September 2021


Introduction to SAST

DevSecOps means countering threats at all stages of creating a software product. The DevSecOps process is impossible without securing the source code. In this article, I would like to talk about Static Application Security Testing (SAST). As development fluency is growing every year, many companies are introducing DevSecOps. Its main message calls for ensuring continuous safety control at every stage of product creation. At the same time, DevSecOps processes are automated as much as possible.

Devo Content Stream

Devo Content Stream arms security analysts with actionable content including curated alerts and threat intelligence to defend the organization more effectively against rapidly evolving threats. Content Stream not only delivers immediate out-of-the-box value to Security Operations, but it also updates alerts and threat intelligence on an ongoing basis to improve the speed and effectiveness of your security team.

Secret backdoor allegedly lets the REvil ransomware gang scam its own affiliates

REvil is one of the most notorious ransomware groups in the world. Also known as Sodin and Sodinokibi, REvil has made a name for itself extorting large amounts of money from businesses, operating as a ransomware-as-a-service (RAAS) business model that sees it share its profits with affiliates who break into networks and negotiate with victims on the group’s behalf.


"Chain"ging the Game - how runtime makes your supply chain even more secure

There is a lot of information out there (and growing) on software supply chain security. This info covers the basics around source and build, but does it cover all of your full software supply chain lifecycle? Is your build env at runtime protected? Is your application post deploy protected at runtime? This article will not only discuss what these concepts are, but provide additional discussions around the following: Read on brave reader…


Fostering DevSecOps: Tool orchestration enables AppSec to keep pace with DevOps

Learn how tool orchestration empowers AppSec to keep pace with DevOps, providing a union of security and speed. Many organizations have advanced from the DevOps methodology to DevSecOps, and it is expected this trend will continue throughout 2020 as more enterprises leverage the cloud. A DevSecOps approach promotes collaboration between software application development teams and application security teams.


Netskope Selected to Participate in ATARC Zero Trust Lab

We are pleased to share that Netskope has been selected by the Advanced Technology Academic Research Center (ATARC) as one of 49 vendors to participate in its Zero Trust Lab. The Zero Trust Lab is a state-of-the-art physical and virtual test environment that will provide federal agencies with the opportunity to build, test, and evaluate new Zero Trust Architectures in a simulated environment.


Investigating GSuite Phishing Attacks with Splunk

Malicious actors are constantly finding new ways to deliver their malicious payloads. With the recent migration of businesses moving to web application-based services, file storage, email, calendar, and other channels have become valuable means for delivering malicious code and payloads. In some instances, these services are abused as Command and Control infrastructure since many enterprises trust these services by default.


Using Zero Trust to Mitigate Supply Chain Risks

Software supply chain attacks have been on the rise lately. With the current pervasiveness of third-party and open source libraries, which presumably developers cannot control as strongly as the code they create, vulnerabilities in these software dependencies are causing serious security risks to applications. Supply chain attacks abuse the inherent trust that users have with a software provider.


Introducing Egnyte's Monthly Release Rollups

We’re kicking off a new series that will roll up our most recent product releases you need to know, all in one place. This first post will summarize some of the releases from the last few months. Moving forward, expect to see a post each month. We’re excited to share all the new features and product improvements we’ve been working on with you, so you can make the most of the Egnyte platform.


Supply Chain Security, Compliance, and Privacy For Cloud-Native Ecosystems

Think of the software supply chain as every software element in your organization—from software development of internal systems to open source or third-party enterprise software to vendors, partners, and even past suppliers who still hold access to company data or IT systems. Attacks on this software supply chain can damage individual departments, organizations, or entire industries by targeting and attacking insecure elements of your software fabric.


A kernel of truth: Linux isn't as foolproof as we may have thought

A world without Linux is hard to imagine. Every Google search we run is accomplished on Linux-based servers. Behind the Kindle we enjoy reading, to the social media sites we spend scrolling away every day sits the Linux kernel. Would you believe your ears if I tell you the world’s top 500 supercomputers run on Linux? No wonder Linux has permeated into every aspect of the digital age, not to mention its steadily growing enterprise user base.


