April 2021


SIEM Use Cases: Implementation and Best Practices

A security and information event management (SIEM) tool can be a valuable component of a mature security strategy. Indeed, effective SIEM solutions have been available for well over a decade. Organizations typically purchase SIEM tools expecting fast implementation and reliable security threat alerts that provide the intelligence required to respond promptly and prevent breaches. The reality is quite different.


Why use a password manager?

Password managers protect your online logins. As more people are now working from home, issues of online security have made password managers an essential tool. It is too easy to fall into the habit of reusing the same password for multiple sites. Doing so is bad password hygiene. In this blog, we explore why you should use a password manager and what password hygiene is.


What You Missed at Aiming for Zero

In case you missed it, Netskope’s recent Aiming for Zero event was focused around how Zero Trust is more than just access controls and passwords—it’s a security concept that applies to all aspects of your network, your data, the applications you use, and the way you interact with them. If you missed the event and want to hear more about our deep dives int Zero Trust, there’s no need to worry!


What is Threat Modelling? 10 Threat Identity Methods Explained

Threat modelling is a process for identifying potential threats to an organization's network security and all the vulnerabilities that could be exploited by those threats. Most security protocols are reactive - threats are isolated and patched after they've been injected into a system. Threat modelling, on the other hand, is a proactive approach to cybersecurity, whereby potential threats are identified and anticipated.


Snyk & Intuit roundtable: Breaking silos, engaging with security and developer communities

I recently attended a Snyk roundtable with Intuit, and it was such a good session that I wanted to write a post sharing some of the insightful discussion and takeaways — starting with this great artistic impression of the session! As a TL;DR, here are my biggest takeaways from the session.


The importance of creating a small business Cybersecurity plan

It’s estimated that cyber crime will cost businesses as much as $45,000,000,000 by 2025. Each year, small businesses who haven’t put a cyber security plan in place are at the mercy of hackers who are using ever increasingly sophisticated methods to breach their network, compromise their data - and even hold the business to ransom.

Tripwire ExpertOps: Managed Cybersecurity and Compliance

Welcome to Tripwire's Security-as-a-Service solution. Tripwire® ExpertOps extends your staff with experienced security professionals who leverage your in-house team. You’ll see rapid time to value with your choice of multiple services that can reduce your security risks and simplify your policy compliance—all hosted on a cloud infrastructure. Tripwire ExpertOps includes software, ongoing consulting, professional services, and cloud infrastructure in a single subscription.

How to Introduce More Empathy into Security Operations

Long before he was forced to reconcile his passion for the Boston Red Sox with a new love interest, or became the king of late night, Jimmy Fallon made the “IT guy” famous. As Nick Burns, “Your Company’s Computer Guy,” Fallon expertly (and hilariously) personified the brutish, condescending and dismissive IT admin we all fear, the person with simply no time for their perceived lowly technical knowledge and unsuspecting nature of the average end-user.


Improve your AppSec program with the Synopsys partner ecosystem

Understand how the Synopsys partner ecosystem can help your organization address your software quality and application security challenges. To build secure, high-quality software in today’s challenging environment, organizations need world-class partnerships backed by industry-leading software quality and application security products and services.


Social Engineering: The Art of Human Hacking

In the beginning, social engineering was an art of social science. It is used to change people’s behaviour and make changes in society. It looks at a lot of groups, including government, media, academia and industries. Nevertheless, with the development of technology and people’s concerns about security, social engineering has started to be used. Cyber criminals use it to trick humans by using deceptive techniques or information that disguises their intentions.


Calligo moves up the Top 100 Solution Providers rankings

CDN’s annual ranking of the Top 100 Solution Providers in Canada places Calligo four places higher than last year, and is still the only one to place such emphasis on data’s intelligent use and continuous safety. Calligo was this week once again listed in Channel Daily News’ (CDN) annual Top 100 Solution Providers, rising up the rankings to 67th. The ranking is based on managed service providers’ (MSPs) 2020 Canadian revenue figures and is verified by the organisers.


Weekly Cyber Security News 29/04/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. I don’t know about you, but I’ve always been wary of the risk of QR codes. Yes they are useful, but the risk of visiting a dodgy embedded URL without prompt goes against all we’re told. I’m pretty sure there have been issues in the past, but here is a new example.


Executive Order on Cybersecurity Is Imminent: It's Been a Long Time Coming

Following President Biden’s address to Congress last night in which he referenced cybersecurity as a priority twice, news is circulating today that the executive order on cybersecurity is imminent. This news comes as a much awaited and long overdue step towards creating standardization and structure around cybersecurity.


Developer Training Checklist: 5 Best Practices

The role of the developer has evolved over the past several years. Developers are not only responsible for writing code and releasing new software rapidly but also for securing code. By implementing security in the software development lifecycle, you can reduce risk and cost without slowing down time to production. But the developer role is already stretched so thin and many developers don’t have a background in security.

Create Security Labs Users from the Veracode Platform

In this video, you will learn how to create Security Lab users from the Veracode Platform. Veracode Security Labs provides interactive training labs that give developers practical security knowledge. Security Labs teaches security and application security (AppSec) skills through hands-on experience. The lab-based approach to developer enablement can improve the time it takes to resolve findings and help developers avoid introducing flaws into the code.

How To Secure Your SDLC The Right Way

The ever-evolving threat landscape in our software development ecosystem demands that we put some thought into the security controls that we use throughout development and delivery in order to keep the bad guys away. This is where the secure software development life cycle (SSDLC) comes into play. Organizations need to make sure that beyond providing their customers with innovative products ahead of the competition, their security is on point every step of the way throughout the SDLC.


Confessions of a CISO

Ever wonder what really bugs a CISO. Well, do we have a story for you. In this Log’s Honest Truth podcast, presented in partnership with ITSP Magazine, Devo CISO JC Vega discusses the confessions of “Mr. T” (we disguised his face to protect his identity) a veteran CISO. Listen to the podcast. “Mr. T” faced three primary challenges: Next up, the confessions of “Mr. V,” a digital security and fraud director.


What Docker runtime deprecation means for your Kubernetes

On December 8, 2020, Kubernetes released version 1.20—the third and final release of the popular container orchestration platform in 2020. Kubernetes noted in a blog post that the version contained 42 enhancements. Of those enhancements, 16 entered into alpha, while the remainder moved to beta or graduated to stable at 15 and 11, respectively.


Securing AWS Management Configurations By Combating 6 Common Threats

There’s a common misconception that cloud providers handle security, a relic leftover from hosting providers of previous decades. The truth is, cloud providers use a shared responsibility model, leaving a lot of security up to the customer. Stories of AWS compromise are widespread, with attackers often costing organizations many thousands of dollars in damages.


The Hidden Benefits of Compliance

If I were to ask you why you scanned for compliance at your company, I’d bet you’d tell me it was to help you pass requirements easier, to ensure that your audits are good on the first pass and so that you could troubleshoot technical issues with another process. You didn’t know about that last one? Wait, are you telling me you don’t know about the hidden benefits of compliance that you’re getting? Let’s talk.

Combining Monitoring Approaches For Well-Rounded FIM | Tips & Tricks Ep.2

Traditional, agent-based monitoring from Tripwire® Enterprise brings best-in-breed file integrity monitoring (FIM) to your organization’s IT infrastructure. In regular practice, an agent is deployed to a supported operating system to facilitate asset monitoring. But how do you enforce FIM on operating systems that have reached their end-of-life for support, or endpoints that aren’t able to have agents installed?

SIEM vs Log Management

It now takes organizations 207 days to identify and 73 days to contain security breaches, according to IBM’s 2020 Cost of a Data Breach Report. That means the average “lifecycle” of an incident is a staggering 280 days — 7 months! Moreover, cybercrimes are becoming increasingly sophisticated and attackers are quicker than ever when it comes to finding cracks in corporate infrastructure.


The rise of social media data breaches

Table of Contents Cybercriminals are always looking for the new weak link and social media is a point of vulnerability for many businesses. As it becomes more common for social media to be used for and by businesses, the opportunity for cybercriminals to use social media in their attacks grows. Social media is an essential tool for networking, events, advertising, keeping up with trends and more.


Cloud and Threat Report: Cloudy with a Chance of Malware

Cybercriminals are increasingly abusing popular cloud apps to deliver malware to their victims. In 2020, more than half of all the malware downloads detected and blocked by the Netskope Security Cloud platform originated from cloud apps. Cloud apps are commonly abused to deliver Trojans, with attackers attempting to exploit the trust placed in the app used for delivery. Increasingly, cloud apps are also abused for next-stage downloads, with attackers attempting to blend in with benign traffic.


Cloud Threats Memo: Beware Outsourced Cyber Attacks and Compromised Credentials

The trove of 1.3 million RDP credentials leaked recently is yet again proof that, In the underground economy, initial access brokerage is a flourishing market. Cybercriminals are outsourcing the initial access stage of the attack, so they can better focus on the execution and act more quickly.


Standard Chartered Bank Embraces Digital Identity to Grow

Standard Chartered Bank is changing the future of banking by simplifying authentication for its customers --letting customers decide the best way to access their accounts and get things done, without jumping through extra hoops. In the ultra-competitive world of retail banking, customer service is the competitive advantage and identity is key. I recently had the pleasure of chatting with Alan Chiew, Executive Director and Head of Technology at Standard Chartered Bank.


Why Your Brand Protection Relies on Threat Intelligence?

Your brand is the image your customers have of your business; this is precisely what makes your brand into such a valuable asset. It’s no surprise that brand presence is increasingly shifting into the digital realm. And while digital transformation brings with it a whole new world of possibilities, the digitization of the brand also introduces new risks.


