August 2021


5 Reasons we're seeing more ransomware attacks than ever before

Cybersecurity specialists have noticed several troubling trends over the past year, ransomware being one of the most concerning. While this is far from a new issue, it’s now more common than ever before. Every month in Q2 2021 set a new record for ransomware attempts, contributing to a 151% year-over-year increase compared to 2020. Cybercrime has risen in the past year, but ransomware attacks are outpacing other forms.


Lookout Brings Mobile Cyber Threat Telemetry Dataset to Microsoft Azure Sentinel

I’m excited to announce that Lookout has extended its partnership with Microsoft to ensure our threat telemetry data is easily accessible via the Microsoft Azure Sentinel Security Information and Event Management (SIEM) solution. With this integration, Azure Sentinel users can leverage a rich mobile dataset within the Lookout Security Graph. When it comes to increasing productivity, we want to work smarter.


Learn Why Frost & Sullivan Names ThreatQuotient the XDR Competitive Strategy Leader

Extended Detection and Response (XDR) is the latest buzz word in the security industry and garnering significant attention. Industry analysts each have their own definition. Meanwhile, security vendors are quickly jumping on the bandwagon, recasting their products as XDR solutions. And it’s safe to assume many more will unveil XDR products in the months ahead.


Deterring ransomware for state and local government

According to FBI Director, Christopher Wray, when it comes to ransomware disruption and prevention, “...there’s a shared responsibility, not just across government agencies but across the private sector and even the average American.” At Elastic, we’re here to help state and local governments. Ransomware attacks cost the U.S. government more than $18.9 billion in 2020 alone.


Can you spot the bots hiding in rotating residential proxies?

On the countdown to a new release, every second counts to snap up those limited-edition new kicks or sought-after concert tickets. Online attackers know that when deploying bots to gain a competitive advantage, without masking their activity it’s a matter of time before their activity is blocked by the target eCommerce platform. Industries are becoming more and more alert to bots and their ever-increasing sophistication.


How Can Ekran System Protect You against Infected USB Devices?

While it’s difficult to imagine our modern business lives without mass storage devices, printers, scanners, and cameras, each USB connection can be a serious risk for an organization’s security. USB devices can be infected with malware that attacks your corporate system once a device is connected. Such attacks can result in the theft or compromise of sensitive data, damage to your infrastructure, or even damaged machines.


Do Banks Need to be PCI Compliant

Financial institutions are one of the most heavily regulated industries around, and for good reason. Access to the personal information and funds of their customers makes banks a popular target with hackers, and a dangerous location for a cybersecurity breach. With all of the regulations a bank needs to obey, it’s possible you may have overlooked the Payment Card Industry Data Security Standard, or PCI DSS.


Introduction to HSM - Hardware Security Modules

HSM stands for hardware security module. HSMs are hardware devices. They can be quite small and plugged into the main board of a computer, or they sit side by side in a server rack. They store sensitive data such as private keys. HSMs do not allow you to read that sensitive data back; instead, they expose only cryptographic operations like signing of certificates or encrypting data. This provides stronger protections for storing private keys compared to disks or databases.


Lookout Brings Mobile Cyber Threat Telemetry Dataset to Microsoft Azure Sentinel

I’m excited to announce that Lookout has extended its partnership with Microsoft to ensure our threat telemetry data is easily accessible via the Microsoft Azure Sentinel Security Information and Event Management (SIEM) solution. With this integration, Azure Sentinel users can leverage a rich mobile dataset within the Lookout Security Graph. When it comes to increasing productivity, we want to work smarter.


Break Up the IT Block Party: Facilitating Healthcare Collaboration

Healthcare organizations still seem to think that blocking all access to unapproved cloud storage or cloud collaboration tools means that they’re preventing leakage of sensitive information. But as the old saying goes, “Data flows like water.” Eventually, it’s going to find the holes and escape. Even if a healthcare IT system has water-tight data controls, that’s not the only goal within the organization—and not even the most important one.


Introducing the Blueprint of Modern Security Operations

Nowadays you don’t need to be reminded (but we will anyway) that between ransomware, phishing, supply-chain attacks and more, the threat landscape is organized, advanced and well funded. How are defenders responding? At a disadvantage. You are facing an attack surface ballooning from digital transformation and pandemic-induced remote workforce risks, a skills shortage not improving and disparate security systems that are uncooperative. The fight is not lost, thankfully.


Overcome the Security and Compliance Challenges in DevSecOps

Organizations are under tremendous pressure to deliver innovative products and stick to tight release timelines. To keep up with the rapid release schedule, engineering teams are adopting the DevOps model for its increased efficiency and agility. It has changed the way that development teams think. As a result, continuously improving performance and delivering releases faster have become standard.


Healthcare Digital Ecosystems Hinge on Modern Identity

Healthcare is no longer confined to the doctor’s office, clinic, or hospital. Today, networks of health technologies power connected digital ecosystems that have transformed care. These ecosystems have been growing and evolving for years, yet the pandemic has proved them to be an essential lifeline and distinct competitive differentiator.


Video Conferencing Problems Faced by Directors and Administrators

“Where should I find the link to my next video conference? Did the administrator send it to my email?” A line like this resonates with the overlooked plights most directors and administrators have in this age of video conferencing. Because of the effects of the COVID-19 pandemic, these worries may not be a top priority of organizations. Though these video conferencing problems may be considered trivial, they cause significant nuisances if not promptly addressed.


Choosing the Best Hybrid Meeting Venue

As pandemic restrictions loosen globally, your organization may be leaning towards having a hybrid meeting to slowly ease back into having physical attendees, while still remaining compliant to health and safety protocols. Unlike virtual-only meetings, hybrid meetings have additional requirements such as a physical venue, and the need of state-of-the-art audio & video production equipment. Here is a checklist of the factors to consider when choosing the best hybrid meeting venue.


Appknox Webinar: Building Org-Wide Software Security Practices

Continuing on our exciting and informative webinar series, last week Appknox hosted a webinar on 'Building Org-Wide Software Security Practices'. Organized in association with Xoxoday, the leading technology platform helping businesses manage incentives, rewards, incentives and loyalty programs, I had an amazing discussion regarding various aspects of security when it comes to org-wide business initiatives and so much more with Mr Srivatsan Mohan (VP, Xoxoday).


Quantum threat to cryptography and how to overcome this

We are familiar with quantum computing; know that it enables devices to do computations at an utterly inconceivable rate. It facilitates incredible advancements in technology. Ironically, quantum systems can make modern impenetrable cryptography hackable within seconds. Currently, quantum computers pose a high threat to the cryptography that underlies the safety of crucial networks.


What is IoT Security? 6 Ways to Protect Your Devices

The Internet of Things (IoT) is a growing concern for today’s digitally-focused businesses. Every connected device you own can add another security concern to your list. If it collects and stores personal information and data, you’ve just added another attractive target for criminals to access your network. In fact, 57% of IoT devices are vulnerable to medium or high-severity attacks.

The emerging threat of the cyber pandemic and building a resilient PAM strategy

In this on-demand webinar, our security experts will delve into the emerging cyberthreat trends and core security frameworks, such as Zero Trust and the principle of least privilege (PoLP) to help build a sustainable, foolproof PAM program for your enterprise. In this on-demand webinar, our security experts will delve into the emerging cyberthreat trends and core security frameworks, such as Zero Trust and the principle of least privilege (PoLP) to help build a sustainable, foolproof PAM program for your enterprise.

Is Your Cyber Team Overwhelmed by System Alerts?

Your cybersecurity team walks into the office, and their day is instantly taken off the rails. They get an alert informing them that something on the network is acting suspiciously. It isn’t necessarily a threat, but they don’t have the tools to know for sure. After looking into it, they learn that a SaaS provider for one of their departments delivered an update that caused a service degradation. Thankfully, it isn’t an attack.


Sysdig and Apolicy: Automating cloud and Kubernetes security with IaC security and auto-remediation

Today, Sysdig has completed the acquisition of Apolicy to enable our customers to secure their infrastructure as code. I am very pleased to see the Apolicy team become part of the Sysdig family, bringing rich security DNA to our company.


Five Reasons Why Speed is Important in Cybersecurity

Usually, when it comes to cybersecurity spending, people tend to try to calculate risk, savings on breach costs, compliance gaps, reputation costs. Those are all very relevant, but it turns out that for the business, one of the most important aspects of cybersecurity is speed. Below are five different aspects of speed by which a cybersecurity solution (e.g. a SIEM) should be evaluated.


AppSec Decoded: Key findings from the 2021 OSSRA report

In this episode of AppSec Decoded, we discuss the major open source trends identified within the 2021 OSSRA report. The explosive growth of open source is not new. Developers have been using this collaborative method of building software applications to meet the market demands for quality and speed for many years. Synopsys has conducted research on trends in open source usage with commercial applications since 2015.


How to Label Sites in Microsoft 365

I can’t tell you how many times I’ve been asked by customers if we can help them apply sensitivity labels at scale to data at rest in SharePoint Online. Unfortunately, I’ve had to tell them that there’s really only one option, and it’s not pretty. To date, there is no API that allow an end user to apply a sensitivity label directly to a file in a SharePoint Online site, so the only real option is to download the file locally, apply the label and then upload the file.