How to shift into a new approach to cybersecurity asset management

The effects of the global pandemic pushed organizations to accelerate their digital transformation strategies. Because of this, companies in all industries were faced with an array of new technologies like cloud and containers that support the shift to edge computing and remote workers. With so much focus on these factors, companies often overlook some of the repercussions that come along with such rapid innovations. One of which is the need for a new approach to asset visibility.


Slack Security: FERPA and HIPAA Compliance

During the pandemic, healthcare and education providers scrambled to adapt to providing services remotely, using tools like Slack, Google Drive, and Zoom to continue connecting with patients and students. McKinsey tracked a spike in the use of telehealth solutions in April 2020 that was 78 times higher than in February 2020. And, by some estimates, more than 1.2 billion children worldwide were impacted by school closures due to the pandemic — some of whom were able to learn remotely.


What The Worst Attacks Of 2021 Can Teach Us On The Future Of Ransomware

Despite the steady drumbeat of hacks that are reported on a nearly weekly basis, it is safe to say that cybersecurity is still far from a “top of mind issue” for most people. Massive data breaches like Equifax, Marriott, and many, many more are chalked up to being yet another part of the modern life. While each of those cybersecurity incidents was quite serious in its own right, for the public whose data were compromised, they represented more of an inconvenience than a serious concern.


Encryption and authentication don't need to be painful! Here's how.

I had the pleasure of being at an in-person event recently. Aside from the joy it brought me to simply see people for the three-dimensional beings they are, it was of course incredible to connect with the Information Security community once more. Interestingly, a topic came up in quite a few of my conversations with fellow delegates. And it was one that I wasn’t expecting: encryption. It was often amiable, but on a couple of occasions eyes would roll.


Styra Declarative Authorization Service Expands Service Mesh Use Case

We are thrilled to announce native support of Kong Mesh, Istio and Kuma within Styra Declarative Authorization Service (DAS), enabling users to combine stellar service mesh solutions with the only authorization management platform that supports trusted cloud architecture. Styra DAS allows teams to manage policies across a broad spectrum of systems, like Kubernetes, microservices, public cloud, and more.


The Top 6 Cybersecurity Challenges in the Healthcare Industry

The healthcare industry has always been an appealing target for cybercriminals. From high-value patient data to a low tolerance for downtime that could disrupt patient care, cybercriminals continue to find ways to take advantage of healthcare cybersecurity practices. In recent years, the healthcare industry has seen a 55% increase in cybersecurity threats, turning attacks on healthcare providers into a $13.2 billion industry and making it a gold mine for cybercriminals.

Getting Started with Snyk Inside Atlassian Bitbucket Cloud

In this video, Marco Morales at Snyk shows first time users how to get started with the Atlassian Bitbucket Cloud integration with Snyk. Snyk lets you test your open code software dependencies and container images. With the new Snyk and Bitbucket Cloud integration, you can see details of security issues right within Bitbucket. Once you enable it, Snyk automatically checks your code and its dependencies and alerts you to vulnerabilities that are present so you can fix them before you deploy.

Process Hunting with a Process

Quite often you are in the middle of a security incident or just combing through your data looking for signs of malicious activity, and you will want to trace the activity or relationships of a particular process. This can be a very time-consuming and frustrating task if you try to brute force things (copying/pasting parent and child process IDs over and over again). And in the heat of battle, you may miss one item that could have led you to something interesting.


XDR, What is it? Does everyone agree? What is Real Impact vs. Hype?

With so many overlapping and self-serving definitions of XDR (Extended Detection and Response), we thought we would provide a perspective from some of us on the front lines of trying to embrace technology innovation while filtering vendor marketing noise. We agree with several industry analysts covering the space that XDR is a vendor push with no real customer demand, but the problem spaces within XDR are of significant customer interest.


CISSP Exam Pattern Changes, May 2021

On May 1, 2021, ISC² implemented a refreshed set of objectives for the CISSP certification exam for security professionals in order to keep it relevant to the latest technologies and cybersecurity standards, requirements and processes. New information security concepts, terms and acronyms have been added and others are better covered.