Wandera recognized in Gartner's 2021 Market Guide for Mobile Threat Defense

We’re excited to share Wandera has been identified as a Representative Vendor in ‘Gartner’s Market Guide for Mobile Threat Defense’ (MTD) (Gartner subscription required). Wandera was the only vendor named in both the ‘Vendors That Offer All-Round Mobile Threat Defense Capabilities’ and ‘Vendors That Offer Network-Focused Mobile Security Capabilities’ categories.


Press Release: LogSentinel SIEM Named the Best Security Innovation at the 2021 DEVIES Awards Europe

28th April 2021 Naarden, The Netherlands – LogSentinel, the innovative next-generation SIEM provider, announced that its flagship product, LogSentinel SIEM, was recognized as the best innovation in security and networking at the annual European DEVIES awards. The official award ceremony was held last night as a part of the online DeveloperWeek Europe 2021 conference.


Identify and Remediate Security Issues with Intelligent Risk Scoring

Today, having a strong data governance program is critical for many reasons: understanding and minimizing risk to sensitive data, maintaining security and trust, avoiding compliance fines, and empowering knowledge workers to be more effective at their jobs. The trouble is, if you don’t manage scope properly, and instead try to eat the proverbial data governance elephant all in one bite, you are setting yourself up for trouble.


Why answering the question of orchestration vs automation will improve your security effectiveness

The investment in security operations is at an all-time high. AustCyber’s ‘Australia’s Cyber Security Sector Competitiveness Plan’ shows spend on security operations makes up more than 40% of all cybersecurity spend ($1.58B in 2018), with cyber spending growth outpacing IT spending growth by nearly two to one.


Using Maths to Fight Financial Crime

Financial crime has become a red-hot topic over the last 12 months, as fraudsters have sought to exploit the monitoring gaps between people, process and technology across an ever-widening attack surface – driven by the growth in usage of remote (digital) channels. Even before its recent growth, the cost of fraud and financial crime was significant.


Exploiting and detecting CVE-2021-25735: Kubernetes validating admission webhook bypass

The CVE-2021-25735 medium-level vulnerability has been found in Kubernetes kube-apiserver that could bypass a Validating Admission Webhook and allow unauthorised node updates. The kube-apiserver affected are: You are only affected by this vulnerability if both of the following conditions are valid: By exploiting the vulnerability, adversaries could bypass the Validating Admission Webhook checks and allow update actions on Kubernetes nodes.


Our $188M funding round fuels our mission to help customers confidently run modern cloud applications

Today, I am excited to share that we secured $188M in a new funding round, at a valuation of $1.19B (read more here). At the outset, I want to thank our employees, partners, investors and most importantly, our customers for this important milestone. The funding follows a year of unmatched innovation that led to accelerated revenue growth, installed base growth, and rapid community adoption of our open source projects.


Priority on people - An argument against the excessive use of Cybersecurity technology

Despite what many advertisements and salespeople would like you to think, you don’t need to (and in many cases shouldn’t) spend a fortune on security tools to achieve a robust cybersecurity program. Some tools are essential, such as a ticketing tool or Security Information and Event Management (SIEM) system, but the best security programs are built off the employees that run the business.


Define, Reinforce and Track: Helping Develop Positive Cybersecurity Habits

Getting teams to improve security can be hard work, but it’s an important job that organisations must take seriously to protect an increasingly risky world. For this post, I wanted to explore some ways that an organisation or individual might start building a new security “habit” so that, in time, acting securely becomes automatic.


Creating Cloud Security Policies that Work

Now that the ongoing worldwide trend toward “going digital” has been accelerated by COVID-19, taking extra precautions to protect your organization’s data, communications and information assets is more important than ever. Of course, there are many traditional and emerging ways to protect and secure your business.

Turning InfoSec Success into Audit Wins | Tips & Tricks Ep.1

Security and compliance are different, yet complementary, disciplines. It’s important to understand their relationship to build a robust security program that can be used for audit success. Compliance is a kick-starter for building your security program, and security is an important focus to help ensure you are audit-ready. Join us in our Tips and Tricks series. We’ve curated this series for you, whether you are a customer looking to make the most out of your Tripwire investment, or you’re on the market for a new security solution.

The Ultimate Guide to Security Awareness Training

The definition of security awareness is likely broader and deeper than your organization may realize. Security awareness aims to address one of the trickiest weak points in your organization: its people. Security awareness is intended to change behavior and reinforce good security practices among your employees and other third parties. In short, it should be a cultural change.


How Your Network Became "The Bermuda Triangle" and How You Can Fix It

“Where’s your app? Where’s your data?” For a long time, if you needed to know where your applications or data were, the answer was clear: it was always either on-premises or in a branch. Universally, almost regardless of organization size, infrastructures were contained, and visible within a defined boundary—you have a data center, a network, a branch, a user.


Insider Threats and the Dark Web increase Remote Work Risks

The “Dark Web” is often portrayed as a gloomy realm of internet land where you can find criminals and offenders lurking around every corner. Though there is some truth to this perception, there are also many misconceptions about the Dark Web and its role in the security or insecurity of businesses. Furthermore, the continuous embracement of remote work has led to an unexpected shift in the way the dark web is being used today.

How Insider Threats and the Dark Web increase Remote Work Risks for Organizations

In our latest podcast, we take a deep dive into the gloomiest part of the internet, the “Dark Web” as we try to demystify everything we think we know. This is the realm of internet land where criminals and offenders can be found lurking around every corner. Though there is some truth to this perception, there are also many misconceptions about the Dark Web and its role in the security or insecurity of businesses. Join Dr. Christine Izuakor and a special guest from Equifax, Dr. Michael Owens as we unravel the Dark Web.

What is Data Exfiltration and How Can You Prevent It?

Data security is key. Incidents of data exfiltration bring lots of unwanted attention to organizations and lead to reputational and financial losses. That’s why companies in various industries pay maximum attention to their cybersecurity measures and constantly enhance them. In this article, we define what data exfiltration is and how it’s performed. We also explore some recent examples of data loss and offer eight best practices that will help you prevent data exfiltration.


Global Privacy Control has the potential to solve the consent banner problem

Data privacy regulation has made great steps toward protecting the privacy of people using web products, but it has come with user experience friction. Consent and disclosure banners are a solution for compliance, but they are not elegant. Browser makers, the W3C, and a group of participating organizations are working to fix that. The first step is a proposal called Global Privacy Control (GPC).


Why automation is critical for your software development

Automation, when done properly, can improve the productivity, quality, safety and security in your software development. Automation isn’t just a “nice-to-have” element of modern business. It’s a “must-have.” Companies simply can’t compete on multiple levels—quality, speed to market, safety, and security—if they rely on manual tools and processes.


Detectify Security Updates for 27 April

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.


Flubot: The spyware being delivered by SMS

It has recently been reported that Flubot, spyware targeted at smartphones, has been spreading across the UK. The malware is being delivered via SMS, under the guise of a parcel delivery app, tricking users into downloading the malicious software. Network operators have said that millions of these malicious texts have already been sent across their networks, causing enough of a stir for the NCSC to issue remedial guidance.


FluBot: Malware as a Service Meets Mobile Phishing

Recently, Europeans were hit by an influx of SMS texts claiming to be package delivery notifications. It turns out these messages were orchestrated by threat actors seeking to distribute malicious apps laced with the banking trojan FluBot, also known as Cabassous. Once the victims download the malware, the app can intercept SMS messages, steal contact information and display screen overlays to trick users into handing over their credentials.


Why We Need to Rethink Authorization for Cloud Native

Companies have moved to cloud native software development so that they can increase development speed, improve product personalization, and differentiate their buyer experiences in order to innovate and win more customers. In doing so, enterprises have also redefined how they build and run software at a fundamental level.


Secure Elixir development with Snyk

We’re happy to announce support for Elixir, enabling development and security teams to easily find, prioritize and fix vulnerabilities in the Elixir and Erlang packages they are using to build their applications! Using the Snyk CLI, Elixir developers can now test and monitor their Mix/Hex projects manually or at key steps of their CI process, ensuring that known vulnerabilities are caught early on and before code is deployed into production.


What is detection engineering?

Just as threat actors evolve their attacks and techniques, so too must security teams evolve their detection content. Detection engineering, therefore, is a life cycle that requires continual effort. However, when done well, detection engineering can reduce the mean time to detect and respond to a threat, as well as recover from a threat. Detection engineering is the process of identifying threats before they can do significant damage.

Forward Fix LIVE: Network Query Engine

Original broadcast date: April 21, 2021 Network Query Engine: Using our Most Popular Feature to put Humans in Control of the Network Description Technical solutions architect Derick Winkworth demonstrates how operations teams are using the Google-like search features of NQE (Network Query Engine) to shave hours off of troubleshooting and provide unrivaled insight into network behavior. We double-dog dare you to attend this workshop and not find a better way to tame your network.

Forward Fix LIVE: Solving Your ACL Problems

Problems managing your enterprise network ACLs? Think there's no way around it? Forward has solutions to your ACL conflicts and chaos. From top-tier service providers to global financial services, Fortune 500 companies trust Forward to save them from troubleshooting headaches and avoidable network outages.

Forward Networks' Mathematical Model

After years of PhD research and commercial development, the team at Forward has delivered a modern approach to enterprise networking and we call it mathematical network modeling. The key idea is to use math to accurately represent your network's behavior, not one device or path, but everything, every possible behavior of your network. Our software-based digital twin provides rapid insights to understand reachability and security. So any network team can now move from reacting to getting ahead.

The 5 most crucial Cybersecurity updates for businesses in 2021

For as long as businesses have used computers, cybersecurity has been crucial. Now, as modern business and data are becoming inseparable, it’s an absolute necessity. As companies start to recover from 2020 losses, they should consider investing in security updates. Cybercrime reached new heights in the past year, with internet crime reports rising 69.4% and costing more than $4.2 billion. Now that more companies are embracing digital services after the pandemic, this trend will likely continue.


