations had cost companies a combined total of approximately $5 trillion between January 1, 2018 and December 31, 2019. The problem is that those costs could be even higher; as reported by ZDNet, 99% of IaaS issues go unreported.


Google App Engine, Azure App Service Abused in Phishing Campaign

A phishing campaign abused both the Google App Engine and the Azure App Service to steal victims’ Microsoft Outlook credentials. Netskope observed that the attack campaign started with a shortened link distributed by a phishing email. This link redirected a recipient of the email to a Google App Engine domain.


Cybercriminals Are Infiltrating Netgear Routers with Ancient Attack Methods

It would be heartening to think that cybersecurity has advanced since the 1990s, but some things never change. Vulnerabilities that some of us first saw in 1996 are still with us. If you don’t believe me, just take a look at the news. Last month, Virginia-based cybersecurity firm GRIMM announced that they had found a vulnerability that affects many Netgear home WiFi routers. The cause? Outdated firmware that allows remote users to access the administrative systems in these routers.

outpost 24

Fix now: High risk vulnerabilities at large, August 2020

Since April 2020 we’ve been writing about the latest CVEs to look out for in our risk based vulnerability management blog. Going into August we are highlighting a CVE affecting a popular password vault – KeePass, along with a few interesting ones. Read on for more information on how to prioritize these vulnerabilities for patching to mitigate risk.


A Big Catch: Cloud Phishing from Google App Engine and Azure App Service

Threat actors are leveraging top tier cloud apps to host phishing baits. Netskope Threat Labs has identified an ongoing O365 phishing campaign hosted in Google App Engine with the credential harvester mostly hosted in Azure App Service. This phishing campaign typically targets O365 users via phishing emails with a direct link or attachment.


3 Roadblocks to Achieving Vulnerability Management for Resource Constrained Companies

Managing vulnerabilities is a time-consuming task, particularly for resource constrained companies that don’t have the time, staff or sometimes expertise to investigate. With vulnerabilities caused from complexity, familiarity, connectivity, poor password management, OS flaws, software bugs, unchecked user input and people, it’s hard to keep up. But vulnerabilities can be exploited. Vulnerabilities need to be quickly detected and remediated before they can be exploited.


SCADA Cybersecurity Framework

SCADA stands for Supervisory Control and Data Acquisition. It is a control system architecture that comprises computer systems, networked data communications, and Graphical User Interface (GUI) for a high-level process supervisory management. In addition, SCADA also incorporates other peripheral devices such as discrete Proportional Integral Derivative (PID) and Programmable Logic Controllers (PLC) to interface with process machinery or plant.


What CCPA means for your security practices

While you may have heard of CCPA, the California Consumer Privacy Act of 2018, it can be hard to know what it means for your organization. In particular, what does it mean for your organization’s security practices? Like GDPR (General Data Protection Regulation) before it, which despite being an EU regulation changed practices around the world, CCPA affects more than California. It’s something that all organizations around the world will need to pay attention to and comply with.


SSH vs. kubectl exec

Let’s have a look at two popular ways of opening remote shells: the good ol’ ssh and its modern counterpart, kubectl exec. Below, I will only look at the “kubectl exec” subcommand and its friends. kubectl itself is a swiss-army knife for all things Kubernetes. Comparing all of it to ssh is like comparing systemd to BSD init. Also, I will use “SSH” to mean “OpenSSH”, which is the de-facto standard for SSH protocol implementation.


Bot Detection - Tips to secure your payment ecosystem from account takeover attacks

With an estimated 37.9% of all internet traffic attributed to bots, and bad bots accounting for more than 50% of that, retailers and financial organizations are struggling to defend against a constant barrage of account takeovers, credential stuffing, card cracking attacks and fake account creation.


Continuing our Fed Momentum with DHS

Right on the heels of last week’s news that we’re providing Kubernetes security for DoD’s Platform One software factory, we’re excited to share today that we’ve been awarded a Phase III contract with the Department of Homeland Security. In this stage of our partnership, we’re deploying our Kubernetes Security Platform to protect running systems at a large U.S. bank.


How Egnyte and Microsoft Tackle Content Governance for Teams

I sometimes wish someone with gravitas had said, “There is no content without security.” That would have looked good coming from Churchill or Lincoln. But their lack of foresight about content services doesn’t diminish a very important fact, one that carries its own brand of import: the importance of security and governance for a company’s critical data.