Delivering Electrons, Generating Data Lakes, and the Security of an Industrial Organization | Ep 25

In this episode, Patrick Miller, Founder of Ampere Industrial Security, discusses what utilities and other industrial companies need to consider when it comes to the goldmines of data they're collecting from their machines and customers, and why security and privacy needs to be incorporated in these operations by design.

CIS Control 6: Access Control Management

CIS Control 6 merges some aspects of CIS Control 4 (admin privileges) and CIS Control 14 (access based on need to know) into a single access control management group. Access control management is a critical component in maintaining information and system security, restricting access to assets based on role and need. It is important to grant, refuse, and remove access in a standardized, timely, and repeatable way across an entire organization.


Considerations when choosing an XDR solution

Cybersecurity is a fast-moving space. In fact, it’s hard to think of a time that security has been moving more quickly. As we continue to move into the cloud, work from home, and otherwise continue the digital transformation of our businesses, additional capabilities are needed as new threats are discovered.


What is Cyber Incident Reporting for Critical Infrastructure Act of 2021?

On August 27, 2021, the US House Homeland Security Committee released a draft bill that would update the Homeland Security Act of 2002. This proposed bill seeks to establish a Cyber Incident Review Office and publish an interim rule that would outline procedures for reporting cybersecurity incidents.


7 Best Practices to Prevent Data Theft by Departing Employees

Departing employees are a source of insider threats that often get overlooked. According to a study by Biscom, one in four departing employees steal data when leaving. Whether they do so out of negligence or with malicious intent, such cases can only have negative outcomes for organizations, from losing their competitive advantage to facing penalties for non-compliance with cybersecurity requirements.

Are Bots Threatening Travel in 2021? | On-demand Webinar

The last 12 months have seen the travel industry shut down almost completely as borders were closed, and the global population was brought to a standstill, locked in their own homes. As the industry looks to reopen over the coming months, cybersecurity must be a high priority in the hospitality and travel industry, as bots look to disrupt hotel bookings, staycations and international travel.

The biggest threats to your brand in 2021

Last year saw an unprecedented scale of cyber-attacks and data breaches facilitated and accelerated by Covid-19, from scalper bots targeting the PS5 launch to Twitter’s high-profile hack in July. Cybercriminals are upping the ante to capitalise on increased online activity, and automated technology is set to play a huge part in the defence against bot attacks in 2021.

The rising bot threat to media, marketplaces and video gaming

Over recent years, botnet attacks have hit platforms hard with their mass destruction approach to cyber-attacks. However, the tide has turned, and automated bot technology now makes targeted attacks infinitely quicker and simpler to carry out, exposing online gaming and streaming businesses to greater threats. The challenge lies in accurately identifying these highly targeted automated bot attacks that are designed to hide in plain sight, masquerading as genuine users, before they can carry out malicious activity such as credential stuffing, fake account creation and scraping.

Are APIs the Gateway for Credential Stuffing Attacks?

FinTechs have emerged as the digital-first answer to transforming the banking industry. Legislation such as the EU’s PSD2 and the UK’s Open Banking have cemented their place in the financial services environment, while removing much of the red tape that surrounds financial services to encourage collaboration and ensure security by design. Much of this collaboration is facilitated by open APIs, but what do we know about the API layer and security vulnerabilities that threaten your FinTech when it is exposed?

Who is responsible for bot management | Webinar series part-3

At Netacea, we wanted to know just how aware businesses are of bots and if they fully understand the threat to their organisation. Which roles are responsible, how confident are they in their bot mitigation strategies, and how well-placed is this confidence? We surveyed 200 enterprise businesses across travel, entertainment (including online gaming and streaming), e-commerce and financial services to get a broad picture of how bots are understood and protected against.

The State of Bot Attacks in 2020 | Bot Management Review Series Part 1

In 2020 the poor security of other businesses is now very much, your problem. While you might be protecting your customers’ credentials with the best possible security, lax measures elsewhere mean those very same credentials are readily accessible for purchase. Increasingly sophisticated bots are used to validate the millions of stolen credentials against login forms. And yet, these bots are no longer only targeting high-value goods and accounts but hijacking and selling streaming and food delivery accounts.