What are Cybersecurity Threats?

A cybersecurity threat is the threat of malicious attack by an individual or organization attempting to gain access to a network, to corrupt data or steal confidential information. No company is immune from cyber attacks and the data breaches that can result. Some cyberattacks can even destroy computer systems. As cyber threats become increasingly sophisticated, your business must implement the security needed to safeguard its data and networks.


How a Microsoft Engineer Implemented Veracode for a Large Azure Project

With the need to produce innovative software faster than ever, and cyberattacks not slowing down, it’s no surprise that, for projects large and small, ensuring the security of your code at every step is key. But if software engineers want to meet these everyday demands with success, it’s important to understand how different security scanning types fit in throughout the development process, and how the needs of your team might impact scans.


The State of Incident Response

Kroll, Red Canary and VMware conducted a survey of over 400 information security and 100 legal and compliance leaders from companies with over $500M in annual revenue to capture the current state of incident response from a technical and legal perspective. Our goal was to highlight trends, identify common challenges and understand how organizations are maturing their preparedness, detection and response programs.

Enterprise Cyber Risk Management for Financial Services Organizations

As the frequency and sophistication of cyber incidents targeting financial services companies increases, it is critical for your organization to thoroughly understand the components of a solid cyber security program, the current regulatory framework, the complex and evolving threat landscape, and the actions needed to mitigate your potential risk when responding to a cyber incident.

Splunk and Zscaler Utilize Data and Zero Trust to Eradicate Threats

The past year has challenged us in unimaginable ways. We kept our distance for the greater good, while companies faced the daunting task of transforming their workforce from in-person to remote — practically overnight. This presented a unique challenge for cybersecurity teams. How would they ensure employees retained access to critical data in a secure way? Working in the cloud has made remote work easier for many organizations, but has also presented new risks.


The Winds of Change - What SolarWinds Teaches Us

In December 2020, the world discovered that the SolarWinds’ Orion Platform had been compromised by cybercriminals, potentially affecting thousands of businesses the world over. Security groups such as the National Cyber Security Centre (NCSC) provided advice and guidance to security teams and IT companies on what actions they should take to minimize the impact on them and their customers.

Continuous Cyber Monitoring and Rating with SecurityScorecard

At Infocom Security Greece virtual event on April 23, 2021, Nadji Raib (Regional Sales Director, SecurityScorecard), Matthew McKenna (President of International Sales, SecurityScorecard), and Panagiotis Pierros (Managing Director, TICTAC LABORATORIES) presented how important it is not only to monitor your own security posture but also to monitor your 3rd party, 4th party, and your entire ecosystem of vendors and partners. The demo section shows how easy it is to instantly rate a company's current security posture and to prioritize what are the issues that need to be fixed to get a better security rating.

Lessons learned from building an inventory of systems

Many frameworks, standards, and regulations require organizations to have an IT Asset Management program in place. However, the understanding of what separates a mature Information System Inventory (ISI) from an IT Asset Inventory and the benefits realized from an ISI are generally less well understood. Naturally this may lead to a higher likelihood of deprioritizing an ISI in favor of what are viewed as more pressing security needs. Figure 1.


PSD2 and Open Banking - What you need to know in 2021

PSD2 and Open Banking have been around for a few years now. Each aims to disrupt and future proof the financial services market following the vast technological advancements that occurred over the last two decades, and have left the industry with legacy processes and a lack of legislature to cope with emerging challenges.


The rise and fall of the Emotet botnet

A botnet is a network of hijacked computers and devices infected with malware and controlled remotely by cybercriminals. This network is then used to send spam and launch Distributed Denial of Service (DDoS) attacks. It can also be rented out to other cybercriminals. The Emotet botnet has been a thorn in the side of security teams for many years and has infected hundreds of thousands of devices since 2014.


The 56 Biggest Data Breaches (Updated for 2021)

The rising trend in data breaches continues to angle upwards, and as a result, there has never been a more precarious time in history to launch and maintain a successful business. To prevent the repetition of mistakes that result in data theft, we’ve compiled a list of the 56 biggest data breaches in history, including recent data breaches in 2021. Click on the table of contents dropdown above for a list of all the companies in this post.


How to manage data subject access requests (DSARs)

In a nutshell, a data subject access request – or DSAR for short – is when someone asks a organisation for a copy of all personal data they hold about them, and then that organisation provides it in a clear and structured way. In addition to the data itself, DSARs allow a data subject (like you or me) to find out things like what the organisation is doing with the data, who they’re sharing it with, how long its held on to for, where they got it from, and so on.


How to cyber security: 5G is not magic

5G is faster than its predecessor but that doesn’t change the approach to software security for your applications. Some wild claims have been made about 5G networking. I’ve heard mention of self-healing factories and smart highway systems. While such things might be possible, there’s nothing magical about 5G. In essence, it’s just faster wireless networking than we’ve had before. That’s nice, but hardly revolutionary.


Weekly Cyber Security News 23/04/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. I admit this is frivolous, and low risk, but come on…. The increasing completely pointless devices out there that insist on Internet connection when you are highly unlikely going to be out of sight of said device is bonkers… No…


Practical Steps for Fixing Flaws and Creating Fewer Vulnerabilities

All security flaws should be fixed, right? In an ideal world, yes, all security flaws should be fixed as soon as they’re discovered. But for most organizations, fixing all security flaws isn’t feasible. A practical step your organization can – and should – take is to prioritize which flaws should be fixed first.


Reporting Live From Collision Conference 2021: Part Two!

If you caught part one of our recap series on this year’s Collision conference, you know we covered a roundtable talk hosted by Veracode’s own Chris Wysopal. The talk focused on the risks of AI and machine learning, delving into discussions of how to manage the security aspects of these future-ready technologies — especially when it comes down to consumer privacy.


Are You Targeting These Risky Red Zone Vulnerabilities?

Modern software development is full of security risk. Factors like lingering security debt, insecure open source libraries, and irregular scanning cadences can all impact how many flaws dawdle in your code, leading to higher rates of dangerous bugs in susceptible and popular languages.


Web Application Penetration Testing Checklist that You Need to Know About

Adaptation of large-scale web applications at a wider level in several multi-faced industry verticals like healthcare, banking, intelligence services and others has exposed them to massive data breaches. Despite increasing awareness about security, complex threat vectors continue to put organizations across the globe under attack.

Devo Customer Story: Panda Security

Watch this customer story to see how Panda Security, an endpoint protection company, leverages Devo to rapidly collect and analyze a wide range and large volume of security data. Devo offers Panda a SaaS-based security analytics solution that easily scales to meet its growing customer base. Panda seamlessly integrates Devo into its own products, providing customers out-of-the-box analytics and insights, freeing Panda to focus on what it does best, malware detection.

Security threats affecting your workforce productivity? Here's how Forrester says you can address them

According to Forrester, the number of permanent, full-time remote workers is expected to increase by 300 percent or more compared to pre-pandemic numbers. Amid the chaos surrounding the pandemic, getting your entire workforce back to the office seems trivial, especially when many employees’ work can be done remotely. It’s no wonder that, according to Gartner, almost half of employees will continue to work remotely post COVID-19.


REvil ransomware - what you need to know

REvil is an ambitious criminal ransomware-as-a-service (RAAS) enterprise that first came to prominence in April 2019, following the demise of another ransomware gang GandCrab. The REvil group is also known sometimes by other names such as Sodin and Sodinokibi. REvil has gained a reputation for attempting to extort far larger payments from its corporate victims than that typically seen in other attacks.


Genesis Market: A Hacker's Haven of Stolen Credentials

Netacea’s Threat Research team works diligently to keep a close eye on emerging bot threats, ensuring we stay one step ahead of cybercriminals and hackers. The team recently completed an exclusive investigation into the Genesis Market, an illegal online marketplace for stolen credentials. While many underground markets for stolen credentials operate from the anonymity of the dark web, Genesis Market is accessible from the open web.


How to Future Proof Your System Against a Zero Day Exploit

Earlier this year, Kaspersky researchers discovered a zero day exploit hidden in Desktop Windows Manager. The exploit, designated as CVE-2021-28310, is known as an escalation of privilege (EoP) exploit, which allows attackers to gain access or a higher-level user permission to systems and platforms than an administrator would permit. Though patches have since been released, it’s not yet known how extensive the damage from this zero day exploit is yet.


A Real-World Look at AWS Best Practices: Root Accounts

Best practices for securing an AWS environment have been well-documented and generally accepted, such as AWS’s guidance. However, organizations may still find it challenging on how to begin applying this guidance to their specific environments. In this blog series, we’ll analyze anonymized data from Netskope customers that include security settings of 650,000 entities from 1,143 AWS accounts across several hundred organizations.


How Threat Intelligence Could Have Helped Prevent 2020's Cybersecurity Incidents

If anyone has benefitted from the pandemic, it has been cyber attackers. As businesses expanded their investment in cloud resources and other IT resources in response to the pandemic, cyberattacks also dramatically increased. Businesses reported 445 million cyberattack incidents in 2020, double the rate for 2019. It didn’t have to be this way. With stronger threat intelligence solutions in place, many of the security incidents of 2020 could likely have been averted.

How to prevent OWASP API Top 10 security vulnerabilities? API attack prevention

Broken object level authorization Broken user authentication Excessive data exposure Lack of resources and rate limiting Broken function level authorization Mass assignment Security misconfiguration Injection Improper assets management Insufficient logging and monitoring Cyphere is a UK-based cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.

A hacker's approach to finding security bugs in open source software

Spencer Pearlman, Security Researcher at Detectify, presented A Hacker’s Approach to Finding Security Bugs in Open Source Software in a partnered webinar with friends at Debricked. Securing modern web applications takes new approaches, and this includes looking at it from a hacker’s perspective. Here are highlights from the presentation on how tech teams can apply the same hacker mindset to discover vulnerabilities in open-source software in their tech stack.