Catching SSH and RDP attacks without decryption

With the rise in distributed workforces both SSH and RDP connections have proliferated as remote employees connect to sensitive internal environments and machines to do their job. Unfortunately, these remote-friendly protocols are also prime attack targets and once compromised give adversaries a clear path to move laterally, deploy ransomware, and more.

Failing to Meet Cybersecurity Standards Can Have Legal Consequences for Companies

Cybercrime is one of the most significant threats facing companies today. With the average cost of a data breach reaching an all-time high of $4.24 million , the business case for cybersecurity has never been stronger. Still, some businesses seem to misunderstand the urgency of meeting current cybersecurity standards. It may help to consider the legal consequences of poor cybersecurity.


Operating security ownership at scale: Twilio's perspective

As organizations continue to adopt DevSecOps practices to deliver secure software, security ownership is an ever-critical consideration. Snyk recently held a roundtable with Twilio to discuss security ownership in 2021. In this post, we’ll recap the discussion between Guy Podjarny, President & Co-Founder of Snyk, and Yashvier Kosaraju, Senior Manager of Product Security at Twilio.


Zero Trust Requires Cloud Data Security with Integrated Continuous Endpoint Risk Assessment

Every once in a while, an industry term will get overused by marketing to the point of becoming a cliche. I think “Zero Trust” may have reached this threshold. In some ways, I understand why this is happening. Security perimeters have become obsolete as people use mobile devices and cloud applications to work from anywhere.


What Are the Different Types of Penetration Testing?

No company is free from risks and vulnerabilities. No matter how robust the digital infrastructure or how strict the cybersecurity measures are, some level of residual risk will always remain. That’s why many organizations include penetration testing in their risk assessment and security program.

Detect Everything: Bring Google Scale NDR to your Security Operations

Many organizations find that today’s security tools are not built for petabyte scale, long-term telemetry retention and are often cost prohibitive. Ingestion based pricing forces customers to limit what data is collected and retained, resulting in both more false positives and missed valid threats. Learn how enterprises can leverage all of their high-fidelity network data to gain a comprehensive, accurate and real-time understanding of your environment at any scale, on-prem or in the cloud.

Operationalizing network evidence for meaningful outcomes

Organizations are experiencing an increase in both threat volumes and complexity, leaving corporate security teams with the ongoing challenge of balancing workloads across a broader attack surface. IT and security teams struggle to identify all their endpoints and are often unable to install Endpoint Detection and Response (EDR) software on every known endpoint device, leaving security gaps that increase business risk. Network visibility is crucial for multi-layer defense and provides critical data to fill endpoint visibility gaps.

The Blueprint of Modern Security Operations

Security operations is at a critical juncture. Years of digital modernization, adversarial advancement and enduring talent deficits have given rise to an untenable situation, only further compounded by the mayhem waged by a worldwide pandemic. The good news is the circumstance is not unsolvable. It only requires a rejiggering of familiar ingredients: your people, your processes and your technology - and layering on a fresh, open-minded approach, untethered to the old way of doing SecOps.

Making your cryptocurrency financially and technically safe

Cryptocurrency is a fantastic way for people to invest their money in a technologically progressive and versatile way. However, it is also subject to considerable volatility and, as the IRS’s June announcement of a huge $2.3 million confiscation indicated, insecurity. Cryptocurrency and the regulation that surrounds it is undergoing vast change, with market forces changing on a whim every single month.


CIS Control 1: Inventory and Control of Enterprise Assets

Since 2008, the CIS Controls have been through many iterations of refinement and improvement, leading up to what we are presented with today in CIS Controls version 8. CIS Controls reflect the combined knowledge of experts from every part of the ecosystem (companies, governments, and individuals). The controls reflect consideration by people in many different roles such as threat analysts, incident responders, solution providers, policy-makers, and more.

Appknox - Highest Rated Mobile Application Security Solution

Launching a mobile enterprise application is no easy feat and one minor security breach can undo all your hard work in no time. With the right security platform, you can detect and fix security vulnerabilities without losing sleep. Say hello to Appknox, a plug-and-play security solution that secures your mobile enterprise applications in less than 60 minutes. Rated the highest in security products in Gartner and being a high performer on G2crowd for SAST, we set ourselves apart from our competition by allowing you to integrate your SDLC with all project management and CI-CD toolchain.

IAM 101 Series: What Is RBAC?

Inappropriate levels of access granted to employees, contractors, and partners is the leading cause of data loss, theft, and breaches. The number of external attacks has grown significantly in the last few years, and the sophistication of those threats has increased exponentially. The primary reason is cybercriminals’ use of new and emerging technologies, such as artificial intelligence (AI) and machine learning (ML).


Solving User Monitoring Use Cases With Splunk Enterprise Security

I’ve been working with Splunk customers around the world for years to help them answer security questions with their data. And, like you probably know, sometimes it’s hard to know where to start for specific security use cases. We all know Splunk’s data platform is capable of delivering incredible analytics and insights at scale, but how do we tie that power with all of the content and premium solutions for security that Splunk provides?


Managing license compliance with Black Duck SCA

Black Duck provides a comprehensive SCA solution for managing security, quality, and license compliance risks associated with open source use. Given today’s development trends, your organization is undoubtedly leaning heavily on open source in any number of ways. According to Synopsys’ annual Open Source Security and Risk Analysis (OSSRA) report


THREAT ALERT: Crypto miner attack - Sysrv-Hello Botnet targeting WordPress pods

The Sysdig Security Research team has identified a Cryptominer attack hitting a Kubernetes pod running WordPress, related to the recent Botnet Sysrv-Hello. The goals of the attack were to control the pod, mine cryptocurrency, and replicate itself from the compromised system. In particular, the attackers targeted a misconfigured WordPress to perform initial access.


Beyond Identity Teams with ForgeRock to Form the Building Blocks of Zero Trust

An overwhelming majority of cyber attacks are based on stolen and misused credentials. Passwords are susceptible to breach, theft, and attack. I often say, attackers no longer need to break in, they simply log in. The 2021 ForgeRock Consumer Identity Breach Report revealed that in 2020 attacks involving usernames and passwords increased by 450% over the prior year, which translates to more than 1 billion compromised records in the US alone.

Quality Document Management Quick Tip

GxP compliance made easy! Learn how to streamline the management of quality documents using innovative collaboration and automation features. Egnyte helps life sciences companies maintain compliance by streamlining the management of quality documents using innovative collaboration and automation features. Manage the complete lifecycle of regulated documents and automate the deployment of effective documentation, all on a unified, easy-to-use, GxP-compliant platform.

Shift Left Testing and Its Benefits

Testing practices have been shifting left in the software development process due to the growing challenge of developing and delivering high-quality, secure software at today’s competitive pace. Agile methodologies and the DevOps approach were created to address these needs. In this post, we’ll map out the basics of shift left practices in the DevOps pipeline, and how you can shift left your open source open source security and compliance testing.


The key to solving the cybersecurity workforce gap: Enlisting the world's 27 million developers in the fight

Yesterday, the Biden Administration called upon leaders from Amazon, Apple, Google, IBM and Microsoft as well as other private and non-profit organizations to discuss crucial measures for improving the overall cybersecurity posture of the United States. (This follows an Executive Order , which we wrote about in May, outlining a 100-day initiative to improve the security of the modern software supply chain ).


Cloud Threats Memo: Continuing Trends in Risks to Remote Working

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) have recently published a joint advisory providing details on the top 30 vulnerabilities routinely exploited by malicious cyber actors in 2020 and those widely exploited in 2021 so far.

Forward Networks

Hey buddy - wanna buy a zero trust?

In the past couple of weeks, I’ve had the opportunity to attend two technology events IN PERSON!!! Seeing people “mask-to-mask” has been fun and educational. Forward Networks recently exhibited at Black Hat in Las Vegas and AFCEA TechNet Augusta. Obviously, security was the topic at Black Hat, but it was also top of mind for TechNet attendees, and attendees at both events stressed the need for better network behavioral insight.


What did we learn from the 2021 ICO Report?

The 2021 ICO Annual Report highlights areas of concern for UK organisations, including the rise of ransomware, the constant threat of email phishing, and the lack of public faith in companies’ handling of data. Let’s dive into some of the more interesting findings from the regulatory body’s latest report.


Old mobile numbers can compromise unsecure MFA systems

Multi-factor authentication (MFA) adds a layer of security to logins that is essential to prevent unwanted access. This verification process uses a second device (owned by the user) as an additional identity verification element to which a token is sent (or generated) that certifies access veracity. The most secure MFA systems use applications to generate temporary codes, but many still rely on sending text messages to mobile phones (OTP).


Mobile app SDKs: The nesting dolls of hidden risk

Here’s an obvious statement for you: mobile applications are essential to how we go about our lives. From sharing files with colleagues to managing finances and connecting with family and friends, they seem to be able to do everything we need. But here’s the catch: developers rarely build apps from scratch and security is not typically their top priority. To quickly add features, they often rely on prepackaged code known as software development kits (SDKs).


Compliance vs Risk Management: What You Need to Know

According to a study conducted by Ropes & Gray, 57% of senior-level executives rate “risk and compliance” as the top two categories they feel the least prepared to address. There are a lot of misconceptions about compliance and risk management. Both help to prevent security threats to the organization’s legal structure and physical assets. And often, when people hear the terms compliance and risk management, they assume the two are the same.