The Four Industries Most Vulnerable to Bot Attacks

At Netacea, we wanted to know just how aware businesses are of bots and if they fully understand the threat to their businesses. Which roles are responsible, how confident are they in their bot mitigation strategies, and how well-placed is this confidence? We surveyed 200 enterprise businesses across travel, entertainment (including online gaming and streaming), e-commerce and financial services to get a broad picture of how bots are understood and protected against.

Building Better Use Cases for Your SIEM

Deploying a next-gen cloud-native security information and event management (SIEM) in your security operations center (SOC) is a big step in the right direction toward significantly improving your organization’s security capabilities. But once you have that state-of-the-art SIEM in your SOC, how do you get the most out of it? One key step is building and executing specific SIEM use cases designed to meet the particular needs of your organization.


The Open Policy Agent SDK Overview

Authorization is a critical part of developing any application. When building an app, at some point you will want to control the data and views that a user or system has access to, and one way you can do that is by writing authorization directly into your app. However, over time this can be challenging to manage because when you make changes to your authorization policies you also need to make changes to the application.


Learn How to Detect and Manage External Exposure Risks

The escalation of cyberattacks since early 2020 is requiring many companies to strengthen their security operations. Adversaries are taking advantage of new attack vectors – like IoT devices, insecure remote access mechanisms, and the multiple personal and work devices users now move between. They’re also leveraging human vulnerabilities, impersonating trusted colleagues and third parties to infiltrate organizations.


Managed Service Providers (MSPs) - What They Are and Why Organizations Go with Them

The skills gap continues to challenge organizations’ ability to fulfill their evolving cybersecurity requirements. Tripwire confirmed this back in 2020 when it partnered with Dimensional Research to survey 342 security professionals. Indeed, 83% of respondents told Tripwire that they felt more overworked going into 2020 than they did a year earlier.


So You Want to Become a Sales Engineer?

Those of us that work with technology get this question a lot: “What do you do?” “I work in technology — more specifically, I work as a pre-sales engineer.” Sound familiar? Working in IT can mean a lot of different things, and to those outside of this world, it quickly becomes deeply technical and complicated to explain to non-IT people. Even explaining what you do to IT people can become complicated.


The Implications of Big Tech's Meeting With Biden

It’s no secret that cybersecurity breaches are a major concern for businesses across all industries, and governments are starting to take notice. On August 25, 2021, the U.S government met with business leaders from some of the tech sector’s giants, including Microsoft, IBM, Apple, and Google. The purpose of this meeting was to address the ongoing cybersecurity issues becoming more prevalent as technology advances and becomes more intuitive and accessible.


DLP Can Be So Much More Than Compliance

When you think about your DLP approach, what immediately comes to mind? Is it primarily centered around compliance? Is it simply using vendor-provided patterns of interest to satisfy an industry-specific framework like PCI, PII, or GDPR? Chances are, this probably describes at least some part of your DLP strategy because it is not difficult to set up and can satisfy a key business requirement of regulatory compliance reporting.

View Dynamic Analysis Results

In this video, you will learn how to view Dynamic Analysis results. Veracode Dynamic Analysis is a Dynamic Application Security Testing (DAST) solution that delivers an automated and scalable dynamic scanning capability that enables broad coverage at speed. Because security threats are always evolving, organizations need a product that enables them to start scanning quickly and scale when the security programs and coverage increase.

Ransomware as a Service (RaaS) & Its Implications in 2021

2021 has witnessed a surge of ransomware attacks. Also, the attackers are targeting businesses that are critical to the public infrastructure, such as oil pipelines and international meat producers. Further, the demands for ransom have increased and the cost of clean-up has also doubled over the last year. There are two major reasons for this sudden spike in ransomware attacks: Like SaaS, RaaS also has a flexible business approach.


What is LDAP Server? How does it work?

The Lightweight Directory Access Protocol (LDAP) is a cross-platform vendor-neutral software protocol used for directory service authentication. For simplicity, imagine the LDAP server as a comprehensive virtual phone book. The phone book gives access to an extensive directory of contact information for hundreds of people. Using LDAP, it is easy to search through the phone book and find whatever information is needed.