Reporting Live From Collision Conference 2021: Part One!

This week, Collision (virtually) kicked off its annual conference, bringing together creatives, builders, influencers, innovators, and other great minds to cover some of the hottest topics in business and technology. Known as ‘America’s fastest-growing tech conference,’ this year Collision featured over 450 speakers with more than 100 hours of content to consume across the three-day event.


Developer Security Champions Rule the DevSecOps Revolution

DevSecOps has fundamentally changed the way in which organizations approach security in modern software development. The role of developer security champion was created to meet the need for security to be tightly integrated into DevOps and DevSecOps practices. Read on to learn more about what developer security champions are and how they help promote secure coding best practices as organizations work toward continuous integration and delivery.

What are the SIEM Pitfalls and how to avoid them? (SIEM: Benefits and Pitfalls Webinar cuts)

Security Information and Event Management (SIEM) - What is it, why it matters for security and why do we need it? How simple logs can be turned into actionable insights? In this webinar we take a closer look at when is a #SIEM needed, what are SIEMs missing and when do they fail to provide value. We review concepts like alert fatigue, threat intelligence, audit log integrity, log privacy, and more.

What is a SIEM Software? (SIEM: Benefits and Pitfalls Webinar cuts)

Security Information and Event Management (SIEM) - What is it, why it matters for security and why do we need it? How simple logs can be turned into actionable insights? In this webinar we take a closer look at when is a #SIEM​ needed, what are SIEMs missing and when do they fail to provide value. We review concepts like alert fatigue, threat intelligence, audit log integrity, log privacy, and more.

Why is SIEM Important? (SIEM: Benefits and Pitfalls Webinar cuts)

Security Information and Event Management (SIEM) - What is it, why it matters for security and why do we need it? How simple logs can be turned into actionable insights? In this webinar we take a closer look at when is a #SIEM​ needed, what are SIEMs missing and when do they fail to provide value. We review concepts like alert fatigue, threat intelligence, audit log integrity, log privacy, and more.

Open Banking Opportunities to Retain and Delight Existing Customers

The banking landscape is changing. The days of walled garden banking where customers can’t see or access information from all their financial institutions in one place are coming to a close. For banks, and the entire financial services industry, open banking isn’t a threat but a customer service opportunity. Instead of putting barriers between customers and their financial information at other institutions, banks can offer value-added insights across accounts and institutions.

Kubernetes Quick Hits: Use SecurityContext to run containers with a read-only filesystem

In this episode of our Kubernetes Quick Hits video series, Eric Smalling–Sr. In less than four minutes, you’ll learn how to use the readOnlyRootFilesystem control to keep your containers immutable and safe from modification by hackers and misbehaving code. Snyk helps software-driven businesses develop fast and stay secure. In addition to container security scans, Snyk can continuously monitor to find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Shifting security left while building a Cloud Native bank

Building a digital bank requires a unique combination of agility and speed while maintaining the highest level of security. Lunar, a digital challenger bank in the Nordics, has always had technology and agility as a differentiator. Lunar was built for the cloud, with Cloud Native principles, such as microservices, containers, and container orchestration amongst others. In this presentation Kasper will present some insights into the principles on which the Lunar infrastructure was built on, the continuous focus on security, and how application security is shifting left and becoming a developer concern.

Streamlining Vulnerability Management with Splunk Phantom

Vulnerabilities are weaknesses in the security infrastructure that bad actors can exploit to gain unauthorized access to a private network. It is nearly impossible for security analysts to patch 100% of the vulnerabilities identified on any given day, but a vulnerability management plan can ensure that the highest risk vulnerabilities (those that are most likely to cause a data breach), will be addressed immediately.


The Ultimate Guide To OWASP Security Checks for Web and Mobile Apps

When you are looking for genuine, inexpensive unbiased information to make your application secure, there is no better source to go to than OWASP. OWASP gives you guidelines to the industry's top threats and security best practices that help ensure your applications are secured. Take a look at this FREE OWASP Guide that covers vulnerabilities from both web and mobile to give you a comprehensive overview of your application's security status.

Bridging the Cybersecurity frontier: SaaS

Software as a service (SaaS) is one of the most important parts of the modern digital business. Unfortunately, when it comes to cybercrime, it can also be one of the weakest. The Cybersecurity newsletter, The Hacker News, have highlighted this in detail, noting interest from across the digital industry in addressing the holes created by misconfigured SaaS setups.


A Full Rainbow of Protection: Tripwire Is More than 'Just FIM'

Imagine an arc. Not just any arc. A rainbow. When we think of a rainbow, it conjures impressions of color, inspiration and even supernatural characteristics. Does your cybersecurity program long for a magical pot of gold at the end of a rainbow? With all the moving parts of cybersecurity, sometimes it seems like we are merely chasing rainbows. However, it doesn’t have to be that way.


Active Directory Auditing Guidelines

Active Directory and AD Group Policy are foundational elements of any Microsoft Windows environment because of the critical role they play in account management, authentication, authorization, access management and operations. Accordingly, proper Active Directory auditing is essential for both cybersecurity and regulatory compliance.


What is Social Engineering? Examples and 12 Prevention tips

Social Engineering, in the context of cybersecurity, is the use of deception to convince individuals into relinquishing their personal information online. This information is then exploited in cyberattacks. Most social engineering campaigns target employees because they could be manipulated into gateways to an organization’s sensitive data. The success of these campaigns relies on a lack of cybersecurity awareness training in the workplace.


Critical Pulse Connect Secure SSL VPN Vulnerability Exploited

In yet another example of VPN appliance vulnerabilities being actively exploited by threat actors, 20 April 2021 saw the publication of a critical Pulse Connect Secure (PCS) SSL VPN appliance vulnerability, CVE-2021-22893, allowing an authentication bypass that leads to an unauthenticated threat actor gaining the ability to remotely execute arbitrary code on a PCS gateway.


Calling All Threat Hunters - Mobile Malware To Look Out For in 2021

Mobile devices have become more ingrained in daily working patterns. We’ve all picked up IMs on our phones, taken Zoom calls, and maybe looked at a customer record on a nearby device. In a typical organization today, 60% of devices containing or accessing enterprise data are mobile. So it’s essential organizations get up to speed on mobile security to defend against threats like mobile malware and better protect data.


Announcing the Snyk Team plan: Secure development for teams

Today we’re excited to announce a new product tier—Snyk Team—designed to help development teams empower themselves to build applications securely, together! No development team wants to write an application that gets hacked—but many don’t have the skills or budget to use the application security tools currently offered in the market.


Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)

To immediately see how to find potential vulnerabilities or exploits in your Pulse Connect Secure appliance, skip down to the "Identifying, Monitoring and Hunting with Splunk" section. Otherwise, read on for a quick breakdown of what happened, how to detect it, and MITRE ATT&CK mappings.


MITRE Engenuity ATT&CK Round 3: Carbanak + FIN7 vs. the free and open capabilities in Elastic Security

Whether this is the third time you are looking at the MITRE Engenuity ATT&CK® evaluation results or your first, you may be asking yourself: what was unique about this year’s evaluation? Well, let’s first start with: who is MITRE Engenuity? They are a tech foundation that collaborates with the private sector on many initiatives — most notably cybersecurity — and in recent years have become synonymous with cyber threat evaluations.


Cloud SIEM accelerates modernizing security operations across Asia Pacific

Security operations is now a critical business function tasked with securing digital transformation initiatives, to effectively mitigate evolving attacks and expanding attack surfaces, handle complexity and tool proliferation while teams are continuing to be virtual and distributed.

Adopting a cloud first strategy for modernizing security operations

In this session, Scott Crawford, Research Director with 451 Research, a part of S&P Global Market Intelligence, highlights research on how enterprises are responding to digital transformation. In addition, Girish Bhat, VP with Sumo Logic offers insights for security practitioners on how a ‘cloud first’ approach supports digital transformation, IT rebuild projects and application modernization.

Is safe collaboration the key to combating CAD cybercrime?

Cybercrime and cybersecurity challenges have escalated during the Covid-19 crisis, particularly in the manufacturing and design industry. The pandemic has also led to an increase in remote working style creating a wide attack surface. With no time to implement safety security measures to prevent breaches and attacks, no organization is entirely immune or safe. Another cause of concern for the manufacturing and design industry is the upsurge in external partners and suppliers.


Best practices for businesses to stay safe online this tax season

It’s tax time again. Typically, the deadline for federal tax filing in the United States is April 15, but this year the deadline has been extended to May 17, 2021. However, if you think your business will be receiving a refund, the IRS encourages you to file as early as possible. Filing taxes can be stressful. Adding to the potential stress is the increasing tax scams out there and the ongoing battle to keep your company data protected and secure.


What in the World Is a CISO?

Whilst employment has taken a downward curve over the last year or so, there are a variety of approaches I use when applying for a role to help my CV stand out. One key point is knowing what the job entails before submitting my cover letter and CV. This allows me to tailor my message effectively. Additionally, it enables me to find positions that I might not have originally considered. One position I think more people should be aware of is a CISO.


Just What The Cyber Doctors Ordered - OT For Pharmaceutical Companies

Several digital attacks against pharmaceutical companies have made news in the past few years. Back in 2017, for instance, Merck fell victim to NotPetya. The wiper malware spread to the pharmaceutical giant’s headquarters, rendered years of research inaccessible, affected various production facilities and caused $1.3 billion in damages, according to Bloomberg News.


Complying with HIPAA Breach Notification Rules

Learn all about the HIPAA breach notification rules and how you can best protect your business by being ready to comply with anticipated 2021 HIPAA breach notification rules. The HIPAA (Health Insurance Portability and Accountability Act) breach notification rules spell out how hospital systems, physicians, and other healthcare providers must notify their patients, as well as the U.S.