Detection and response for the actively exploited ProxyShell vulnerabilities

On August 21, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released an urgent notice related to the exploitation of ProxyShell vulnerabilities ( CVE-2021-31207 , CVE-2021-34473 , CVE-2021-34523 ). By chaining these vulnerabilities together, threat actors are compromising unpatched Microsoft Exchange servers and gaining footholds into enterprise networks.


Hypergrowth Playbook: 7 best practices as you go from startup to scaleup

Across the tech startup space, growth is on fire, and a key differentiator of success will be your ability to scale your talent at the pace needed. Based on having gone through this phase at various companies over the past decade, I’ve been pulled into helping advise founders and heads of people at several earlier-stage startups. So I made it simpler, and drafted a Hypergrowth Playbook , with my learnings. We are happy to share this openly, to help the community at large.


Stories from the SOC -SolarWinds Sunburst attack with malicious file

In late 2020, SolarWinds was the victim of a cyberattack that spread to their clients and went undetected for months. The foreign entities were able to add malicious code into the Orion system and gain access to companies of all sizes and across industries. The malicious code was distributed to all of the systems via a routine software update. Attacks like this are becoming increasingly frequent, amplifying the importance of security solutions that can quickly detect a potential breach.


Core Values at Detectify: Turning problems into opportunities

At Detectify , we like to approach problems as opportunities for improvement. In the last couple of months, we’ve faced two challenges where we have taken the opportunity to rethink how we work. We’d like to share them with you to give you insight into how we work together and, hopefully, inspire some of you to try a new approach when solving your own challenges in the future! Both of these examples are related to our payment process.

Introducing Kroll's Third-Party Notification Platform

Kroll’s third-party breach management platform cuts through the complex logistics of coordinating breach notification for a compromised entity and the consumer-facing organizations with which they work. Watch this video to see how we help clients navigate through the complexities of breach notifications with third-parties.

How to cyber security: Invisible application security

Invisible application security is the concept of integrating and automating AppSec testing with little interruption to developer workflows. I really love the keyless entry system on my car. The “key” is not a key in the traditional sense; all I have to do is put it in my pocket and forget about it. When I reach for the car door handle, it simply unlocks. When I leave the car, I wave my hand over the handle to lock the car.


Ensure data security and compliance in Slack Connect with Nightfall

Slack as a product is constantly expanding with new functionality and integrations. Slack Connect is among the most popular new features Slack introduced in the past year and is growing in popularity because it’s an easy way to stay connected with people you work with outside your organization — in real time with all the features that Slack offers. ​​As new improvements or upgrades for Slack are released, data security and compliance should be a top concern for your teams.


Flexible Incident Response playbooks for any situation

One of the major buzzwords when talking about cyber incident response is playbooks, advanced workflows with specific actions tailored to deal with and respond to cyber incidents. Over the past few security conferences, I have noticed something of a trend emerging that centers on the uncertainty and hesitance that some incident response teams have regarding the use of playbooks and, in particular, around the notion of automation in incident response.


3 Ways to Secure SAP SuccessFactors and Stay Compliant

The work-from-anywhere economy has opened up the possibility for your human resources team to source the best talent from anywhere. To scale their operations, organizations are leveraging the cloud to accelerate essential HR functions such as recruiting, onboarding, evaluating and more. SAP is leading this HR transformation with its human capital management (HCM) solution, SAP SuccessFactors.

Tessian partners with Optiv Security as part of the company's move to a 100% channel model

Human Layer Security company Tessian today announces that it is moving to a 100% channel model, partnering with leading cybersecurity partners like Optiv Security to help enterprises secure the human layer and protect against threats caused by human error.

Web application security - 2021 update

Now more than ever it is critical for businesses to be successful during the pandemic with online sales. However, this is also where we often find cybercriminals are most successful. Internet security can be complex and is continuously being forced to change and stay up to date, with new cyber threats that come to light each day. However, one big threat that is typically overlooked is web application security. How important is web application security you ask?


The Top 10 Highest Paying Jobs in Information Security - Part 2

Information security is an exciting and rapidly growing field for individuals who are interested in protecting users and their data. In an effort to map out the industry as a possible career choice, we recently conducted research into the top 10 infosec jobs based on overall pay grade. We now continue with the second part of our two-part series.


Changing eKYC regulations: Are FI's ready to make a headway?

India ranks as one of the top two countries in the world in terms of digital adoption as per a McKinsey report. Over the last few years, initiatives such as Aadhaar, the national biometric digital identity program, have included over a billion Indians. India has also pioneered the United Payments Interface (UPI), a singular platform available as a mobile app that allows instant and cost-effective money transfer across people and businesses.

Cyber Defenders Defending Critical Infrastructure Interview with Aaron Cockerill

Nextgov interview with Aaron Cockerill for a conversation shaped by today’s topics of critical infrastructure and cybersecurity threats. Discussing everything from phishing attacks to hybrid-remote work best practices, this interview offers insight into how Lookout can help both public and private organizations address digital threat prevention, providing relevant context to the cybersecurity world going forward.
outpost 24

Joint PCI security and CSA guidance on scoping cloud environments

As organizations move their infrastructure to the cloud, payment data are being exposed unknowingly leading to high profile data breaches. Find out how the new guidance from PCI Security Standards Council (PCI SSC) and Cloud Security Alliance (CSA) can help protect your cardholder data in the cloud.


Active Directory Certificate Services: Risky Settings and How to Remediate Them

Active Directory Certificate Services has been around for a long time, but resources for learning it are not great. As a result, it often has misconfigurations that are an increasing vector for attacks. In fact, SpecterOps released a whitepaper detailing a number of misconfigurations and potential attacks and providing hardening advice.


Anatomy of a Supply Chain Attack: How to Accelerate Incident Response and Threat Hunting

In recent months, we’ve seen a sharp rise in software supply chain attacks that infect legitimate applications to distribute malware to users. SolarWinds, Codecov and Kesaya have all been victims of such attacks that went on to impact thousands of downstream businesses around the globe. Within minutes of these high-profile attacks making headline news, CEOs often ask: “Should we be concerned? How is it impacting us? What can we do to mitigate risk?” .


7 Strategies to Keep Business Data Secure

Cyberattacks are on the rise. The growing number of internet-connected devices and the value of business data means cybercriminals have more to gain than ever from breaking into a company’s network. It’s not uncommon for hackers to target operations of all sizes — meaning that any company holding onto important information needs defenses that will keep that data secure. These seven strategies are some of the most important cybersecurity tactics for a business to use.


Snyk Container meets Cloud Native Buildpacks: Cloud Native Application Security the right way

So you’re running microservices in containers? Congratulations! This is an important step towards meeting those business needs around delivering applications to the hands of your customers as soon as possible. But how can we mitigate any potential risks associated with faster software deployment? Simple, with Snyk.


Vulnerability Management: Process, Life Cycle, and Best Practices

Vulnerability management is a full-time occupation. This cybersecurity function is iterative and involves constant monitoring, documentation, and review. From updating your software to recording new patches, vulnerability management is a constant process that benefits from automated tools like Nightfall . Here’s how vulnerability management works, the ins and outs of the vulnerability management life cycle, and best practices to implement at your organization.


What are bots costing gaming and betting companies?

As the pandemic pushed more businesses to an online-first model, cybercriminals seized opportunities to profit from fraudulent activity. But the financial impact of these attacks on businesses has been hard to quantify. Netacea recently surveyed 440 businesses from across the USA and UK to understand how much financial impact bot attacks are having across different industries.


How to Use Egnyte to Protect Against Insider Threats

Vigilant companies continuously review risks and their cybersecurity postures. They deploy active defense-in-depth measures and utilize the latest malware detection and mitigation techniques. However, there is one type of vulnerability that tends to fall through the cracks—insider threats. That’s because IT organizations often believe it’s management’s problem to address, while managers believe IT groups have insider threats under control.


A Real-World Look at AWS Best Practices: Storage

Best practices for securing an AWS environment have been well-documented and generally accepted, such as AWS’s guidance. However, organizations may still find it challenging on how to begin applying this guidance to their specific environments. In this blog series, we’ll analyze anonymized data from Netskope customers that include security settings of 650,000 entities from 1,143 AWS accounts across several hundred organizations.


The Next Big Challenge: Cloud Complexity

Cybersecurity remains an ever-growing concern in our digitized, post-pandemic world. While rapid digitization opens doors to ample benefits and business opportunities, companies also have to deal with an uptick in cybercrimes, as criminals and other threat actors raise their game, making cyber attacks more frequent and complex than ever before. Consequently, businesses have suffered serious losses resulting from ransomware attacks, data breaches, and theft of trade secrets.


Global Confidence: Using crowdsourcing and machine learning to scale your SOC resources

Our mission is to create a force multiplier for SOC teams and security analysts so they can reduce the time to verdict or judgment while triaging new Insights. At Sumo Logic, we take a different approach than other SIEM solutions. We don’t just create alerts and leave the analyst to gather other artifacts to gain context. We associate and group alerts, or what we call Signals, to an Entity (IP, User, Hostname, etc...).