Secure DevOps on Google Cloud: Reduce cloud and container risk

Google Cloud is helping businesses build and deploy apps faster than ever before, but at the same time, cloud teams must consider how to implement secure DevOps practices to avoid risk. We’re partnering with Google Cloud to provide security solutions to cloud teams to simplify safeguarding cloud and containers. Today, we announced our collaboration with Google Cloud.


How to meet 24 Google Cloud Platform (GCP) security best practices using open source Cloud Custodian and Falco

You’ve got a problem to solve and turned to Google Cloud Platform to build and host your solution. You create your account and are all set to brew some coffee and sit down at your workstation to architect, code, build, and deploy. Except… you aren’t. There are many knobs you must tweak and practices to put into action if you want your solution to be operative, secure, reliable, performant, and cost effective.


Protect your privacy with 1Password and Fastmail

Last year, we made it easier to make secure payments online through direct integration with Privacy. Now, we’re doing the same for email. Announcing Masked Email – a 1Password and Fastmail integration. Create new, unique email addresses without ever leaving the sign-up page. Keep your real email address private from the apps or services that you sign up for – using a masked email address can protect you from breaches, and puts control of your inbox back in your hands.


Gartner recognizes ManageEngine in its 2021 Magic Quadrant for Unified Endpoint Management Tools

The COVID-19 pandemic fast-tracked the adoption of hybrid workforce in organizations, bringing with it a slew of problems for IT teams. Organizations had to enable a majority of their employees to work remotely, without affecting their productivity and while ensuring the security of the corporate resources. ManageEngine recently conducted a survey of IT professionals to understand the effects of remote work on cloud adoption.


A Guide to Cloud Data Security Best Practices

Cloud computing has revolutionized the business and technological landscape of the last decade. More organizations are turning to cloud services to better manage massive volumes of both structured and unstructured data on a daily basis. As organizations move more and more information and applications to the cloud, there are growing concerns for data security and regulatory compliance.


Python security best practices cheat sheet

In 2019, Snyk released its first Python cheat sheet. Since then, many aspects of Python security have changed. Using our learnings as a developer security company — as well as Python-specific best practices — we compiled this updated cheat sheet to make sure you keep your Python code secure. And before going any further, I need to give special thanks to Chibo and Daniel for their help with this cheat sheet!


Splunk and DTEX Systems Leverage Human Telemetry and Zero Trust to Mitigate Insider Risks and Account Compromise

What was once the thing of spy movies and industrial espionage news headlines is now, sadly, a common occurrence for public organizations and private enterprises around the globe. Insiders… employees, consultants, partners… have emerged as one of the most immediate and serious threats facing IT and cyber security teams and practitioners today. It is not however because every insider has turned malicious.

Splunk SOAR Feature Video: Case Management

Case management functionality is built into Splunk SOAR. Using workbooks, you can codify your standard operating procedures into reusable templates. Splunk SOAR supports custom and industry standard workbooks such as the NIST-800 template for incident response. You can divide tasks into phases, assign tasks to team members, and document your work.

Splunk SOAR Feature Overview: Custom Functions

Splunk SOAR’s custom functions allow you to share custom code across playbooks while introducing complex data objects into the execution path. These aren’t just out-of-the-box playbooks, but out-of-the-box custom blocks that save you time and effort. These capabilities provide the building blocks for scaling your automation, even to those without coding capabilities.

The Importance of Cybersecurity Standards and Certifications for SMBs

In today’s world with cyber attacks hitting the headlines daily, cybersecurity is at the forefront of many business owners’ minds, but implementing the right solutions and knowing what to do to reduce your risk is a big challenge for decision makers in these organizations. The task is even harder for small- to medium-sized businesses (SMB) that tend to lack extensive budgets and resources needed for implementing the most effective and high-brow cybersecurity solutions on the market.


Recap: Virtual Boston Globe Summit

Veracode CEO Sam King had the opportunity to speak at this year’s inaugural virtual Boston Globe Summit, “The Great Recovery.” Sam was invited to join the panel, How Boston is Tackling the Biggest Cyber Threats Facing Society, moderated by Gregory T. Huang, Business Editor at the Boston Globe, with guests Greg Dracon of.406 Ventures and Christopher Ahlberg of Recorded Future.