New Agent Tesla Variants Capable of Stealing Data from VPNs, Browsers

Some new variants of the Agent Tesla infostealer family are capable of stealing data from multiple VPN clients and web browsers. SentinelOne observed that attackers continue to deploy Agent Tesla across various stages of their operations, as this malware enables criminals with even low levels of technical expertise to manipulate and manage their victims’ infected devices.


The Importance of ISO Certification in Manufacturing

For organizations that manufacture any type of product, overall quality and customer satisfaction are extremely critical. This is particularly important for companies that manufacture complex products, such as vehicles or medical devices. Note that vehicle manufacturers, particularly in the United States but also in other countries, have established their own quality standards for third party suppliers.


Redscan shortlisted as a Cyber Security Awards 2020 finalist

We have been shortlisted for: The Cyber Security Awards were established in 2014 to reward the best individuals, teams and companies within the cyber security industry. Excellence and innovation are core themes throughout all categories. The winners this year will be announced in a virtual ceremony held on September 10th at 5 pm BST. Organiser, Christina Price, said “Despite the challenges of 2020, we have received a record number of entries.


4 Steps to Ensuring Efficient Cybersecurity Monitoring in US Educational Institutions

Education is a strictly regulated industry in which robust cybersecurity protection is a must. Data breaches can cost a fortune for schools and universities, since the loss of students’ personal information and other critical data brings reputational damage alongside fines for regulatory non-compliance. In the US in 2019 there were 348 publicly disclosed K-12 school-related cybersecurity incidents — triple the number in 2018.


Identify API Incidents with Built-in Anomaly Rules

One of Bearer's super powers is anomaly detection. Anomalies are unexpected issues that happen when making an API call. These could be high error rates, unexpected response codes, latency spikes, and more. By monitoring APIs with anomaly detection, we can identify problems with an API or within your application. Anomaly detection makes debugging easier and can help you identify API performance issues that affect your end users.


New ESG Survey Report: Modern Application Development Security

As organizations continue to adopt DevSecOps, a methodology that shifts security measures to the beginning of the software development lifecycle (SDLC), roles and processes are evolving. Developers are expected to take on increased security measures – such as application security (AppSec) scans, flaw remediation, and secure coding – and security professionals are expected to take on more of a security oversight role.

Facilitating Data Loss Prevention with Netwrix Solutions

Safeguarding business-critical and regulated data like customer records, financial information and intellectual property is critical to the success of the entire organization. However, your goal should not be to build a fortress. Rather accept that your network will inevitably be breached from the outside and attacked from within, so you should build a layered defense strategy that helps you both minimize your attack surface and spot suspicious behavior in time to respond effectively.

Office 365 Administrator's Guide

If you are just getting started with Office 365 or you want to master its administration, this guide is for you. The beginning features very easy tasks, including provisioning and de-provisioning of Office 365 user accounts. Then it offers guidelines on managing licenses and explains how to administer different applications using both the Office 365 admin console and PowerShell. Last, this Office 365 tutorial (.pdf) provides more advanced guidance, helping you set up a hybrid environment, secure your cloud-based email application with encryption and spam filtering, and more. After reading this guide, you'll also know how to troubleshoot Office 365 issues, ensuring a seamless experience for your business users.

Don't call it a SIEM - How USM Anywhere does threat detection and response differently

Security Information and Event Management (SIEM) solutions have been the foundation of enterprises’ security operations and threat detection & response. Even though USM Anywhere has many key SIEM features, it is much more than a SIEM. Why? To perform threat detection, SIEMs and purpose-built threat consoles collect data from security devices. These include network firewalls, endpoint devices, & vulnerability managers to directly from the cloud.


Cybersecurity risk management explained

Cybersecurity risk management is the practice of prioritizing cybersecurity defensive measures based on the potential adverse impact of the threats they're designed to address. Establishing a risk management approach to cybersecurity investment acknowledges that no organization can completely eliminate every system vulnerability or block every cyber-attack.


Cyber threat intelligence explained

The cybersecurity industry is increasingly producing enormous amounts of raw threat data. The sheer volume of information threat researchers must sift through makes it difficult to collect, analyze, and research that data in a timely manner. This in turn limits their ability to understand what data is valid and useful and whether threat artifacts will result in legitimate threat indicators.