Hit by hackers? You're now a target for more attacks

After being hit by a ransomware or phishing attack, it might be tempting for businesses to think the damage has been done and they can now focus on rebuilding. This is rarely the case. Research shows that 80% of organisations targeted by ransomware end up suffering another attack – and 46% are targeted by the same cybercriminals that hit them in the first place.

SANSFire: An Alert Has Fired. Now what?

While the security industry spends a lot of time and energy getting more and/or better alerts, comparatively little investment has gone into helping analysts operationalize and contextualize those alerts. This webcast will discuss how a solid foundation of network telemetry can enable not only high-velocity, high-confidence processing of alerts of all stripes, but also a host of other critical security applications, from fundamentals like asset management to advanced techniques like proactive threat hunting. Real-world examples and code will be used throughout the talk, along with practical considerations for operating in an enterprise environment.

Wanted: Reward of up to $10 million for critical infrastructure hackers

The U.S. government aims to tackle cybercrime, in particular attacks targeting critical infrastructure. For this purpose, the U.S. State Department has announced a reward of up to $10 million to anyone who offers valid information about any potential cyberattacks on critical infrastructure supported by foreign states.


A Comprehensive Approach to DAST

In the modern DevOps framework, the security has shifted to the left and Application Security Testing (AST) techniques like DAST have become even more important. The latest Forrester reports indicate that application weaknesses and software vulnerabilities are the most common attack methods, and businesses fall victim to ransomware every 11 seconds. Further, modern-day businesses are consistently grappling with fast-paced development and industry disruptions.


PRISM attacks fly under the radar

AT&T Alien Labs has recently discovered a cluster of Linux ELF executables that have low or zero anti-virus detections in VirusTotal, though our internal threat analysis systems have flagged them as malicious. Upon inspection of the samples, Alien Labs has identified them as modifications of the open-source PRISM backdoor used by multiple threat actors in various campaigns.


What is Shadow IT? And How to Manage It

Everything connected to your network poses a security risk. Every application on every device poses a threat to that device which then increases your security risk profile. Ultimately, organizations need visibility into all users, applications, and devices on their networks. Whether arising from employees using personal devices or downloading applications to corporate devices, shadow IT is becoming a bigger problem for organizations.


An easy recipe for identity fraud - Post a dream job LinkedIn advert on behalf of almost any employer

This post is about LinkedIn – a go-to professional networking and jobs platform – a feature that allows outside individuals (not belonging to the target organisation) to post jobs on an organisation’s behalf. Whether you call it posting scam jobs on LinkedIn, phishing the LinkedIn users or any wider campaigns based on the drivers – it is a recipe for Identity fraud.


Elastic and Shifting left together to secure the cloud

Since its inception, Elastic Security has had a clear mission: to protect the world's data and systems from attack. We started with SIEM, built on top of the Elastic Stack, applying its fast and scalable search capabilities to detect security vulnerabilities across all threat vectors. Next, we joined forces with Endgame to integrate endpoint security into Elastic Security, and allow customers to prevent, detect, and respond to attacks from a single, unified platform.


What is Digital Forensics? Defining Digital Forensics and Incident Response

According to Research and Markets, the worldwide digital forensics market will expand at a compound annual growth rate of 13% through 2026. The rise of cybercrime is most certainly driving its growth — especially since digital forensics plays a critical role in mitigating cyberthreats in the modern security operations center (SOC).


Defending against the cyber pandemic demands holistic security and intelligent DevSecOps

Learn how Synopsys AppSec tools and services can help your organization deliver a holistic security approach to address rising cyber threats. Not only has the number of cyber attacks increased dramatically in 2020, but the ingenuity and scale of the attacks has also jumped way off the charts. The SolarWinds attack was “the largest and most sophisticated attack the world has ever seen” with the number of software engineers working on these attacks estimated to be over 1,000.


What is Endpoint Security?

In enterprise networks, endpoint devices refer to end-user devices such as laptops, servers, desktops, Internet of Things (IoT) devices, and mobile devices. Such devices enable users to access the corporate network, and are therefore indispensable for day-to-day operations. Endpoints also, however, expand a company’s attack surface, since each one can be exploited by malicious threat actors to launch cyberattacks via ransomware, phishing emails, social engineering, and so forth.


Frontline privacy observations from deploying the EU's new..

Our Data Privacy Services team collates the most interesting practical ramifications from implementing the new SCCs with our GDPR services customers. In our latest update of the Data Privacy Periodic Table , we included reference to the EU’s June 2021 release of substantially updated Standard Contractual Clauses (SCCs), triggered by 2020’s Schrems II ruling. The new, far more substantial SCCs have been largely welcomed.


Plugins to put Node.js application security and observability in your IDE

As developers, we spend a lot of time in our IDEs writing new code, refactoring code, adding tests, fixing bugs and more. And in recent years, IDEs have become powerful tools, helping us developers with anything from interacting with HTTP requests to generally boosting our productivity. So you have to ask — what if we could also prevent security issues in our code before we ship it?


Netskope Threat Coverage: BlackMatter

In July of 2021, a new ransomware named BlackMatter emerged and was being advertised in web forums where the group was searching for compromised networks from companies with revenues of $100 million or more per year. Although they are not advertising as a Ransomware-as-a-Service (RaaS), the fact they are looking for “partners” is an indication that they are operating in this model.


How Tripwire Can Help to Defend Against Ransomware

Ransomware is having a bit of a moment. Check Point revealed that ransomware attacks increased 102% globally in H1 2021 compared to the start of the previous year, with the number of corporate ransomware victims having doubled over that same period. Average ransom payments also grew 171% from $115,123 in 2019 to $312,493 a year later. But those weren’t the amounts originally demanded by attackers. Indeed, ransomware actors wanted an average of $847,344 from their victims in 2020.


Using Threat Modeling to Boost Your Incident Response Strategy

Threat modeling is increasing in importance as a way to plan security in advance. Instead of merely reacting to threats and incidents, an organization can identify and evaluate its security posture, relevant threats, and gaps in defenses that may allow attacks to succeed. Threat modeling has a two-way relationship with incident response.


Network segmentation: Importance & Best Practices

Traditional and typical cyber security techniques usually fail to meet the security requirements of today’s corporate industries and businesses. As the digital world has revolutionized, so are cyber security threats and risks. It has become more difficult to rely on a single security solution or a single line of defence.


Five worthy reads: Differential privacy-what it means for businesses

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we explore one of the evolving privacy-enhancing techniques called differential privacy and how it’s being leveraged by organizations to safeguard sensitive data from being exposed. Cutting-edge technologies based on artificial intelligence and machine learning have been gaining traction in recent years.


Data protection and the Age-Appropriate Design Code

A 2019 report by Ofcom shows that 50% of ten-year olds own mobile phones. While viewing of video-on-demand (with YouTube as firm favourite), has doubled in the last five years among children. Platforms like TikTok are rapidly growing in popularity. Sadly, more and more children are being exposed to hateful, violent and disturbing contents on these platforms.


What is ISO/IEC 27001? A Clear and Concise Explanation for 2021

ISO/IEC 27001 is the leading international standard for regulating data security through a code of practice for information security management. Its creation was a joint effort of two prominent international standard bodies - the International Organization for Standardization (ISO), and the International Electrotechnical Commission (IEC). This is why the standard is formally prepended with ISO/IEC, though "IEC" is commonly left to simplify referencing.


Key insights from the Conti ransomware playbook leak: establishing a foothold

Following a leak of a cache of documents relating to the Conti ransomware group by one of its own affiliates, in the first of a two-part blog series we analyse some of the main findings and outline steps to mitigate against Conti and other ransomware variants.


Impact of modern ransomware on manufacturing networks

Manufacturing facilities employ assembly lines, material handling systems, motors, and furnaces that all require big physical machines. Innovative trends in the manufacturing industry and the advancement of operational technology have also meant introducing computers across operation and production systems.


What Makes Teleport a Great Place to Work

August has been a great month for Teleport. Our Series B round of funding , led by Kleiner Perkins, plus the arrival of secure MongoDB access with Teleport 7.0 is cause enough for celebration. In addition, Teleport has been officially Certified™ by Great Place to Work ®. This prestigious certification is based entirely on feedback from current employees; this year, an incredible 100% of our team members told us we are a great place to work.


What is a Third-Party Risk Assessment?

A third-party risk assessment is an analysis of the risk introduced to your organization via third-party relationships along the supply chain. Those third parties can include vendors, service providers, software providers and other suppliers. Risks to be considered include security, business continuity, privacy, and reputation harm; as well as the risk that regulatory compliance obligations might force you to stop working with a party until its issues are addressed.


Humio and Mimecast Integration Helps Organizations Mitigate Cyber Risk From Email

We are excited to announce the availability of a new integration with Mimecast which allows Humio customers to ingest email security logs from their Mimecast email security service. Email is the top initial attack vector, with phishing campaigns responsible for many damaging cyber attacks, including ransomware.


Managing Board Meetings: What Board Portals Offer More than Video Conferencing

One of the primary challenges ushered by the shift of companies to digital board meetings is finding the right platform. Video conferencing platforms like Zoom have been popularly used to conduct meetings, especially since businesses had to employ physical distancing when the COVID-19 pandemic started. However, in selecting a platform, most attention is given to how it facilitates the actual meeting, overlooking its support for activities before and after.