3 Takeaways From the 2021 Egnyte for Life Sciences Summit

The 2021 Egnyte for Life Sciences Summit is in the books, and it was a big success. Biotech visionaries and industry analysts came together to outline the future of the life sciences as we emerge from the pandemic constraints and look to ramp up to our new normal. We presented over four hours of content, with hundreds of life science organizations attending.

Forward Networks

An "easy button" for blast radius identification and threat remediation

When your organization is inevitably hit by a cyberattack, you want your security operations engineers to move lightning fast to identify the scope, duration, and impact of the attack, contain the disruption and prevent any costly or lasting damage. To do that, they need access to actionable information about everything that’s in your network — where devices are located, how they interact, and all the relevant details about their configuration and state.


95% of MSPs acknowledge that using different interfaces to manage cybersecurity reduces productivity

Managing customer security is always a challenge for MSPs as they seek to balance efficiency, cost, and high levels of protection. In this area, security managers are faced with the choice of using a single interface or switching between different solutions.


Databases, a hot spot for data leakage

With businesses becoming ever more data-driven and data-reliant, databases have become their default digital asset storehouse, providing immense benefits of organisation, retrievability, and analytical insight. Covid-19 and the move to remote or hybrid work have only intensified the demand for databases, particularly those distributed through cloud technology. But that concentration of information, however convenient, makes databases a singular target for attacks and a primary security concern.

Cybersecurity for SMEs - applying a Data-centric lens

For an SME, a data breach, or loss, is life or death. Large enterprises can invest in data security solutions before a cyberattack happens and spend the money afterward on ransoms, penalties, and fines. While the number of small businesses facing data breaches continues to rise, a majority of SME owners do not believe they will fall victim to a cyberattack. This mismatch in reality and perception is exposing the most vulnerable of us to unnecessary risk.

Shame and Cybersecurity: Creating a Safe Space in Your Organization

“Say ‘Ta,’” said Mamma Bear. “Ta,” said Baby Bear. He then dropped the mug of blackcurrant juice by accident. “What have you done?” exclaimed Daddy Bear. “The carpet is RUINED!!” Baby Bear felt a great sense of something disturbing, and this wasn’t a thousand voices suddenly being silenced. This was much deeper. This hurt, and Daddy Bear’s face was angry, disappointed. He was panicking about some purple stuff on the carpet.

outpost 24

OWASP Top 10 2021 is out - what's new and changed

It doesn’t seem that long ago that I wrote about the OWASP Top 10 changes that came in 2017. OWASP has announced the release for the new 2021 Top 10. Find out more about Broken Access Control and Cryptographic Failure vulnerabilities and understand what it means for application development and DevSecOps


Meet a Hacker Hero - Eva Galperin

When we asked the security community who is their hacker hero, it was unsurprising to see that Eva Galperin, Director of Cybersecurity at EFF and co-founder of the Coalition Against Stalkerware was a finalist on the list. Galperin is a hacktivist known for her rage tweets that help her fight the good fight to protect vulnerable groups being targeted. Most known for her work to track down APTs, she also champions personal privacy and taking down stalkerware. Oh and she’s done a TED talk.


Weekly Cyber Security News 24/09/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Complex features require a little more care and understanding. If unsure I would advise disabling them and looking at the documentation – that is assuming such features have correct documentation!.


The future of UK international data transfers

Following on from Brexit, the UK received a positive adequacy decision on its personal data security standards by the EU. Building on this, the UK’s Information Commissioner's Office (ICO) has opened a consultation period to introduce its new International Data Transfer Agreement (IDTA). The European Commission has also issued a draft update addressing the same thing. So what triggered this new work? It’s all in response to the work done by privacy activist Max Schrems.


The Board Portal for Insurance Companies

The pandemic has overwhelmed us with changes, including the changes in workplace setup. Insurance companies have started adopting various types of hybrid workplace setups to accommodate the needs of both customers and employees. However, it has been challenging for such companies to find the perfect solution that provides efficiency, security, and governance all in one platform. This article outlines the internal needs of the insurance companies and how one digital solution can address it all.