The Importance of Content for Security Tools like Tripwire

Have you ever stood in the airport security line when the agents bring the dog out to inspect everyone’s luggage? I’m always so fascinated watching the dog go down the line and do her work. Wow she’s so smart! How does she know what to look for? My own dog has talents of her own, but she would not get hired for this job. She has a good functioning nose, but she’s not trained to detect these things and wouldn’t be able to tell me when she finds something troublesome.


Netskope Threat Coverage: GuLoader

GuLoader is a sophisticated malware downloader that stores its payloads in Google Drive and Microsoft OneDrive. In addition to using popular cloud apps to evade network-based detection, it uses anti-VM techniques to evade sandbox analysis. Since it was first discovered in December 2019, GuLoader has become one of the top malware delivery mechanisms observed in the wild. It is used by multiple threat actors to deliver a variety of threats, most commonly remote access Trojans (RATs).


Managing Content Sprawl in Microsoft 365

Sprawl happens when anyone and everyone can create a site or team, usually without oversight, planning, or any kind of formal training, resulting in dozens/hundreds of rarely used or abandoned sites and teams, a poorly-performing search experience, and your intellectual property (content and conversations) spread across multiple locations each with a maze of chats, files, and channels.


Secure Office 365 for Remote Access

We have seen a marked move to remote work in recent months. While the times have been troubling and stressful in many ways, there has been a flip side. Many of us have found newfound freedoms in how and where we work. With these freedoms come risks. While we can access our email, files and other communications remotely, many have not stopped to ask; are we too open? What level of remote access does each employee need and more crucially what do they not need?


The State of Civil Aviation Cybersecurity

Technology and cyber systems have become essential components of modern society. Despite the benefit of cyber technologies, insecurities arise. These could affect all systems and infrastructures. More than that, the threat of a cyberattack could very well have a transnational component and effect as worldwide systems become increasingly interconnected.


How Can Companies Protect Themselves Against Drive-By Cyber Attacks?

Drive-by download attack is one of the most popular methods employed by hackers nowadays. What is it? How can you protect your organization from it? Keep reading to learn! Malware attacks have been preserving their popularity amongst the hackers for a while. They are relatively easy to implement when targeting medium to small scale organizations, they can go unnoticed for a very long time and extract information from the target quietly.


GCP OAuth Token Hijacking in Google Cloud - Part 1

If an attacker compromises a Google Cloud Platform (GCP) user’s device, he can easily steal and abuse cached credentials, even if MFA is enabled. In this blog post, we will demonstrate an attack in real Google Cloud environments, involving: We will use realistically configured Google Cloud environments, as well as client machines where the initial compromise would happen.


Live from Black Hat: Breaking Brains, Solving Problems with Matt Wixey

Solving Puzzles has been a very popular pastime for InfoSec professionals for decades. I couldn’t imagine a DefCon without the badge challenge. At Black Hat 2020 Matt Wixey, Research Lead at PwC UK, didn’t disappoint as he presented on parallels between puzzle-solving and addressing InfoSec problems.


The US bans TikTok, what does that mean for the millions of users that still have it installed?

Social media app TikTok continues to stir controversy because of its ties to China. While the company appointed an American CEO in an effort to rebuild the trust of the US, that doesn’t change the fact that TikTok is owned by Beijing-based company ByteDance. US Administration officials have been looking at the national security risk specifically as it relates to the gathering of information on American citizens by a foreign adversary.


Poor Data Governance Cost Capital One $80 Million

Last year, Capital One showed the world why data governance is so important when it was the victim of a massive data breach that exposed the personal data of 106 million customers. It is still one of the biggest hacks ever recorded, and the company has now been fined $80 million by banking regulators. A “what’s in your wallet” meme would work great here, but let’s keep this classy.


How to secure Syslog with USM Anywhere

One of the requests we often get is how to securely forward logs to the USM sensor. To forward logs securely, the one component that is required is an SSL certificate. By default, USM has a self-signed certificate that will allow sending secure logs over port 6514. Some platforms, such as Palo Alto Networks, require publicly signed certificates by default. In this blog, we will walk through the process of generating a publicly signed certificate for use with USM.


The Center for Internet Security (CIS) Use Cases and Cost Justification

Vince Lombardi, the famous football coach, used to start his training camp each season with a talk about doing the basics. He’d tell the players that they start with the basics, then he’d take a football and hold it up and tell them, “This is a football.” In football, as in life and IT Security, starting with the basics is the most important step you can take. Don’t assume anything. So, let us begin with the basics. CIS is the Center for Internet Security.