Securing endpoints, part 1: Ensuring hackers don't manipulate your browsers to carry out attacks

In a world of automation, computers and the data on them have become the backbone of many organizations. But data is a double-edged sword. It can be leveraged by organizations to improve operations, but in the wrong hands, it can be a deadly weapon for hackers. So how do organizations ensure their data is safe?

Veracode Software Composition Analysis Cited as a Strong Performer by an Independent Research Firm

Veracode, the largest global provider of application security testing (AST) solutions, has been recognized as a Strong Performer in The Forrester WaveTM: Software Composition Analysis, Q3 2021 by Forrester Research, a leading global research and advisory firm.

Cybersecurity experts are currently drowning in ransomware attacks

U.S. President Joe Biden is under pressure to take a stand against a relentless pace of cybersecurity attacks. Russian-speaking hackers have claimed accountability for a recent ransomware assault on IT management software provider Kaseya VSA. The group of Russian threat actors also referred to as the Revil Group, launched a bombshell supply-chain hit during the weekend of July 4th, 2021 against Kaseya VSA and multiple managed service providers.


Cybersecurity Visibility: The Key for Business, Security and SOC Alignment

It has become obvious that visibility is one of the critical pillars for the success of any organization’s cybersecurity program. Research by ESG found that nearly 80% of organizations with a lack of visibility into their assets report roughly three times as many incidents. That sobering statistic is cited in a recent report from SANS, Making Visibility Definable and Measurable, that examines the issue from multiple perspectives.


'The Perfect Scorecard' Focuses on Communication Between CISOs and the Board

In most companies today, there is a critical divide between the Chief of Information Security (CISO) and their board of directors. Our new book, The Perfect Scorecard: Getting an ‘A’ in Cybersecurity from your Board of Directors , is an attempt to close that gap. The Perfect Scorecard features insights from 17 leading CISOs and executives known for their leadership skills and their ability to communicate across roles and sectors.


Forrester recognizes Synopsys as a leader in Software Composition Analysis

Black Duck ranks highest in Strategy and receives highest possible scores in Product Vision, Market Approach, and Corporate Culture criteria. This week, Synopsys was named a Leader in “ The Forrester Wave™: Software Composition Analysis, Q3, 2021 ,” by Forrester based on its evaluation of Black Duck, our Software Composition Analysis solution. Forrester evaluated 10 of the most significant SCA providers against 37 criteria.


Kubernetes security through Styra DAS: Pre-built PCI policy packs

Not only has cloud native transformed the velocity in which organizations execute and maintain business operations, but it has also redefined storage, network and compute. From the infrastructure that IT operations maintains, to the applications that supply customers with the ability to interact with their data—DevOps teams have to deliver more services than ever, and they have to do it fast, with little to no error. Easy, right?


Veracode Ranked as a Strong Performer in Forrester Wave Software Composition Analysis Report

Veracode has been recognized in a report Forrester Research recently released, The Forrester Wave™: Software Composition Analysis, Q3 2021 . The report helps security professionals select a software composition analysis (SCA) vendor that best fits their needs. The report, which evaluates 10 SCA vendors against 37 criteria, ranks Veracode as a strong performer.


Hunting for Detections in Attack Data with Machine Learning

As a (fairly) new member of Splunk’s Threat Research team (STRT), I found a unique opportunity to train machine learning models in a more impactful way. I focus on the application of natural language processing and deep learning to build security analytics. I am surrounded by fellow data scientists, blue teamers, reverse engineers, and former SOC analysts with a shared passion and vision to push the state of the art in cyber defense.


Are You Being Measured Against Your Real Attack Surface?

Security teams are overwhelmed. An ongoing talent shortage in the industry makes it difficult to hire when help is desperately needed. In fact, a survey of security professionals conducted by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) finds 38% think a talent shortage has led to overwork and burnout at their organizations — a 12% increase since 2020.


The Forrester Wave Software Composition Analysis, Q3 2021: Key Takeaways

The Forrester Wave™ Software Composition Analysis, Q3 2021 report states that open source components made up 75% of all code bases in 2020. This is more than double the 36% in 2015. As organizations increasingly rely on external components to quickly add functionality to their own proprietary solutions, they take on greater risk, especially considering these open source components may contain unmitigated vulnerabilities or violate organizations’ compliance policies.


Announcing new Cloud Security Monitoring & Analytics apps to surface the most relevant security insights from AWS GuardDuty, WAF, and Security Hub data

Given today’s evolving multi-cloud dynamics and increasingly active threat landscapes, security teams have a greater need for integrated and scalable monitoring that provides meaningful real-time insights into the state of organizational security posture. As organizations adopt cloud-first strategies, cybercriminals have taken note and continuously evolve their tactics to gain access to valuable cloud data.


The Cost of a Data Breach Report: Key Highlights

IBM’s Cost of a Data Breach Report 2021 analyzed 537 real breaches and conducted nearly 3,500 interviews to uncover the true cost of a data breach in 2020. The publication covers initial attack vectors, how long it took organizations to discover and contain braces, as well as the effects that incident response efforts and artificial intelligence have on mitigating breach costs.


The anatomy of an arbitrage betting bot

In gaming and betting, it is said that the house always wins. However, some bettors are constantly looking for loopholes to guarantee a profit no matter the outcome of their bets. They have even developed sophisticated software tools to help with a controversial tactic called arbitrage betting, which costs the industry millions each year.


How to influence compliance as a DPO (without making your colleagues cry!)

Data protection has matured incredibly over the last 10 years. The ‘privacy industry’ has gone through a metamorphosis not seen in many other disciplines. Now, as we reflect on the organisational changes the pandemic introduced, we must recognise that being able to quickly access and share accurate data is critical to every business’ success – regardless of where employees are working from.

The Perfect Scorecard: Getting an A in Cybersecurity from your Board of Directors

Corporate board members are known for their relentless focus on the bottom line -- and with good reason. CISOs and other security executives are often mired in technical language and many times, unable to communicate the business impact that cybersecurity has on the bottom line. This helps explain why the average tenure of a CISO is roughly two years.

Enable multi-factor authentication for Outlook Web App logins and secure enterprise emails

In March this year, organizations employing Microsoft Exchange were in for a shock when Microsoft announced that a hacker group was gaining access to organizations’ email accounts through vulnerabilities in its Exchange Server email software. The group tried to gain information from defense contractors, schools, and other establishments in the U.S.


Practical maritime OSINT

Advancing telecommunications positively affects the maritime industry. The industry is more organized and well-connected; however, the rising technology brings new challenges and vulnerabilities. Although flags and semaphores are still applicable in some cases, most communications are radio-based. Vessel traffic service (VTS) tracks maritime traffic similar to what the air traffic controller does for aircraft; the VTS receives vessel information via the AIS system .


What is a SOC 2 Report and Why Is It Important

A Service Organization Controls (SOC) report provides independent validation over a company’s internal financial reporting controls. They were originally used to validate compliance with the Sarbanes-Oxley Act of 2002. When the SEC released the “ Commission Statement and Guidance on Public Company Cybersecurity Disclosures ,” SOC reports started to include cybersecurity. Understanding what a SOC Type 2 report is can give insight into why it is important to your organization.


Kubescape: The First Open-Source Tool for Running NSA and CISA Kubernetes Hardening Tests

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published comprehensive recommendations for strengthening the security of an organization’s Kubernetes system to help companies make their Kubernetes environment more difficult to compromise. This 52-page cybersecurity technical report offers practical guidance for admins to manage Kubernetes securely, focusing on the common sources for a compromised Kubernetes environment.


Needed: A Secure Shopping Experience Across All Channels

The pandemic hastened long-developing trends toward digitization and decentralization. As virus concerns, social distancing guidelines and convenience pushed people online, ecommerce sales surged, expected to hit $4.2 billion globally this year, jumping ahead by years in the process. To be sure, this isn’t a one-time trend. According to one survey , nearly half of shoppers who altered their shopping habits in 2020 plan to make those changes permanent.


What is Third-Party Risk?

Third-party risk is any risk brought on to an organization by external parties in its ecosystem or supply chain . Such parties may include vendors, suppliers, partners, contractors, or service providers, who have access to internal company or customer data, systems, processes, or other privileged information. While an organization may have strong cybersecurity measures in place and a solid remediation plan, outside parties, such as third-party vendors , may not uphold the same standards.


Detectify Teams up with Hackers for Change

STOCKHOLM — Aug. 18, 2021 — Detectify , the SaaS security company powered by ethical hackers, today announced its partnership with Hackers for Change. The collaboration will equip non-profit organizations with the tools required to strengthen security and decrease the likelihood of cyber-attacks, supporting the mission of Hackers for Change to provide charities and nonprofits with industry-quality cybersecurity services at no cost.

Three Tactics to Bypass Multi-factor Authentication in Microsoft 365

Microsoft 365 (M365) has quickly become one of the most utilized email platforms and, thanks to a variety of productivity and communication applications deeply embedded in enterprise processes, it’s also a popular target for cyber criminals. Microsoft certainly understands that and has enabled extensive security mechanisms for M365, including multifactor authentication (MFA), which requires users to present more than one form of authentication before login.