Nightfall for Google Drive, now with remediation

Nightfall has added remediation actions for Google Drive violations, so you can fix the issue automatically or with just a click. Nightfall for Google Drive is one of our most popular integrations, helping customers to discover and classify sensitive data across Google Drive. Once sensitive data violations are found to exist in Google Drive, you want to take steps to protect the data – because removing the risk is really the point, isn’t it?


How to mitigate kubelet's CVE-2021-25741: Symlink exchange can allow host filesystem access

CVE-2021-25741 is a new vulnerability discovered in Kubernetes that allows users to create a container with subpath volume mounts to access files & directories outside of the volume, including the host filesystem. It was disclosed in September 2021 and affects kubelet, which is the node agent that runs on each Kubernetes node. In particular CVE-2021-25741 affects kubelet in these Kubernetes versions.


What is an Attack Vector? A Deep Dive Into Security Exposures

In cybersecurity, an attack vector is a method of gaining unauthorized access to a private network. These pathways are either unintentional, such as vulnerabilities in third-party software, or intentionally designed by hackers, such as malicious software (malware). Cybercriminals primarily exploit attack vectors to advance extorsion tactics, the most popular being the deployment of ransomware.


What are Web Shell Attacks? How to Protect Your Web Servers

During a web shell attack, a cybercriminal injects a malicious file into a target web server's directory and then executes that file from their web browser. After launching a successful web shell attack, cybercriminals could gain access to sensitive resources, recruit the target system into a botnet, or create pathways for malware or ransomware injections. If you haven't implemented defense strategies against this cyber threat, your systems are at a high risk of exploitation.


How to get the most from dark web monitoring

A robust dark web monitoring programme ensures organisations have the ability to keep track of hidden risks and prevent any data losses from escalating into major events. In this blog post, we outline how dark web monitoring works, how to maximise its value and what to look for in an outsourced dark web monitoring service.


Have scraper bots outstayed their welcome on real estate listing sites?

Real estate is just one of many industries that was forced to quickly adapt to an increasingly online-first world in the wake of the COVID-19 pandemic. Virtual viewings are now the norm, and real estate businesses are scrambling to keep up with how their competitors have changed approach. When looking for a property to buy or rent, we are now likely to search online and look through online listings in the first instance.

AppSec Decoded: Cyber security measures for technology buyers and suppliers | Synopsys

In this episode of AppSec Decoded, we spoke with Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center, to learn what proactive steps both technology suppliers and buyers should consider in the wake of the new E.O.

Network traffic analysis using Wireshark

Network traffic analysis is the routine task of various job roles, such as network administrator, network defenders, incident responders and others. Wireshark plays a vital role during the traffic analysis; it comes pre-installed in many Linux OS’s, for instance, Kali. otherwise, it is available to download from the official website. This article covers the traffic analysis of the most common network protocols, for example, ICMP, ARP, HTTPS, TCP, etc.


A day in the life of our penetration testers

Our team of penetration testers arguably have the most interesting and exciting roles within the business, or perhaps, in the world. From robbing banks to breaking and entering, pen testing isn’t your typical desk job. So we’ve asked them to share some of their most interesting stories to really give you career envy! Let’s see what we can find out about a day in the life of a pen tester.


Application Security Testing Evolution and How a Software Bill of Materials Can Help

Early in my career, I developed web applications. At the time there were practically no frameworks or libraries to help. I was coding with Java using raw servlets and JSPs – very primitive by today's standards. There was no OWASP Top 10 and writing secure code was not something we paid much attention to.


Where does cybersecurity fit in 2022 budget priorities?

As tech budgets start to return to a pre-pandemic state, it will be interesting to see where priorities have shifted to over the past year and a half – especially when it comes to cybersecurity. We’ve taken a look at a few major industry reports to give you an idea of shifting plans, and where cybersecurity sits as a priority in 2022 budgets.


US Government tells firms not to give in to ransomware demands

The US Government has underlined once again that it continues to strongly discourage organisations hit by ransomware from giving in to extortion demands. In an updated advisory, the Department of Treasury’s Office of Foreign Assets Control (OFAC) has called upon businesses not to pay ransoms, and to focus on cybersecurity measures that can prevent or mitigate ransomware attacks.