Compliance Overview for the Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification (CMMC), drafted by the Department of Defense (DoD), is a new standard set to enhance supply chain security and augment the NIST SP 800-171—Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations. A key difference between the NIST SP 800-171 and a CMMC is the removal of a self-attestation component in favor of a third-party assessor model.


Netskope Joins with Crowdstrike, Okta, and Proofpoint to Secure Remote Work Any Time, Anywhere, at Scale

Netskope, CrowdStrike, Okta, and Proofpoint are joining together to help better safeguard organizations by delivering an integrated, Zero Trust security strategy that is designed to protect today’s dynamic and remote working environments at scale.


Live from Black Hat: Healthscare - An Insider's Biopsy of Healthcare Application Security with Seth Fogie

Healthcare providers heavily leverage technology. In his talk, Seth Fogie, information security director at Penn Medicine takes apart different vendor systems at the “fictitious” Black Hat Clinic. Fogie gives a lot of examples and drives home the point that you shouldn’t just look at network security … you have to dig deep into the applications to ensure the security of your data.


Live from Black Hat: Practical Defenses Against Adversarial Machine Learning with Ariel Herbert-Voss

Adversarial machine learning (ML) is a hot new topic that I now understand much better thanks to this talk at Black Hat USA 2020. Ariel Herbert-Voss, Senior Research Scientist at OpenAI, walked us through the current attack landscape. Her talk clearly outlined how current attacks work and how you can mitigate against them. She skipped right over some of the more theoretical approaches that don’t really work in real life and went straight to real-life examples. ​


Why You Need an Open Source Vulnerability Scanner

No one wants to be the next Equifax. Just thinking about their company’s name being in a headline along with the words “security breach” is enough to keep CISOs up at night. Much like Fight Club, however, the first rule of data breaches is: You do not talk about security breaches...unless you’re mandated by notification laws like GDPR. Even though organizations don’t reveal much publicly, their concern is reflected in the amount of money spent to prevent cyber attacks.


Celebrating Sqreen's 5 year anniversary

This month marks the 5 year anniversary of my co-founder Jb and I starting Sqreen. It’s been an incredible journey so far (have a look at just a few of the highlights), and milestones like this serve as a good opportunity to take stock, celebrate what the team has built together, and look into the future. Sqreen was born out of my and Jb’s experiences on the Red Team at Apple.


How OIDC Authentication Works

Did you know that in the United States, the Social Security Number was never intended to become the defacto method for physical identification? On its surface, this may come as a shock given how ubiquitously SSNs are used for this exact reason, but looking beneath the surface, we find that SSNs are terrible forms of identification. Ignoring the security concerns of a nine digit numeric code, an SSN is not for universal identification.


Authentication vs. Authorization: Why we need authorization standards

I witnessed the transition from bespoke authentication to standards-based authentication. It’s time to do the same for authorization. Twenty years ago, almost everything in the IT world was on-premises: hardware and software, including the tools you used to verify who your users were and what they could do in your systems.


Guide to GKE Runtime Security for GCP Workloads

This is part three of our four-part blog series on Google Kubernetes Engine (GKE) security. You can find the previous two parts below: Adhering to security best practices for running your workloads on GKE plays a critical role in safeguarding your cluster and all its workloads. Misconfigured pods, for example, pose a huge danger if they are compromised. Follow our recommendations below to protect your GKE workloads at runtime.


How Data Governance Reduces SharePoint Content Sprawl

Chaos is never good for business, but the reality is that it’s the state in which many companies live on a daily basis. The global pandemic shut down offices and dispersed workforces to employees’ homes and other socially-distanced locations. Without data governance plans to support remote workers, employees scavenged for, and used, tools and processes that helped them get their jobs done, often with little regard for long-time implications or risk to the company.


Combat mobile phishing attacks targeting Financial Services with AI

Phishing attacks are a common attack vector for financial services organizations. Effective and simple to launch, phishing attacks challenge financial firms to protect their mobile workforce and harden their customer-facing apps. Mobile phishing, in particular, bypasses traditional perimeter defenses such as secure email gateways by targeting users via personal email, SMS and social messaging apps.