How to Think About Gartner's Strategic Roadmap for SASE Convergence

Gartner recently published the 2021 Strategic Roadmap for SASE Convergence, outlining key challenges that are driving shifts to Secure Access Services Edge (SASE) architecture. Not surprisingly, chief among these challenges are consistency, simplicity, transparency, and efficacy—all of which a properly implemented SASE architecture is positioned to solve. But knowing what the challenges are, how do we then get to SASE? Has your journey already started? What are the right moves?


Cloud Threats Memo: Malicious Campaigns Taking Advantage of Well-known Collaboration Apps

BazarLoader is a malicious dropper used in multiple campaigns, including the massive wave of attacks targeting US Hospitals with the Ryuk ransomware during October 2020. The primary purpose of BazarLoader is to download and execute additional malware payloads, and one of the key characteristics is its delivery mechanism, which exploits legitimate cloud services like Google Docs to host the malicious payload.


Urgent: 5 CVEs being exploited right now by SVR

The mastermind that orchestrated the SolarWinds attack may finally have a name. On Thursday, April 15th, the White House officially announced that the Russian Foreign Intelligence Service (SVR) - also known as APT 29, Cozy Bear, and The Dukes - was responsible for the campaign that exploited the SolarWinds Orion platform. But the attacks are not over yet. A joint advisory from the U.S.


Assessing the state of mobile application security through the lens of COVID-19

Are today’s mobile apps secure or do they offer opportunities for attackers? Learn about the state of mobile application security in our new report. Synopsys recently released a report, “Peril in a Pandemic: The State of Mobile Application Security,” produced by its Cybersecurity Research Center (CyRC), examining the state of mobile application security during the COVID-19 pandemic.


The K8s network (security) effect

Around 20 years ago I had the privilege of joining a young company that invented the Firewall – Check Point. I learned most of my networking knowledge and skills at Check Point and, at that time, I was involved in the high end, rapidly evolving internet. This might be the reason why I truly believe that network security must be a layer in the overall security strategy. A few years ago, I came back to Check Point as a cloud security product manager.


Welcome to WhiteSource, Diffend!

Today we’re thrilled to announce that Diffend, an innovative software supply chain security service, is now part of WhiteSource. At WhiteSource we believe that open source risk management is a pillar of software supply chain security, and Diffend helps us extend our capabilities in this area. While 99.999% of open source releases may be safe, our customers trust us to help identify the ones that could do harm and should be avoided.


What is SOAR?

If an individual wants to acquire information about cyber security, or cyber security tools in general, coming across SOAR is inevitable. Since the SOAR abbreviation is all over the place, the importance of it is also easy to recognize. What makes SOAR crucial for cyber security then? In order to answer this question, the full name of the tool should be addressed. SOAR stands for** Security Orchestration Automation and Response**.


Practical Guide For SIEM And Active Directory

Active Directory is a popular technology used in many organizations to handle their user management, authentication and authorization. The fact that it’s so dominant and so central to the IT infrastructure makes it a key component for security monitoring. It’s also a popular target for malicious actors, as compromising Active Directory accounts gives them access to many resources.


Customer experience- The ultimate game changer in digital onboarding

Companies have been on a digital-first trajectory for years now, which spurred in the wake of COVID 19. A lot of companies had to bear the brunt of this catastrophe, and a lot of them survived grasping the straws of digital transformation. But the real winners of this re-ordering were the once who got an inkling that transforming digitally was just a pre-requisite, it is the ‘Customer Experience’ which will keep the ball rolling.


Snyk Maven plugin: Integrated security vulnerability scanning for developers

Maven is the most commonly used build system in the Java ecosystem, and it has been for many years. Building your application with Maven is easy since it takes care of many things for you. In different phases of the Maven lifecycle, it handles things like: With Maven, the development lifecycle happens the same way on every machine for every developer on the team, as well as within the CI pipeline.


Hosting and Archiving eTMFs in Egnyte for Life Sciences

The latest survey data on electronic trial master file (eTMF) usage is from 2018 and puts adoption at 75%. It is no mystery why eTMFs are so popular, they make it easier to track progress, provide more control over a “single source of truth”, and enable better/faster data sharing options than a paper-based process. Digitization is listed as one of the top investments by biotech companies after the pandemic interrupted most in-person study activities.


Elevate Your Cloud Security Posture with Splunk and Google Cloud

It’s more critical than ever to secure your company data and protect your workloads in the cloud. This blog post is a roundup of the latest technical resources and product capabilities by both Google Cloud and Splunk to enhance your threat prevention, detection, and response techniques, regardless of where you are in your business-transforming cloud journey.


How attackers abuse Access Token Manipulation (ATT&CK T1134)

In our previous blog post on Windows access tokens for security practitioners, we covered: Having covered some of the key concepts in Windows security, we will now build on this knowledge and start to look at how attackers can abuse legitimate Windows functionality to move laterally and compromise Active Directory domains. This blog has deliberately attempted to abstract away the workings of specific Windows network authentication protocols (e.g., NTLM and Kerberos) where possible.


Training, Accountability and Assessment: Three Priorities for Raising Privacy Awareness Within Your Team

Employees, contractors, and vendors have unparalleled access to company data, requiring careful adherence to data privacy best practices to secure personal information. Unfortunately, many employees are either unaware of these practices or are unwilling (or forgetful) to regularly implement them into their workflows.


How to detect EC2 Serial Console enabled

Recently, Amazon AWS introduced the new feature EC2 Serial Console for instances using Nitro System. It provides a simple and secure way to perform troubleshooting by establishing a connection to the serial port of an instance. Even though this feature is useful in case of break glass situations, from a security perspective, it could be used by adversaries to gain access through an unguarded secondary entrance.

Featured Post

4 ways Security and DevOps can collaborate to reduce application vulnerabilities

Today's organisations are operating in a digital landscape filled with complexities and vulnerabilities. Increasingly, the applications and technologies businesses use to facilitate crucial business operations and connect people are at the mercy of cybercriminals - who are eager to attack from the shadows exploiting and stealing sensitive information held within these everyday applications. As such, security and DevOps teams need a collaborative approach to address and triage application vulnerabilities that continually present themselves - despite each team having different overall objectives.

Introducing AT&T's Managed Endpoint Security with SentinelOne

With 5G, edge solutions, and digital transformation all around us, every enterprise should be taking a closer look at their endpoint security and evaluate options that will be able to keep pace with this dynamic new environment.The newly introduced AT&T Managed Endpoint Security with SentinelOne™ offer brings world class managed services with comprehensive endpoint security.


6 Cybersecurity Tips for Working from Home

Here at Tripwire, we, like many others, recently surpassed the one-year anniversary of working from home due to the COVID-19 pandemic. Since March of 2020, we have converted kitchens, spare bedrooms and garages into office spaces. Our pets and children have become our coworkers, and companies are reporting a sudden increase in shirt sales as opposed to pant sales.


CL0P Ransomware

Responsible for a number of infamous 'big game hunter' ransomware attacks and believed active since at least 2019, the ransomware threat group dubbed 'CL0P' is thought to be a Russian-language cybercriminal gang and have been widely reported as associated with, or their malware adopted by, other cybercriminal groups including 'FIN11', a part of the larger financially-motivated 'TA505' group, and 'UNC2546'.

Red teaming vs pentesting - What is the difference and impact on your cyber security strategy

Learn about:
+ What is Red Teaming?
+ Business Benefits of Red Teaming
+ Red Teaming Methodology
+ Common Terms & Acronyms
+ What is Penetration Testing?
+ Business Benefits of Penetration Testing
+ Pentesting Methodology
+ When should you consider a red team assessment?
+ When you are asking for a ‘red team’ and don’t need one.
+ When you are asking for a ‘pen test’ and don’t need one.


DevSecOps in Practice: How to Embed Security into the DevOps Lifecycle

You’ve heard of DevOps. And by now, you’ve probably also heard of DevSecOps, which extends DevOps principles into the realm of security. In DevSecOps, security breaks out of its “silo” and becomes a core part of the DevOps lifecycle. That, at least, is the theory behind DevSecOps. What’s often more challenging for developers to figure out is how to apply DevSecOps in practice. Which tools and processes actually operationalize DevSecOps?


6 Failures to Avoid with SIEM Tools At All Costs

Enterprises lose $4.7 million to cybercriminals annually. Worse, the percentage of enterprises suffering from cybercriminals’ attack tactics increased from 57 percent to 71 percent in 2020. Furthermore, 56% of IT practitioners say their IT security infrastructure has coverage gaps. This is frequently due to legacy SIEM systems that are unable to scale with enterprise networks.


Lookout Partners with Telkomsel to Deliver Mobile Device and Application Security

Mobile devices and mobile apps have become a primary way for most of us to get work done and manage our lives. This is why I’m excited that Telkomsel has partnered with Lookout to launch Telkomsel Mobile Endpoint Protection (MEP) and Telkomsel Mobile App Protection (MAP). These solutions are powered by the cloud-delivered Lookout Security Graph.


Code Dx 5.3 integrates with Snyk for comprehensive vulnerability management

The Code Dx team is pleased to announce the general availability (GA) of Code Dx 5.3, which notably features an integration with Snyk to help customers integrate open source and container security into their continuous development processes. As we move toward a cloud native world, we’re working to ensure that developer-first tooling, secure cloud infrastructure, container security, and open source tools are fully integrated into Code Dx 5.3.


Agentless Monitoring with Tripwire Enterprise: What You Need to Know

As we know, Tripwire Enterprise (TE) is the de-facto go-to solution for File Integrity Monitoring (FIM). In normal operations, we deploy a TE agent to a system we want to monitor. TE then uses that agent to baseline the system against the appropriate rules, creating a known good state for that system. Moving forward, that system is monitored for change per the rules that were used to create the baseline.