IT Risk Team Discovers Previously Unknown Vulnerability in Autodesk Software During Client Penetration Test

During a recent client engagement, the DGC penetration testing team identified a previously unknown vulnerability affecting the Autodesk Licensing Service, a software component bundled with nearly all licensed Autodesk products. The vulnerability exists in a software component common to most Autodesk products and impacts nearly all organizations using licensed Autodesk software in any capacity.


What are bots costing businesses in 2021?

Netacea surveyed 440 enterprise organizations based in the USA and UK across travel, entertainment, eCommerce, telecommunications and financial services to understand the cost of bot traffic on businesses. Our respondents indicated that they are aware of the increase in scale and frequency of bot attacks over the course of Covid-19 pandemic, with 85% more attacks occurring in 2020 vs. 2019.


Splunk SOAR: Anyone Can Automate

If you haven’t heard the news, Splunk Phantom is now Splunk SOAR – available both on-prem and in the cloud. What does this mean to you? You can deploy SOAR in the way that best supports your business needs. No matter what deployment you choose, you can automate from anywhere, and truly “SOAR your own way!” Hot on the heels of our cloud release is another exciting announcement: Splunk SOAR’s new Visual Playbook Editor.


Teleport Raises $30MM Series B and Expands its Access Plane Technology with MongoDB Support

Teleport, an Access Plane company, is announcing today that it has secured $30M in Series B funding. The company also released its latest version of its offering, Teleport 7.0 – introducing identity-based access for MongoDB . This funding round is led by Kleiner Perkins and follows the company’s record-breaking quarter, with net new annual recurring revenue up 5x and total annual recurring revenue up 2.5x, compared to the second quarter of 2020.


Redline Stealer

First observed in 2020 and advertised on various cybercriminal forums as a 'Malware-as-a-Service' (MaaS) threat, Redline is an information stealer mainly targeting Windows' victim credentials and cryptocurrency wallets, as well as Browser information, FTP connections, game chat launchers, and OS information such as system hardware, processes names, time zone, IP, geolocation information, OS version, and default language.


How Snyk Social Trends help you fix essential security vulnerabilities

Recently, Snyk added Social Trends to its vulnerability data . This new indicator shows you what vulnerabilities are trending so you can better prioritize remediation. Our research team found out that there is a strong correlation between socially trending vulnerabilities and the existence of exploits that can actually harm your application.

Splunk SOAR Feature Video: Playbooks

Splunk SOAR playbooks automate security and IT actions at machine speed. Playbooks execute a sequence of actions across your tools in seconds, vs hours or more if you perform them manually. Splunk SOAR comes with 100 pre-made playbooks out of the box, so you can start automating security tasks right away. Splunk SOAR’s visual playbook editor makes it easier than ever to create, edit, implement and scale automated playbooks to help your business eliminate security analyst grunt work. *Users can build and edit playbooks in the original horizontal visual playbook editor, or the vertical visual playbook editor introduced in August 2021.

Security Exception vs. Risk Acceptance: What's the Difference?

Businesses face an endless range of security concerns. Internal controls and security procedures help, but not every risk can be managed out of existence. To build a sustainable security program, then, executives need to rely on risk acceptance and security exceptions to keep operations running and to appease stakeholders as best as possible.


AWS GDPR compliance with Sysdig Secure

AWS GDPR compliance, privacy and personal data protection are one of the most common concerns among cloud teams that run workloads in the AWS Cloud. When thinking about the different mechanisms to protect privacy and gain trust from the users who utilize our services, Compliance is one of the words that comes to mind.


What Is a Distributed Denial of Service (DDoS) Attack?

The term DDoS attack refers to a malicious actor or group of actors intentionally trying to overwhelm a victim’s computer network with traffic. The large influx of network traffic being directed at the target can cause serious issues for legitimate traffic, such as regular users who need to access websites, data or services. Everyone from gamer sites to large enterprises fears the threat of distributed denial of service attacks.


What is Vulnerability Testing?

Even the most secure IT system can have vulnerabilities that leave it exposed to cyber attacks. Constantly changing network environments, social engineering schemes, and outdated or unpatched software are all threats that call for routine vulnerability testing. Vulnerability testing, also called vulnerability assessment or analysis, is a one-time process designed to identify and classify security vulnerabilities in a network.


The Next Disruptive ICS Attacker: An Advanced Persistent Threat (APT)?

No discussion on ICS attacks could be complete without talking about what some would call, ‘the elephant in the room.’ Critical infrastructure has always been a target for warfare, and modern ICS are no exception. Several high-profile ICS disruptions have in fact been attributed to malicious hackers working at the behest of a military or intelligence agency.


Deep Dive Into Security Orchestration, Automation and Response (SOAR)

When it first burst onto the cyber security scene back in 2015, SOAR was dubbed by Gartner as a ground-breaking, revolutionary technology in the cyber security industry. Fast-forward 6 years, Security Orchestration, Automation and Response has lived up to those expectations and is rapidly growing its presence rapidly, with the SOAR market estimated to exceed $550 million by 2023 .


Monitoring networks for Chinese State-Sponsored Cyber Operations

The US federal government recently took an unprecedented step in the fight against cyber espionage, publishing detailed technical guidance on tactics and techniques used by Chinese state-sponsored actors. The NSA, CISA, and the FBI have done the security community a great favor by making this material public, mapping tactics and techniques to MITRE ATT&CK, and providing a breakdown of specific exploited vulnerabilities.


NIST Zero Trust Architecture Compliance

Zero Trust network security framework suggests that administrators trust no one and subject all users to full authentication and authorization prior to any user-to-application request. The National Institute of Standards and Technology (NIST) has published recommended best practices organizations can put in place to minimize cyber risk and exposure.

Overcoming the Legacy VPN Dilemma

Business has grown beyond the confines of standard organizations. Now, employees and partners interact with company apps and data from any location (e.g. home offices, customer sites, or partner facilities). But even though many aspects of offsite connectivity have evolved, others desperately need to. While staff and integrated 3rd party remote work models are commonplace, the access models enabling them are outdated and broken.

What are Mobile App Security Standards?

With an increasing overflow of threats and attacks on mobile apps, businesses are now more concerned than ever about making their apps safe and secure for their users. Even the apps which were deemed to be secure and impenetrable are now being crept into with severe vulnerabilities. And this is why there is a huge priority shift happening across the globe towards mobile app security. According to Gartner , the global market for information security is expected to cross a market cap of$170.4 billion.


Complete Content Lifecycle Management in a Single Place

Egnyte’s content lifecycle management solution gives customers full control and flexibility over content at all stages of its lifecycle, from migration of data into Egnyte to managing retention, archival and deletion, and end of life content. Unlike point solutions, Egnyte provides a robust product suite that addresses consolidation of content across repositories, management of content within Egnyte, and content that should be archived. Here's a quick recap of what’s included.


Building Java container images without a Dockerfile using Jib

Suppose you’ve been working with container images for more than a minute. In that case, you’re probably familiar with those ubiquitous documents that describe, layer-by-layer, the steps needed to construct an image: Dockerfiles. Did you know that there is a growing set of tools for building OCI compliant images without Dockerfiles?


Defence Engineering and Threat Intel - No Stone Left Unturned

Every breach starts as a compromise that goes unnoticed and unactioned, often because existing security devices have too many events, too little context and cannot prioritize. Providing these systems with threat intelligence is the lowest cost and most effective way to improve contextualization and blocking of new attacks.


5 Types of Social Engineering Attacks and How to Mitigate Them

Social engineering is a type of cyber attack that targets people to gain access to buildings, systems, or data. Social engineering attacks exploit human vulnerabilities to get inside a company’s IT system, for instance, and access its valuable information. Social engineering is one of the most common— and successful— forms of cyber attack. Social engineering attacks are constantly evolving, but they generally follow five main approaches.


7 Indicators of Compromise: The Essential List for Breach Detection

Indicators of compromise are the red flags of the information security world. These helpful warnings allow trained professionals to recognize when a system may be under attack or if the attack has already taken place, providing a way to respond to protect information from extraction. There are many indicators of compromise, depending on the type of threat.


The Top 10 Highest Paying Jobs in Information Security - Part 1

Want a job in cybersecurity? There are plenty to go around. Cybersecurity Ventures estimated that there will be 3.5 million job openings in the industry by the end of the year. That makes sense. According to Gartner , global spending on information security and risk management technology is expected to exceed$150 billion in 2021. Organizations are going to need someone to help them manage those new solutions. The issue is that information security is an expansive industry.


The Need for SSPM in the Digital Transformation Journey

During this past year, organizations have moved towards the adoption of SaaS (software-as-a-service) applications like Microsoft O365, Salesforce, and GitHub at a more rapid pace than originally planned to help accommodate and facilitate the many employees that became remote workers, needing access to cloud applications from anywhere.


Netskope Introduces Cloud Firewall-as-a-Service (FWaaS)

Change is the only constant and this is especially apparent for the firewall space, as we’ve seen with branch office transformation and users continuing to work remotely. Secure Access Service Edge (SASE) architecture, when properly designed, puts the user in the center with cloud edge security services protecting them, their data, and the apps and websites they use every day, on either company or personal instances.