Tripwire Research: IoT Smart Lock Vulnerability Spotlights Bigger Issues

The mechanical lock is perhaps the most fundamental, tangible, and familiar layer of security in our daily lives. People lock their doors with the expectation that these locks will keep the bad people out, but there’s a common adage in the security industry that locks are only good at keeping honest people honest. This is perhaps truer than ever in the era of the IoT “smart lock” where lock picks and bump keys can often be replaced by scripts and sniffers.


National Cybersecurity Authority (NCA): What You Need to Know

In its Vision 2030 development plan, Saudi Arabia included a National Transformation Program whose purpose is to diversify the Kingdom’s income away from the oil industry. One of the core tenets of that program is to enable the growth of the private sector by developing the digital economy. Specifically, Saudi Arabia set out its intention to increase the contribution of the digital economy that’s non-oil GDP from 2% to 3% by 2030.


Is Microsoft 365 HIPAA Compliant?

Office 365 HIPAA compliance is a pressing concern for an increasing number of healthcare companies. Microsoft’s robust cloud solution lets providers keep records and communicate with ease — but is it too easy? Can sensitive information really be protected if it’s stored in the cloud? Cloud computing has been making inroads into the healthcare industry for several years.


Leaving Bastion Hosts Behind Part 2: AWS

This post is the second in a series about alternatives to bastion hosts in each of the major cloud providers. The first post covered an introduction to bastion hosts, the SSH multiplexing attack, some disadvantages to managing your own bastions, and an alternative solution in GCP. In this post, we’ll cover the Session Manager service provided by AWS. Although there are other methods for accessing EC2 instances in AWS, Session Manager is the best match for our requirements, which are.


COBIT vs ITIL vs TOGAF: Which Is Better For Cybersecurity?

Adding a little bit of structure into one's affairs never hurts, especially when it comes to IT business processes and IT assets. To this end, various frameworks offer blueprints for achieving key organizational objectives like compliance and security. Three of the more popular IT governance frameworks—COBIT, ITIL, and TOGAF—are widely used by enterprises in this regard—let's see how they compare when it comes to bolstering cybersecurity and digital resilience.


LXC vs Docker: Why Docker is Better

LXC (LinuX Containers) is a OS-level virtualization technology that allows creation and running of multiple isolated Linux virtual environments (VE) on a single control host. These isolation levels or containers can be used to either sandbox specific applications, or to emulate an entirely new host. LXC uses Linux’s cgroups functionality, which was introduced in version 2.6.24 to allow the host CPU to better partition memory allocation into isolation levels called namespaces .


JIRA Service Desk vs ServiceNow: Ticketing System Comparison

Ticketing systems are essential to today's enterprise IT help desk operations—without them, service requests and issues would end up lost inside a flurry of emails and handwritten notes. Both JIRA's Service Desk and ServiceNow are leading solutions in this category; the latter has a 25% share of the IT service management (ITSM) market, while Atlassian—though more software developer-focused—is a household name when it comes to project management and collaboration tools.


Is CapitalOne's DevOps Dashboard Hygieia the Best?

Many enterprise software hopefuls tackle the final stretch to becoming a mature offering through the development of an easy-to-use management GUI. This is especially true of DevOps and automation tools, as quite a few solutions have recently rounded out their platforms with web-based UI consoles for easier, visual management of resources and services.


Live From Black Hat: Stress-Testing Democracy - Election Integrity During a Global Pandemic with Matt Blaze

Technology and elections are heavily interrelated – but it wasn’t always that way. We started to adopt technology once we weren’t able to fit everyone into a town hall. The first piece of technology was simply a piece of paper and a ballot box. We may not think of it as technology, but the ballot box can be tampered with. That technology gave us ballot secrecy, a trait that a hand-raise in the town hall didn’t.

Moody's Shares How to Learn from Organizations Running Successful AppSec Programs

Veracode has helped thousands of customers integrate security into their development cycle, and we’ve now got lessons learned, best practices, and pitfalls to avoid. Join Adrian Benvenuti, Vice President of Cybersecurity Risk and Architecture at Moody’s and Chris Kirsch, Director, Product Marketing at Veracode as they discuss how real-life AppSec programs are helping security and development teams work together to secure code.

How Does XOR Cipher Work?