Operation panopticon: How a weak IAM strategy led to the security camera hack across organizations

On March 9, 2021, Verkada, a software company that specializes in making security cameras for monitoring physical access control, was subject to a security hack. Hackers gained access to the video feed of at least 15 thousand cameras deployed across various locations and exposed the inner workings of hospitals, clinics, and mental health institutions; banks; police departments; prisons; schools; and companies like Tesla and Cloudflare.


Considerations for performing IoMT Risk Assessments

Internet of Medical Things (IoMT) products refer to a combination of medical applications and devices connected to healthcare information technology systems through an online computer network or a wireless network. IoMT devices rely heavily on biosensors, critical in detecting an individual's tissue, respiratory, and blood characteristics. Non-bio sensors are also used to measure other patient characteristics such as heart and muscle electrical activity, motion, and body temperature.


The impact of credential stuffing on credit unions

According to Netacea’s latest research ‘The Bot Management Review: the challenge of high awareness and limited understanding’, 95% of financial services surveyed stated that they had experienced a bot attack over the past two years. Since financial services often store highly sensitive and personal information, it is essential that the security measures that they have in place can detect even the most sophisticated of bots.


How to Manage Your Digital Risk in 2021

Though digital transformation is necessary, it's accompanied by some serious risks. This is the scaling conundrum of 2021 - organizations must embrace digitization to remain relevant, however, the greater the digital transformation, the greater the associated digital risks. Thankfully, with the correct digital risk management, organizations can continue to safely embrace digital transformation while mitigating the byproduct of digital risks.


The 411 on Stack Overflow and open source license compliance

Many of the third-party components we find in audits have been pulled in their entirety from public software repositories (with GitHub being the most popular these days). But with some frequency we also come across snippets—lines of code that have been copied and pasted into source code. They might be a piece of a GitHub project, but they may also have been taken from a blog site like Stack Overflow or CodeGuru.


What is cyber security architecture? Elements, purpose and benefits

The principles of cyber security architecture are indeed similar to IT architecture. Networks are only going to expand, technology is going to evolve, and one constant question on every organisation’s mind is “How to ensure the protection of our assets?”. This concern is further heightened in companies whose services are mainly digitised, accounting for over 60% of UK businesses.


The First Step to Achieving DevSecOps Is Shifting Security Culture Left

To achieve DevSecOps you need to shift security left. Sounds simple, right? Well, it’s easier said than done. A recent survey conducted by SANS Institute found that 74 percent of organizations are deploying software changes more than once per month – an increase in velocity of nearly 14 percent over the past four years. To release software monthly, weekly, or even daily, security has to be integrated into the development process, not tacked on at the end.


Identity Phishing Scam uses WhatsApp and Telegram to target Australian diplomats

A sophisticated identity theft scam was used to attack Australia’s Senior Diplomats last week. Cybercriminals often repurpose tactics and tools against other organizations, for example, the techniques used by Hafnium were replicated by other groups to hack 60,000 organizations. Organizations should take steps now to prevent themselves from being impacted by a similar identity phishing scam.

LogSentinel SIEM Implementation Guide

Implementation is the hardest part of getting value out of a #SIEM. It often involves a chaotic onboarding process, approvals from multiple departments, back-and-forth communication about permissions and integrations.LogSentinel SIEM provides templated implementation to streamline the process.LogSentinel SIEM can collect data from everywhere. The lists below include only the most popular vendors and products, but because of the flexibility of our collector, we can collect anything that generates logs.

Mitigating CVE-2021-20291: DoS affecting CRI-O and Podman

The CVE-2021-20291 medium-level vulnerability has been found in containers/storage Go library, leading to Denial of Service (DoS) when vulnerable container engines pull an injected image from a registry. The container engines affected are: Any containerized infrastructure that relies on these vulnerable container engines are affected as well, including Kubernetes and OpenShift.


White House launches plan to protect US critical infrastructure against cyber attacks

The White House is reportedly moving swiftly forward with a plan to harden the security of the US power grid against hacking attacks. According to Bloomberg, the Biden administration has a plan to dramatically improve how power utilities defend themselves against attacks from countries considered to be adversaries in cyberspace – such as Russia, Iran, North Korea, and China.


A quick round up of privacy highlights for Q1 of 2021

As expected, the start of 2021 has seen unprecedented movement in the U.S. with 22 states introducing comprehensive privacy legislation and even more introducing specific-use legislation. To date, hundreds of privacy bills were introduced across the states; to give some perspective, more than 50 privacy bills were introduced in New York alone. Undoubtedly a hot topic, it seemed anyone with an idea for a privacy bill put it in writing and introduced it to their legislature.


Securing the IoT tsunami

The Internet of Things (IoT) is a reality. Gartner forecasts 25 billion IoT devices by 2021, and other industry sources and analysts predict even larger numbers. Although projections of unprecedented growth are ubiquitous among industry pundits, the efforts to secure this tsunami of connected devices are in their infancy. The IoT is still relatively new, so it lacks regulations that mandate security.


How often should you perform vulnerability scanning? Best practices shared

To understand how often vulnerability scanning should be performed, it’s important to delve into the drivers behind this objective. Vulnerability management includes the treatment of risks identified during the vulnerability assessments. This is a vital element of the risk management regime for any organisation. Without making informed choices around risk appetite, an organisation may not get the best out of a vulnerability management programme.


The Zero Trust lesson behind mobile phishing against Australian officials

Australia recently confirmed that a series of mobile phishing attacks were successfully executed on senior officials. According to The Sydney Morning Herald, the targets – which included Australia’s finance minister, health minister and ambassador to the U.S. – were sent messages asking them to validate new WhatsApp or Telegram accounts.


What I Wish I Knew About U2F and Other Hardware MFA Protocols

Teleport has supported multi-factor authentication (MFA) for a while now, via Authenticator Apps (TOTP) and Hardware Tokens (U2F) such as YubiKeys. But this support was pretty limited: you could only choose one MFA protocol and users could only register one device. If a user lost their device, they would be locked out and need an account reset by the administrator. So, for Teleport 6.0, we’ve reimplemented the MFA support to make it more flexible.


5 OPA Deployment Performance Models for Microservices

If you’re responsible for a microservices app, you may be familiar with the idea of a “latency budget.” This is the maximum latency, measured as total request time, that you need for the app to work, in order to meet your SLAs and keep stakeholders happy. For a stock trading or financial services app, this budget might be the barest of microseconds.

Kubernetes Quick Hits: SecurityContext and why not to run as root

In this, the first of our series of our Kubernetes Quick Hits videos, Eric Smalling–Sr. In less than five minutes, you understand why you need to *not* run your containers as root and what to do about it if you are. Snyk helps software-driven businesses develop fast and stay secure. In addition to container security scans, Snyk can continuously monitor to find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Secure Coding with IntelliJ

How can I do security in IntelliJ? Is there a security code scanner for IntelliJ? How can I test for security in Java? Is there a Snyk plug-in for IntelliJ? Make sure to subscribe so you don't miss new content! We know that IntelliJ IDEA is the most favorite and commonly used IDE in the Java landscape and a lot of developers practically live in their integrated development environment (IDE). A good IDE is like a swiss army knife; it is your go-to tool to do almost everything. Let’s see how we can integrate security and secure development into IntelliJ IDEA using this new Snyk plugin.

Top CVE List for Q1 2021: CloudPassage Vulnerability Report

The Threat Intelligence team at CloudPassage is in a continuous ARR (Anticipate, Research, Respond) loop. Our Real-Time Vulnerability Alerting Engine harnesses public data and applies proprietary data analytics to cut through the noise and get real-time alerts for highly seismic cloud vulnerability exposures and misconfigurations—making vulnerability fatigue a thing of the past. Since its first launch at BSidesSF we have made enormous improvements in our real-time vulnerability alerting engine.


Phishing towards failed trust

Phishing exercises are an important tool towards promoting security awareness in an organization. Phishing is effective, simply because it works. However, any social engineer can devise a marvelously deceptive message with an irresistible link that only the most tech-savvy person would spot as a phishing test. Sometimes, the phish can be sent at a time of day that catches the recipient off-guard, which causes a person to click the malicious link.


Securing Your Supply Chain with CIS and Tripwire

Where were you when you first heard about the SolarWinds breach? It’s not unusual for information security professionals to learn about a breach. Keeping track of the news is part of the job. The SolarWinds attack, however, was different for two primary reasons. First, it reached the level of mainstream news. The majority of breaches stay mostly in the industry press.

outpost 24

Debunking the web application attack surface for Credit Unions

Financial services are big targets for cybercrime. As the world shifts from physical to online, credit unions are doubling down on web applications to improve access and ensure vital financial services for their members. But with that comes greater security risks. In this benchmark study, we analyze the Top US Credit Unions with our attack surface analysis tool to highlight security weaknesses they should watch out for.


[Infographics] Compliance Landscape 2021

Organizations are recognizing that data security compliance is a foundational element of any successful business. The demand for compliance officers, IT security professionals and data protection officers is growing; spending on compliance programs is increasing; and businesses are treating compliance as a key part of their overall strategy. Some compliance teams are still struggling to secure the resources and personnel needed to build a robust and proactive compliance program.


Why should businesses move from a bundler to a bot expert?

Traditionally, when selecting a bot management solution, businesses have chosen a multi-purpose security bundle bolted on to a content delivery network (CDN), typically a product such as an Akamai or CloudFlare CDN. While bolt-on bot solutions have their benefits, they lack the comprehensive feature set needed to combat the ever-growing bot threat.


Notable Takeaways from the Verizon Mobile Security Index 2021

Netskope is proud to have contributed once again to Verizon’s annual Mobile Security Index —one of the most influential reports in the industry for evaluating mobile security trends. This report is based on a survey of hundreds of professionals responsible for buying, managing, and securing mobile and IoT devices.