Bughunting your React web applications using DevTools

What if I told you that simply using Redux DevTools we will be able to bypass security gates that you didn't realize you have open? Building modern web applications still leaves out many room for mistakes, and even using frameworks like React, requires adhering to many security practices, in order to get things right for security. Otherwise, you risk exposing your web applications to vulnerabilities that others can exploit.

Six data protection tips for healthcare organisations

Healthcare providers collect, process and share citizens’ most highly sensitive personal data – from names, dates of birth and contact details, to medical and financial information. The loss of this data by healthcare organisations can cause significant emotional distress to patients if private medical conditions are disclosed, and also make them more vulnerable to identity theft, fraud and further cyberattacks.


Turn your employees into security assets against hackers

I want to talk to you about Peter. He’s a new hire at your company, having joined a couple of days ago. He can just about remember the names of his teammates. The HR Manager has told him to look out for an email so that he can create an account on the company’s employee portal. As expected, he receives an email and clicks on the link provided to enter his credentials.

Hello CISO - Episode 1 (Part 1): The Downfall of On-Premise Security

In the beginning, there was on-premise. Then things got complicated. Hello CISO is a new series aimed at Chief Information Security Officers, IT security teams, and all other members of an organization responsible for maintaining the safety and integrity of the business and its operations. "The responsibilities of the modern CISO are expanding as digital infrastructure grows more complex. It’s no longer feasible to protect against every single threat, so you have to think more strategically. We need to work smarter, not harder – and that’s what I want to explore in this series."

Stories from the SOC - Successful phishing attack

Every day, billions of emails are sent out, some legitimate, while others are used to target unsuspecting users. According to the FBI, phishing attacks were the most common type of cybercrime in 2020. The reason these are so commonly used is because phishing tools are easy to get a hold of and attackers are taking advantage of the weakest link when it comes to security – the employees.


10 Best Practices to Prevent DDoS Attacks

2020 was the year of the DDoS attack. Distributed Denial of Service (DDoS) attacks spiked over the last year, driven by the pandemic and the fact that so many people were locked down, working from home, and using online services to get through the pandemic. According to a report from NETSCOUT, more than 10 million DDoS attacks were launched last year, targeting many of the remote and essential services people were using to make it through the lockdown.

Critical Unauthenticated SQL Injection Vulnerability Patched in WooCommerce

On July 14, 2021, WooCommerce issued an emergency patch for a critical vulnerability allowing an unauthenticated attacker to access arbitrary data in an online store’s database. WooCommerce is one of the most popular e-commerce platforms in the world and is installed on over five million websites. Additionally, the WooCommerce Blocks feature plugin, which is installed on more than 200,000 sites, was affected by the vulnerability and was patched at the same time.


What is the NYDFS Cybersecurity Regulation? (23 NYCRR 500)

The NYDFS Cybersecurity Regulation (23 NYCRR 500) is a set of regulations from the New York State Department of Financial Services (NYDFS) that places cybersecurity requirements on all Covered Entities (financial institutions and financial services companies). It includes 23 sections outlining requirements for developing and implementing an effective cybersecurity program, requiring Covered Entities to assess their cybersecurity risk and develop a plan to proactively address them.


What is SIEM?

​​In an age of big data and connected devices, security information and event management (SIEM) is one of the key priorities for businesses of all sizes. At a time when data is everywhere, and cyber threats are growing, security information and event management is more important than ever. This is where information management meets security as companies seek to manage their incident response, compliance requirements, security, and analytics.


Egnyte can now scan and classify Microsoft Exchange Online emails

Egnyte now offers email scanning and classification of Microsoft Online Exchange emails and attachments. This is a critical capability for organizations that need to deploy consistent document classification and governance across all documents, whether they exist in an Egnyte cloud repository, with other cloud providers, or on premises.

Hacker-Powered Security

This episode is a deep dive into how startups can leverage the power of crowd sourced hackers to find bugs and security issues in your apps. Ben Sadeghipour has over 685 vulnerabilities found in major sites such as Snapchat, AirBnB and even the U.S. Department of Defense, Hacker One helps companies by providing tools to help with response assessments and running their bug bounty programs.

Introducing the Snyk Ambassador program: a call for nomination to champion application security

Snyk has been long invested in promoting application security awareness and practices through many of our initiatives, including actively participating in communities and foundations. Some examples include: Today, we’re proud to further engage with the community by announcing the Snyk Ambassadors program.


Privacy in Q2: In Like a Lion, Out Like a ... Lion

For a while, privacy in Q2 was looking like it would follow the season’s idiomatic rule: in like a lion, out like a lamb. But it came roaring back in June with a new U.S. state law, EU adequacy decisions, a new EU data transfer mechanism, and more. As we look back over the second quarter of 2021, several important developments are worth noting.


T-Mobile data breach exposes 50 million customers' data

Hackers have gained access to the personal data of 50m T-Mobile customers. Cybercriminals are reportedly offering access to some of the data in return for a fee of 6 bitcoin, or $270,000. The cause of the breach is unclear, but this follows a string of breaches for T-Mobile in recent years, after an incident in December 2020 that leaked the call records of around 200,000 customers.


LockBit Ransomware hits again

Launched in September 2019 and formerly known as 'ABCD', LockBit is a ransomware-as-a-service (RaaS) threat that was updated in June 2021 and improved on the group’s earlier claims of having the fastest encryption process on the ransomware scene (Figure 1). Much like other RaaS offerings, LockBit operates an affiliate profit sharing program in which up-to eighty percent of a ransom payment can be earned whilst the operators claim the remainder.


How Did the Cybersecurity Ecosystem Get So Clogged Up?

Today’s enterprise operations involve the coordination of several different digital ecosystems but none quite so inflamed as the cybersecurity ecosystem. Technology has been evolving at a rapid pace, and attackers are armed with advanced tactics to steal data and expose secure information. In response, cybersecurity teams deploy numerous tools and solutions to prevent and mitigate these attacks.


How Egnyte Uses Rate Limiting to Dynamically Scale

Egnyte stores, analyzes, organizes, and secures billions of files and petabytes of data from millions of users. On average, we observe more than a million API requests per minute. As we scale, we have to address challenges associated with balancing throughput for individual users and delivering exceptional quality of service. For example, some Egnyte hosted content that is publicly shared (via our share file and folder links feature) can suddenly go viral.


5 reasons why you need Cyber Essentials

If we told you that certifying with Cyber Essentials was a simple but effective way to protect yourself from up to 80% of common cyber attack methods, wouldn’t that alone be enough to convince you it’s worth it? The Cyber Essentials scheme is a Government backed certification standard that enforces 5 key technical controls. By following these controls, you create an essential security baseline to protect your business from everyday cyber threats.


What is the Digital Supply Chain?

The supply chain for any product has several moving parts. Each activity in the supply chain plays a role in the flow that begins with sourcing a product's raw materials and ends with delivering the finished goods to a customer. As with many other areas of modern business, digital technologies are redefining supply chains. With more technology comes increased cyber risks. This article explains digital supply chains along with their benefits and cybersecurity risks.

Introducing Kroll Notification Navigator Technical Demo

Kroll’s third-party breach management platform cuts through the complex logistics of coordinating breach notification for a compromised entity and the consumer-facing organizations with which they work. Watch this video to see how we help clients navigate through the complexities of breach notifications with third-parties.

Devo Joins AWS ISV Workload Migration Program

Devo’s strong relationship with Amazon Web Services (AWS) recently expanded to include our participation in the AWS ISV Workload Migration Program. This is important to cloud developers, DevOps engineers, solution architects (particularly cloud SAs), and cybersecurity architects working at organizations ready to transition their data to the cloud.


SOX Compliance: What Should You Expect?

After several large corporate accounting scandals in the early 2000s that led to investors losing billions of dollars, the US government passed the Sarbanes-Oxley Act of 2002. Commonly referred to as SOX, the bill established and expanded financial and auditing requirements for publicly traded companies in order to protect investors and the public from fraudulent accounting practices.


Protecting your crypto wallet from hackers, thieves and bots

Over the past five years, blockchain technology has gone mainstream. More and more investors, businesses and opportunistic hobbyists are filling their cryptocurrency wallets with crypto assets like Bitcoin and Ethereum. In fact, the global user base of all cryptocurrencies increased by an estimated 190 percent between 2018 and 2020. There is undoubtedly money to be made, ushering newcomers into the world of blockchain.


Remote learning: A bounty for online cyberattackers

On 26 April 2020, 189 countries across Asia, Europe, the Middle East, North America, and South America shut down schools marking one of the largest mass school closures in history. But today, more than a year since COVID-19 forced entire cohorts online, economies continue to flit in and out of lockdowns and schools are continuing to resort to remote or hybrid-learning arrangements.


A Pie Chart of the Biggest Data Breaches [Revised for 2021]

Below is a pie chart representing the percentage contribution of each data breach victim to the 57 largest data breaches of all time. CAM4 covers the majority of the pie, accounting for almost 50% of all compromised records. If the CAM4 breach is disregarded, the impacts of the other breaches can be better appreciated. The pie chart below represents this updated distribution. Now, it becomes clearer that LinkedIn accounts for the majority of compromised social media records.