XOR cipher is very easy to implement and offers a strong protection against brute force attacks. Keep reading to learn more! In today’s world, we use internet and communication technologies on a daily basis for pleasure and business. We send e-mails and files, chat with friends and co-workers, share content on social media, do shopping and so forth. As a result, we send and receive a significant amount of sensitive data every day.

Webinar | Best Practices for Auditing K8s | Gravitational | Ev Kontsevoy | Andrew Lytvynov

In this webinar, Ev and Andrew have a conversation about auditing kubernetes, what those logs might look like in a platform like Sumo Logic, and what added benefits one could receive from using a secure access tool like Teleport for audit logs and alerts.

Hooah! StackRox Soars with the U.S. Air Force on Kube Security

StackRox is in the midst of our own “Fed ramp” of sorts, with news today that we’ve been awarded a Department of Defense SBIR Phase II Award, our long history with In-Q-Tel and multiple deployments in the U.S. Intelligence Community, and more news coming soon on additional Fed initiatives.


Protecting Against Kubernetes Threats: Chapter 6 - Credential Access

Part six of our nine-part blog series – where we examine each of the nine MITRE ATT&CK tactics and techniques for Kubernetes – covers Credential Access, a set of activities intended for stealing sensitive credentials such as application secrets, passwords, and tokens that may be used by either users or service accounts.


The Problem of Content Sprawl

In the early days of SharePoint, installing a free version was fairly straight-forward and simple, and once in place, it would quickly catch on and spread across a single team, then expand between teams, and soon could be seen throughout the entire organization. In those early waves of growth, few paid much attention to the growing sprawl of sites and content.


Stories from the SOC: Compromised account detected

The Managed Threat Detection and Response (MTDR) analyst team was notified of multiple logins from different countries. With the shift to a more remote workforce, multiple logins from different locations is not uncommon, but the team discovered the potentially compromised account belonged to a third-party and immediately took action. Every year businesses lose millions due to data breaches caused by third parties.


Secure Remote Access: Why It's Important and How to Do It Right

COVID-19 forced organizations all over the world to transition their employees to a work-from-home policy. That change came at a time when organizations’ connected infrastructure is more complex than ever. Such complexity doesn’t just extend across IT environments, either. Indeed, machines and production processes are also becoming increasingly complex as organizations with OT environments seek to address the challenges of the 21st century.


Selecting the Best SOAR Solution Series: The 5 Core Competencies (Part 2)

Welcome to part 2 of our series on how to select the best security, orchestration, automation and response (SOAR) solution for your business. In part 1, we defined what SOAR platforms set out to do at their core. In this post, we will take a closer look at the core competencies on which different SOAR solutions focus. Understanding how your objectives and challenges align with the core competencies of a specific SOAR solution is the first place you should start when evaluating providers.


Network Security Audit Checklist

Every company that uses computers and the Internet should be concerned about information security and particularly, network security. The number of threats each company faces is growing every day. Whether it’s SPAM, malware, spyware, phishing or virus threats or users who walk out the door with proprietary information or sensitive data, the threat and risks are potentially damaging and costly for that company.


Why Secure DevOps is the New Sheriff in Town

We’ve listened to the pain points of CISOs around the country, many of whom say managing an effective application security program often feels like trying to survive in the Wild West. It’s a great metaphor. You’ve got cowboys and gunslingers and outlaws. There are open frontiers and endless opportunities for pioneers.


App risk assessment - how we determine the risk level of apps

At Wandera, each day we receive requests from our enterprise customers wondering if a particular app is safe to allow on employee devices. Wandera’s app risk assessments consist of two main types of app analysis: When it comes to app risk assessments, there are a large number of risk indicators we consider. In our routine risk assessments we include the following.


Why Isn't There A Remediation Button within Change Tracker Gen7 R2?

NNT Change Tracker is a world class solution for evaluating the security posture of your infrastructure. Whether you adhere to frameworks such as the Center for Internet Security, NIST or even if you have a home baked version of how best to harden your environment, Change Tracker will assess and report on how your deployed assets measure up against the standard.

Teleport 4.3 Demo | Privileged Access Management | SSH & Kubectl

In this video, we show the basic capabilities of Gravitational Teleport, an open-source Linux server for setting up infrastructure access via SSH or Kubernetes. Gravitational Teleport is a gateway for managing access to clusters of Linux servers via SSH or the Kubernetes API. Download Teleport Community here and try it for your self Check out our GitHub repo here If you want to ask any questions reach out here

EKS vs GKE vs AKS - August 2020 Update

In February, we published an article providing a side-by-side comparison of the managed Kubernetes offerings from the three largest cloud providers: Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE). The Kubernetes ecosystem changes rapidly, as do the feature sets of these managed platforms. This post covers important updates to these services made since our original comparison and our April, May, June, and July updates.