Netskope Threat Coverage: EtterSilent

Intel 471 researchers have identified a new malicious document builder, dubbed “EtterSilent,” leveraged by various threat actor groups. One of the build options is a weaponized Microsoft Office document (maldoc) that uses malicious macros to download and execute an externally hosted payload. The maldocs pose as templates for DocuSign, a cloud-based electronic signature service.

Insider Threats in Cyber Security : Types, Examples and Detection Indicators

Learn about insider threats that are amongst the top security threats to organisations. + What are insider threats in cyber security? + What types of insider threats are there? + What are the famous examples of insider threats? + What are the consequences of such threats? + How can insider threats be detected? + How to address insider threats?

All About WhiteSource's 2021 Open Source Security Vulnerabilities Report

It’s that time of year again: WhiteSource’s annual State of Open Source Security Vulnerabilities for 2021 is here. Once again, when 2020 came to a close, our research team took a deep dive into the WhiteSource database to learn what’s new and what stayed the same in the ever-evolving world of open source security.


New Styra DAS Compliance Packs Foster Collaboration Across Teams

Bridging the gap between Security, Compliance and DevOps teams can be a challenging cultural shift to address. DevOps teams are eager to get software out faster and more efficiently, yet security best practices, like policy-as-code, need to be integrated from the outset to streamline the development process in this new cloud-native world.


Snyk @ Snyk: Enabling Kubernetes RBAC for Snyk's Developers

As Uncle Ben once said, “With great power comes great responsibility.” This is also true of the Kubernetes API. It is very powerful, and you can build amazing things on top of it, but it comes with a price—a malicious user can also use the API to do bad things. Enter Kubernetes RBAC (role based access control), which enables you to use the API in a controlled manner by granting only required privileges needed, following least privilege principle.


New Solutions for Greater Insights and Security Across M365

By the end of 2020, Microsoft 365 was used by more than one million companies worldwide. And for good reason. With the move to remote work, applications like Word and Excel, Teams, OneDrive and SharePoint, provided businesses with a familiar, easy to access, and easy to use productivity suite – all available in the cloud.


Pandemic sees organisations of all sizes and industries invest in CTI

After a year full of unknowns and new normals, knowledge is power. The spike in cyber breaches in the past year, compounded by COVID-related attacks, has only increased the importance of cyber threat intelligence (CTI). The 2021 SANS Cyber Threat Intelligence survey, sponsored by ThreatQuotient, explores the state of play in the global use of CTI and outlines why the difficulties of the past year have contributed to the continued growth and maturity of CTI.


Advanced mobile protection through the AlienApp for MobileIron

Companies of all sizes need clear and cohesive security visibility over every aspect of their organization. As data and assets are trending to mobile, it’s critical to be equipped with the right tools to gain insights on mobile devices and users on the endpoints and mitigate threats whenever needed.


10 Must-Ask Questions When Choosing a SOAR Solution in 2021

The adoption of security orchestration, automation and response (SOAR) platforms has grown significantly in recent years. Countless end-user and service provider security operations teams are leveraging SOAR to address the most common security operations challenges – too many disparate technologies, alert overload, limited staff and manual processes.


Cloud Threats Memo: LinkedIn Spearphishing and Malware-as-a-Service

‘More_eggs’ is a backdoor sold as a “malware-as-a-service” (MaaS) by a threat group known as “Golden Chickens” and predominantly used by three criminal groups: FIN6, Cobalt Group, and Evilnum. In the latest campaign, unearthed by researchers from eSentire and targeting a professional working in the healthcare technology industry, a threat actor is exploiting fake job offers on LinkedIn to deploy the ‘More_eggs’ backdoor on the victim’s machine.


Insider Threat Awareness: What Is It, Why Does It Matter, and How Can You Improve It?

A low level of insider threat awareness among employees can cause all sorts of cybersecurity issues: user negligence and risky behavior resulting in cybersecurity incidents, non-compliance with critical regulations and industry standards, etc. Installing new software and establishing stricter rules can’t always protect an organization from these threats. Raising the cybersecurity awareness level, on the other hand, can.


Hybrid IAM and Cloud Steer Maersk Toward Improved Experiences and Cost Savings

You’ve seen those iconic blue containers filled with everything from cars to TVs and stamped with the Maersk logo countless times on ships docked at ports around the world. But have you ever thought about what it takes to orchestrate the movement of that cargo?


What the 2021 OSSRA report tells us about the state of open source in commercial software

The 2021 “Open Source Security and Risk Analysis” (OSSRA) report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,500 audits of commercial codebases, performed by the Black Duck® Audit Services team. This is the sixth edition of the annual report on the state of open source security and license compliance.

OWASP Top 10 API security vulnerabilities | API security risks

OWASP API security top 10 is an API security project that focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs). Through community-led projects globally, it is a great source for tools, resources, education & training for developers and technologists to secure the web and mobile applications. This community has also produced some of the best testing guides, cheat sheets, methodologies and a lot of community work for which all of us are grateful.

The Biggest Breaches and Data Leaks of 2020

Year after year, cyberattackers cause unnecessary stress for organizations, disrupting innovation and impacting profit. 2020 was no different – last year brought a bevy of damaging breaches that cost organizations precious money and time they couldn’t get back. Ranging from thousands to billions of records exposed, breaches big and small gave threat actors access to sensitive information like email addresses, locations, passwords, dates of birth, and more.


5 Ways Your Cryptocurrency May be Hacked

Over time technologies evolved and now things that seemed to be not possible several years ago become the reality. Now you can order food, services, and basically anything you need online, and pay for it without leaving home. No surprise here, that cash payments are becoming a relic of the past. Along with wireless payments like Google or Apple pay (that still require assigning a banking account or card i.e. physical currency), the cryptocurrencies like Bitcoin are getting widely used.


How SAML 2.0 Authentication Works?

Security Assertion Markup Language (SAML) 2.0 is one of the most widely used open standard for authentication and authorizing between multiple parties. It’s one of the protocol that give users the single sign-on (SSO) experience for applications. The other adopted open standard is OAuth and OpenID. Of the two, SAML 2.0, released in 2005, remains the 800 pound gorilla in Enterprise SSO space. This post provides a detailed introduction on how SAML works

xona systems

Taking an IT-Focused Approach to Securing OT Remote Operations at Municipal Utilities May be Risking Lives

The Oldsmar, Florida, water breach is two months behind us, but the lessons learned will continue to reverberate for thousands of budget-constrained municipal utilities in North America, as well as other regions across the world.


Endpoint Security Data Collection Strategy: Splunk UF, uberAgent, or Sysmon?

Many threats originate from the endpoint and detecting them requires insights into what happens on the endpoint. In this post we look at different endpoint activity data sources, comparing the benefits and capabilities of Splunk Universal Forwarder with vast limits uberAgent and homegrown solutions.


Cybersecurity, Compliance And Productivity: Three Critical Priorities When Launching A New Company In Uncertain Times

Some of the most iconic brands started during crises. As documented in an Entrepreneur article, the Hyatt hotel franchise launched during the 1957-1958 economic recession. Microsoft was founded during the oil embargo in the mid-1970s, and several prominent tech brands, including Uber and Airbnb, were created during the Great Recession. For today’s entrepreneurs, the lesson is simple: Don’t let these uniquely disruptive times deter innovation. Many are already embracing this mindset.


Unveil hidden malicious processes with Falco in cloud-native environments

Detecting malicious processes is already complicated in cloud-native environments, as without the proper tools they are black boxes. It becomes even more complicated if those malicious processes are hidden. A malware using open source tools to evade detection has been reported. The open source project used by the malware is libprocesshider, a tool created by Sysdig’s former chief architect Gianluca.


Netacea's Bot Mitigation Now Available on Salesforce Commerce Cloud

Manchester, 25th March 2021 – Netacea, a bot detection and mitigation specialist, has made its services available through Salesforce Commerce Cloud. Users of the SaaS eCommerce platform will be able to quickly integrate Netacea’s technology and protect against malicious bots. Commerce Cloud is Salesforce’s platform for B2B and B2C commerce, empowering brands to create enhanced shopping experiences across all channels.


What is a ROPA, why you need one, and how to make the process easier.

Working toward GDPR compliance means taking inventory on the data you collect and process. You've mapped your data, have a catalog of impact assessments, but now you need a way to present it in a way that regulators can look over. As far as the general data protection regulation (GDPR) is concerned, every piece of data processing you do needs a record, and those records are stored in a record of processing activities (ROPA). Regulators use a ROPA to get a full picture of your data processing.


Neil Daswani talks about his big breaches book and the BSIMM

Dr. Neil Daswani, codirector of the Stanford Advanced Security Certification Program, is coauthor with Moudy Elbayadi of “Big Breaches: Cybersecurity Lessons for Everyone,” released last month by APress. He is also president of Daswani Enterprises, his security consulting and training firm.


What is the Principle of Least Privilege?

Here is a simple illustration of how the principle of least privilege works. Remember when you installed Whatsapp? You most likely got a prompt asking you to click “Allow” so the app could access your media, run in the background, or manage contacts. In that instance, you were extending privileged access to the application, so it runs effectively for you.


Data Privacy Update: Virginia Consumer Data Protection Act (VCDPA) in global context

And so it continues. Last month, Virginia passed its own privacy law, the Virginia Consumer Data Protection Act (VCDPA), adding fuel to the fire over a US federal privacy law, and introducing new complexities for businesses operating in or addressing the US market. It will take effect on January 1, 2023 (the same day as California’s CPRA which amends the current CCPA) and was passed in record-breaking time: less than two months, and by an overwhelming majority.


What is a Data Protection Officer (DPO)?