Securing IoMT devices to protect the future of Healthcare from rising attacks

The number of cybersecurity incidents reported within the healthcare industry has been steadily increasing since 2015 as the use of IoMT has become more widespread. With increasing numbers of IoMT devices being used for patient care, the attack surface among hospitals and doctors’ offices has grown dramatically as medical technology continues to expand.

Synopsys | Software security can unleash business potential

In any business today there comes a moment. The moment you realize… You can secure the code as fast as you write it. Instead of testing everything, you could just test the right things. It’s not about tools but intelligent risk management. That’s the moment you choose Synopsys. Build secure, high quality software faster.

Industry Experts Weigh In: Addressing Digital Native Security Challenges

Keeping up with today’s rapidly evolving threat landscape is an ongoing journey for software development enterprises in cloud-native environments, as many struggle to keep their assets and customers secure while keeping up with the competitive pace of software delivery in cloud native environments. Earlier this summer WhiteSource hosted a roundtable discussion with HackerOne, AWS, and IGT about the new security challenges enterprises face as they shift to a digital native environment.


How to Build a Startup Security Team: Advice from Security Experts

With the rise of security threats comes an increased need for strong security measures, but it’s hard to know where to invest your time and money, especially if you’re a small startup. Who should own security when you first get started? Is it worth it to hire a Chief Security Officer (CSO) right away? Is it better to build out an internal security team or hire an external agency instead?


"Security First" for the Win at Bluescape

Technology providers are feeling heavy pressure to provide the best user experience, the most intuitive UI, and are racing to release better and better versions of their offerings. But organizations are often pushing to release these improvements at the expense of ensuring the software they’re releasing is secure and free from vulnerabilities.


Speed up container fixes with Snyk's new automated parent image detection

Shipping your apps in containers gives you the freedom to build upon the work of others. You can pick from a variety of ready-to-use container images that will run nearly any code or framework you have. Snyk Container already helps users manage their parent images and provide guidance when there are better options available — images with few vulnerabilities, or a smaller footprint overall, or both.


New Phishing Attacks Exploiting OAuth Authentication Flows (Part 3)

This blog series expands upon a presentation given at DEF CON 29 on August 7, 2021. In Part 1 of this series, we provided an overview of OAuth 2.0 and two of its authorization flows, the authorization code grant and the device authorization grant. In Part 2 of this series, we described how a phishing attack could be carried out by exploiting the device authorization grant flow.


Establish robust threat intelligence with Elastic Security

As a powerful search engine, Elasticsearch provides various ways to collect and enrich data with threat intel feeds, while the Elastic Security detection engine helps security analysts to detect alerts with threat indicator matching. In this blog post, we’ll provide an introduction to threat intelligence and demonstrate how Elastic Security can help organizations establish robust cyber threat intelligence (CTI) capabilities.


How Pipeline Owners and Operators Can Fulfill the TSA's Second Security Directive

Back in June, I wrote about the Transportation Security Agency’s (TSA) new security directive concerning pipeline owners and operators. The order mandated those entities to disclose security incidents such as the ransomware attack that affected the Colonial Pipeline Company back in May to the TSA and the Cybersecurity & Infrastructure Security Agency (CISA).


Netskope Threat Coverage: LockBit

LockBit Ransomware(a.k.a. ABCD) is yet another ransomware group operating in the RaaS(Ransomware-as-a-Service) model, following the same architecture as other major threat groups, like REvil. This threat emerged in September 2019 and is still being improved by its creators. In June 2021, the LockBit group announced the release of LockBit 2.0, which included a new website hosted on the deep web, as well as a new feature to encrypt Windows domains using group policy.


SECUDE's HALOCORE takes Data Security to the next level with added new features

LUCERNE, AUGUST 2021 : SECUDE , an SAP partner and leading data security provider specializing in security for SAP® software, today announced that its flagship product HALOCORE® has been upgraded to the next version 6.1 with added new features. As cust omers look forward to streamlining their data security during this global crisis, these new f eatures provide robust security , resilience, and privacy controls.


Why social graphs won't save you from account takeover attacks

Account takeover (ATO) is a dangerous form of business email compromise (BEC). Attackers gain access to a legitimate email account within an organisation, often by stealing credentials through spear phishing. They’ll then send emails from the compromised account with the goal of getting a fraudulent payment authorised or accessing sensitive data to exfiltrate.

SecureAPlus - 12 Antivirus Engines in One Application

SecureAPlus is a PC security solution that’s guaranteed to protect you from all of today’s digital threats, such as malware and viruses. Not a traditional Anti-Virus: The powerful Application Whitelisting technology ensures that only applications that you trust are run by your computer. All malicious attacks that slip by unwary users are always detected and initially blocked. It puts you, not anyone else, in control.

Key Insights into Gartner Hype Cycle for Application Security 2021

Gartner Hype Cycle started as a graphical representation method to represent the adoption, evolution, and maturity of new emerging technologies. Over time, it has now transformed into a highly potent and reliable powerhouse of smart insights into how emerging technologies will evolve in the future.


Game on- Cybersecurity for Sports and Entertainment: Are you ready with the right offense and defense?

As operations at sports stadiums become more dependent on data centers and online networks, and as the performance metrics and health data of athletes become more vulnerable to illicit exposure or alteration, the $80 billion industry of competitive sports has become increasingly vulnerable to cyberattacks. As a business they are generating big money and big data, both of which are perfect for hackers.


6 Examples of Essential Cybersecurity Policies for Businesses

Every year, more than 34 percent of organizations worldwide are affected by insider threats. For that reason, cybersecurity needs to be a priority and concern for each employee within an organization, not only the upper-level management team and IT professionals. Employees tend to be the weakest link in an organization’s security posture, often clicking on malicious links and attachments unintentionally, sharing passwords, or neglecting to encrypt sensitive files.


How to Use Nmap

If you’re looking for a free network discovery tool, you’ve probably heard of Nmap. Nmap, short for Network Mapper, is a multi-purpose tool commonly used for penetration testing to give you a granular view of your network’s security. Its capabilities extend to collecting information and enumeration and detect vulnerabilities and security loopholes.

WhiteSource - Prevent the preventable. Remediate the rest

WhiteSource helps organizations accelerate‌ the development of secure software ‌at‌ ‌scale‌. We provide automated tools that help bridge the security knowledge gap, integrating easily into the software development life cycle and going beyond detection with a remediation-first approach. WhiteSource is built on the most comprehensive vulnerability database in the industry, providing the widest coverage for threats and attack vectors. Our solution helps enterprises like Microsoft, IBM, Comcast, Philips, and many more reduce security risk and increase the productivity of their security and development teams.

Snyk named #39 on 2021 Forbes Cloud 100 list

We’re honored to share that, for the second consecutive year, Snyk has been named to the prestigious Forbes Cloud 100 List, coming in at #39! The full list, unveiled yesterday, is Forbes’ “definitive ranking of the best, brightest, and most valuable private companies in the cloud.” We’re up 47 spots from our ranking last year — a testament to our incredible team, growth, and maturation as a company in 2021 thus far. And it’s only August!


Use Snyk security policies to prioritize fixes more efficiently

Snyk security policies just got a whole lot more powerful with a new action and two new conditions, helping your development and security teams assess risk and focus resources more efficiently. For developers, the less “noise” the better. Tasked with fixing issues that are simply not important or relevant is a waste of valuable development time and will likely result in creating frustration and mistrust.


IOC's identified to hunt Conti Ransomware

Believed active since mid-2020, Conti is a big game hunter ransomware threat operated by a threat group identified as Wizard Spider and offer to affiliates as a ransomware-as-a-service (RaaS) offering. Following the lead of other big game hunter ransomware groups, Conti adopted the double extortion tactic, also known as 'steal, encrypt and leak', in order to apply additional pressure on victims to pay their ransom demands and avoid sensitive or confidential data being exposed.


Authorize better: Istio traffic policies with OPA & Styra DAS

Cloud native tooling for authorization is an emerging trend poised to revolutionize how we approach this oft-neglected part of our applications. Open Policy Agent (OPA) is the leading contender to become a de-facto standard for applying policies to many different systems — from workloads running on Kubernetes to requests passing through Istio.


The Identity Brief: A Conversation with an Ethical Hacker

Our first two guests on the Identity Brief Podcast came to identity through unconventional means. Ori Eisen saw digital identity and passwordless authentication as a way to fight the fraud he had witnessed while working at a large bank. Ari Jacoby realized that contextual identity and authentication data was a powerful tool to fight fraud at Deduce where he saw bots and fraudsters trying to gain an advantage.


SIEM Tools: Which Vendors Should Be on Your List?

Whether your organization is ready to deploy its first security information and event management (SIEM) solution or you’re looking to upgrade to a modern, next-gen cloud-native SIEM, the number and types of tools available in the market can be overwhelming. This post will help you choose the right vendor and best SIEM tools for your business needs.


Why the Evolution of Zero Trust Must Begin with Data Protection

The need for “Zero Trust” today is no longer the same as what we talked about years ago when the term was first coined. Back then, businesses only had a handful of remote workers signing in to the corporate network. The common wisdom of the day dictated that you couldn’t implicitly trust the authentication of those remote users any longer because they weren’t on the company LAN and the common solution was installing two-factor authentication.