Digital signatures security explained

Digital signatures have been around for decades, but recent events have put them back in the spotlight. They were heralded as the future of cybersecurity as far back as 1999, but in the intervening years came to be somewhat taken for granted by security engineers. Not any longer: the massive move to home working precipitated by the Covid-19 pandemic have forced many to take a fresh look at the value of digital signatures, why they matter, and their relationship to encryption.


Using Bearer with Serverless Functions

Did you know that you can use Bearer with serverless functions? While serverless, or cloud functions, might not be your first choice for making API calls they can be a great way to proxy API requests or even act as a lightweight API gateway. They also offer a great way to bring some of the benefits of Bearer into the Jamstack. The set up process is similar to installing the Bearer Agent into a traditional app, but there are a few things to watch out for.


New Data Reveals How AppSec Is Adapting to New Development Realities

In today’s fast-paced world, companies are racing to bring new, innovative software to market first. In order to keep up with the speed of innovation, many organizations are shifting toward DevSecOps. DevSecOps brings security to the front of the software development lifecycle, allowing for both fast deployments and secure applications.


Man vs. Machine: Three-Part Virtual Series on the Human Element of AppSec

In 2011 when IBM’s Watson supercomputer went up against ‘Jeopardy’ icon Ken Jennings, the world watched as a battle of man vs. machine concluded in an impressive win for Watson. It wasn’t simply remarkable that Watson could complete calculations and source documents quickly; the real feat was the brainpower it took to create fine-tuned software with the ability to comprehend questions contextually and think like a human.


No organization is immune to social engineering, not even Twitter

On July 16, Twitter fell victim to a targeted social engineering attack that led to the compromise of 130 Twitter accounts, including Bill Gates, Joe Biden, and Elon Musk. Through a successful spear phishing attempt, a group led by 17-year-old “mastermind” Graham Ivan Clark was able to Tweet from these accounts, asking for Bitcoin donations that reportedly netted the scammers more than $180,000 in the short time the posts were live.

After Years of Security Prioritization, How Do You Finally Protect Lingering Vulnerabilities?

With a comprehensive AppSec program, you want to understand your entire development, security, and application footprint so you can roll out consistent tools and processes. As a result, only a portion of your applications are covered, leaving vulnerabilities unprotected. And blind spots are clouding visibility into risk reduction efforts, making it difficult to report on progress throughout your organization.

The Biggest Challenges and Best Practices to Mitigate Risks in Maritime Cybersecurity

Ships are increasingly using systems that rely on digitalization, integration, and automation, which call for cyber risk management on board. As technology continues to develop, the convergence of information technology (IT) and operational technology (OT) onboard ships and their connection to the Internet creates an increased attack surface that needs to be addressed.

Insider Threat Playbook: How to Deter Data Theft by Departing Employees

In today's digital world, the problem of data theft by departing employees goes far beyond stealing the names of a few customers or a product design sketch; it can mean the loss of gigabytes of critical corporate intelligence and legally protected information like customer cardholder data. Plus, ex-employees have even more avenues for using the data they steal - they can use it against their former employers, leak it to competitors, sell it to the highest bidder or simply publish it on the internet.

Speeding Incident Response by Integrating Netwrix Auditor with ServiceNow

Although most IT pros are aware of the benefits that technology integrations promise, many of them are reluctant to take on integration projects. They know all too well that many vendor products simply aren't designed to be integrated with other systems; the lack of an application programming interface in particular is a huge red flag. Fortunately, there are vendors, such as ServiceNow and Netwrix, that enable organizations to reap the benefits of integration without having to invest lots of time and money.

When AppSec Integration Threatens Development, How Do You Safely Sustain Innovation?

You want AppSec tools in your development process, but anything less than full integration undermines your program's effectiveness. Getting the right resources into developers' hands typically requires: tools, systems, and processes.
  • Ongoing maintenance: Routine patches and upgrades can be time consuming-especially if you're supporting multiple geographies or teams-and may break your customizations.