A data protection officer (DPO) is an employee or contractor hired to oversee a company’s data protection strategy and ensure compliance with the General Data Protection Regulation (GDPR). The role was introduced in 2018 to promote compliance with the new laws governing how the personal data of EU citizens is handled. All public authorities are required to appoint a data protection officer to comply with GDPR.


Detectify Security Updates for 12 April

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.


DevSecOps and the Cloud: How Leaning on Your Cloud Provider Can Help You Shift Left

Over the past several years, an increasing amount of organizations have been moving their applications from on-premises to cloud-hosted platforms. And with the current pandemic forcing most businesses to adopt a fully remote work environment, the cloud is even more appealing. Gartner reported that cloud spend rose by double digits in 2020, and it’s expected to continue to grow by 18.4 percent in 2021.


Democratizing security: The next step in Sqreen's journey

Everything started in 2015, when Jb and I left Apple to co-found Sqreen, with a singular vision to democratize security. Our belief then, as it is now, is that a strong security posture can only exist when security is infused across the software development lifecycle; when it is not just the concern of security teams, but of developers and operations teams as well.


Product Update: IDcentrals document verification is now better than ever!

OCR is a perfect example of ‘Technology’ making human life easier. Identifying information from uploaded documents and extracting information was not as easy as it seems now. It involved a lot of manual intervention and possibilities of mistakes. Therefore, global industries are using OCR based document verification solutions to fill gaps or loopholes in manual processes.


The Sisyphean Task of Vulnerability Remediation

Here are five steps to help ease the burden Security teams are struggling to keep up with the pace of change in modern environments. More than 18,000 vulnerabilities disclosed in 2020 alone with an average mean time to patch of 60 to 150 days. On top of that, recent developments in DevOps enable developers to push code on demand and launch instances in cloud environments as often as the business needs.


Python language support now beta in Snyk Code

Snyk Code now offers beta support for Python 2.x and 3.x projects. You do not have to install or update anything since we added the support to the backend engine and it is available instantly to be used. When a repository is scanned, you will see Python beta results showing up. If you cannot wait for a scheduled rescan, you can manually trigger a scan.


CloudCasa Now Supports Data Protection for Amazon RDS

The choice for persistent storage for your cloud native applications depends on many factors including how your cloud journey started and whether your applications were migrated or developed for the cloud. Also, depending on how early you started using containers and migrated to Kubernetes, your distribution or managed service may not have offered the persistent data services you needed.

Assessing the cybersecurity landscape

In the latest installment of the ManageEngine Insights' podcast, enterprise analyst John Donegan sits down with Andy Bates, the executive director of the Global Cyber Alliance. An expert in the field of cybersecurity, Bates discusses current IT security trends, attack vectors, crime deterrents, and other emerging issues, such as biometrics and blockchain technologies. Bates also addresses user psychology as it relates to IT security, as well as some of the silver linings of the COVID pandemic.

How Tripwire Can Help U.S. Federal Agencies Implement the CIS Controls

Digital attackers are increasingly launching sophisticated campaigns in an effort to target U.S. federal agencies and other organizations. Two recent examples demonstrate this reality. These are the SolarWinds supply chain attack and the HAFNIUM Exchange exploit campaign.


Heroku Security: Securing your Heroku application

I’m guessing you’re here because you’ve got an application up on Heroku, and you’re wondering what steps you need to take to keep it secure. If so, then awesome—you’re in the right place. In this post, we’re going to be talking about securing applications on Heroku. We’ll first consider how we should think about security on a platform as a service (PaaS) like Heroku.


The Most Common Corporate Cybersecurity Risks

“Corporate cybersecurity” refers to the tactics and methodologies that organizations use to safeguard sensitive data, prevent unauthorized access to information systems, and protect themselves from cyber attacks such as malware or ransomware attacks, trojan viruses, social engineering or phishing email, endpoint breaches, and so forth. Cybercrime can be catastrophic for small businesses, but even large enterprises don’t have the luxury of taking cybersecurity for granted.


Streaming data with Amazon Kinesis

At Sqreen we use Amazon Kinesis service to process data from our agents in near real-time. This kind of processing became recently popular with the appearance of general use platforms that support it (such as Apache Kafka). Since these platforms deal with the stream of data, such processing is commonly called the “stream processing”. It’s a departure from the old model of analytics that ran the analysis in batches (hence its name “batch processing”) rather than online.


The difference between SASE and Zero Trust

Customers often ask me: What is the difference between Zero Trust and SASE? My answer is almost always the same: Nothing….and, everything. Both have taken the industry by storm over the last couple of years, and even more so with the security and access demands on the business driven by the existing remote workforce, but both have different implementation approaches. It is important to understand, however, that one does not fully provide the other; in fact, they reinforce each other.


What is a cybersecurity strategy and how can your business develop one?

The number of users, devices, and resources on company networks is growing exponentially. With this expanding attack surface, a company’s assets, intellectual property, reputation, staff and customer data are all at risk. It’s no wonder cybersecurity has increased in prominence, with many organizations investing in more sophisticated technical solutions. But just because you have all the network security solutions in place, it would be unwise to get complacent about your security posture.


Is Your Business Ready For Life After Covid?

As we all prepare for a new life after Covid-19, more businesses than ever are looking at expanding their digital presence and making online their number one channel. Despite this, many are unaware and ill-prepared for the threats facing them as we all transition to a “new normal”. Thanks to the rollout of vaccines, the threat of Covid-19 is steadily diminishing and businesses are set to resume normal service.


Understanding IT Security

With cyber criminals operating around the world, it’s more important than ever that businesses start understanding IT security. Afterall, 86% of UK organisations expect cyber attacks to increase, and 33% of hacked companies admit to losing customers after a breach. As an individual, a business, or a government or a nation-state, IT security is something that should be taken seriously.


Everything you need to know about vulnerability scanning

With high-risk vulnerabilities popping up every other week, realising there is no such dream ‘patch everything’ and configuration changes slowly add up to weakening your infrastructure security. Vulnerability management and scanning are core components of a solid cyber security strategy, ensuring a sound risk management process. Vulnerability management helps an organisation keep an eye on their assets, both from asset management and operational security.


Modern application security requires speed, scale, and collaboration

Detectify is on a mission to make the Internet safer through automation and crowdsourced hacker knowledge. We recently published “A guide to modern web application security” for SaaS and tech organizations looking to bring their security up to speed with development. Download your free copy of the guide here. Organizations are shipping code daily, making it challenging for security teams to keep track of changes in the web application and keep up with new security threats.


Weekly Cyber Security News 09/04/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. I think we are all aware of phishing email, and how they apply urgency and alarm to entice you to click on something you shouldn’t. Well, Deliveroo in France thought it would be a great April Fool’s wheeze produce fake receipts for their customers. Didn’t go down well….

Enhancing Event Log Analysis with EvtxEcmd using KAPE

How much time are you spending manually parsing and sorting event logs? With EvtxECmd, digital forensics professionals can optimize Windows event log analysis through its unique mapping feature. Created by Eric Zimmerman, EvtxECmd can be called via the EZParser module in KAPE (another tool created by Eric Zimmerman) to process thousands of events in seconds and create structured CSV files that are much easier to read and manipulate.

Securing cloud native applications: ActiveCampaign's VP, Information Security provides perspective

Cloud native has been a growing trend as organizations shift away from on-premise infrastructure and longer software release cycles towards a more iterative development approach using cloud-based tooling and infrastructure. While cloud native applications enable rapid deployments and greater scalability, this emerging software approach also introduces security challenges.

Splunk SOAR Playbooks: Azure New User Census

Hafnium is the latest cyberattack that utilizes a number of post-exploitation tools after gaining access to Exchange servers through a zero-day exploit. One of their persistence methods was creating new user accounts in the domain, giving them the ability to log back into the network using normal authentication rather than use a web shell or continue to re-exploit the vulnerability (which has since been patched). Learn how you can use Splunk Phantom to automate account monitoring to ensure that threat actors are not exploiting vulnerabilities to access sensitive information through authenticated accounts.

Digging Into the Third Zero-Day Chrome Flaw of 2021

Hidden deep in Google’s release notes for the new version of Chrome that shipped on March 1 is a fix for an “object lifecycle issue.” Or, for the less technically inclined, a major bug. Bugs like these have been common in Chrome, leading some to wonder whether the world’s most popular web browser is as safe as it could be? Google created Chrome as a secure browser and has loaded it with a growing set of security features along the way.


Redscan Q&A: Service Operations insights from Ashleigh Farrand

This commitment is highlighted by the results of our most recent customer survey, in which our company’s Net Promoter Score was distinguished as ‘great’ (63). We asked Ashleigh Farrand, our Head of Service Operations, to outline what’s involved in delivering a great customer experience and to tell us why she enjoys working in cyber security.


Understanding Crime-as-a-Service and How Organizations Can Best Protect Themselves

As of late, cyber threats have only grown in velocity and volume, with cybercriminals taking advantage of every new capability to grow and prosper. Couple that with a global pandemic and a sudden increase in remote working in the cloud, and you open the door to countless new vulnerabilities.


Malware Campaign Impersonating Large Retailers, Targeting Social Media Influencers

Over the last few weeks, Cyberint has witnessed an ongoing attack campaign targeting social media influencers, attempting to infect them with malware by impersonating large clothing retailers. The campaign targets influencers across multiple social media platforms but currently appears to mostly focus on influencers operating on YouTube. Further, although the infection process is not sophisticated, it is notable and appears to be evolving.


Integrating fuzzing into DevSecOps

Fuzzing helps detect unknown vulnerabilities before software is released. Learn when and where to integrate and automate fuzz testing in your SDLC. Fuzz testing is a highly effective technique for finding weaknesses in software. It’s performed by delivering malformed and unexpected inputs to target software while monitoring it to detect unwanted behavior and log failures.