Snyk Container registry security integrations extended to GitHub, GitLab, Nexus, DigitalOcean, and more

We’re excited to share that you can now use Snyk Container to scan container images stored in many more container registries. The latest additions include Github Container Registry, Nexus, DigitalOcean, GitLab Container Registry, and Google Artifact Registry.


A Real-World Look at AWS Best Practices: Logging

Best practices for securing an AWS environment have been well-documented and generally accepted, such as AWS’s guidance. However, organizations may still find it challenging on how to begin applying this guidance to their specific environments. In this blog series, we’ll analyze anonymized data from Netskope customers that include security settings of 650,000 entities from 1,143 AWS accounts across several hundred organizations.


The Identity Brief: Identity in the Real World

When we think of identity luminaries, we often think of people who have spent their careers building or designing digital identity technologies. But what about the people who take the technology out of the lab and make it work in the real world - where it matters most? These people solve real problems and create tremendous opportunities.


What is Zero Trust?

Zero Trust is a security model — a strategy for protecting an organization’s IT assets, including data, services and applications. The Zero Trust model is built upon research more than a decade ago by analysts at Forrester, and it is now recommended by many security experts and vendors, including Microsoft. Zero Trust is a security architecture model that requires no implicit trust to be given in any quarter.


The 2021 OWASP Top 10

The Open Web Application Security Project (OWASP), founded by Mark Curphey, first released the OWASP Top 10 Web Application Security Risks in 2003. The Top 10 is the closest the development community has to a set of commandments on how to build secure applications. This list represents the most critical risks to software security today and is recognized by developers as the first step toward creating more secure code.


Steps to a Successful ISO 27001 Risk Assessment Procedure

ISO/IEC 27001 is an international set of standards that provide the requirements to set up an Information Security Management System (ISMS). Implementing ISO 27001 enables organizations to better manage and secure their information assets, including intellectual property, financials, employee details, customer data, and information entrusted by third parties. Furthermore, companies can prove that they are less vulnerable to IT security incidents or data breaches by achieving ISO compliance.


Penetration Tests vs. Vulnerability Scans: What's the Difference?

A vulnerability scan identifies and reports points of weakness in your firewalls, software and web applications, servers, and other devices connected to your corporate IT systems. Vulnerability scanning is an integral part of a company’s vulnerability management process and overall security posture. There are two types of vulnerability scans: internal and external.


What To Do When Your Cloud System Crashes

Most organizations today rely on the cloud to store or manage at least some of their data and applications. If your business is considering (or already using) a cloud environment, it’s important that you know what to do if your cloud system crashes or experiences an outage. In this guide, we cover the basics of cloud computing and then outline some steps you can take in the event of a cloud crash or outage.


How to Assure Your Compliance Strategy Evolves Over Time

Compliance is a constant issue that affects businesses in multiple ways every day. Not only must your compliance program address individual acts of misconduct; the program must assure that your organization follows laws, rules, and regulations overtime — every day, day after day, in perpetuity.


Third-Party Risk Management Regulations Every Organization Should Know

Modern organizations operate in a complex business landscape. Increasingly, they rely on a plethora of third-party partners, vendors, and subcontractors to generate value, boost competitiveness, and strengthen their bottom line. And yet, these same third parties also create numerous risks that can disrupt the organization’s operations, affect its financial standing, and damage its reputation.


Data Risk Management in the Gig Economy

A huge swath of the U.S. workforce doesn’t actually hold a full-time job. As many as 40 percent of Americans work in the so-called “gig economy” — driving for ride-share services, selling handicrafts online, pet-sitting, managing a social media account for a local company, and so forth. Typically, a technology company (Uber, Etsy, Rover, AirBnB; the list is endless) matches those workers with customers who have a need.


Top 10 Risks Faced By the Manufacturing Industry

The global economy is more connected than ever, generating significant benefits for companies and industries operating worldwide. Nobody, however, is exempt from threats that drive supply chain and manufacturing risk. There is no doubt that the manufacturing industry is beset by numerous risks that affect the company and its human assets.


Application security testing is important-now can you quickly use the results?

Multiple AppSec tools lead to many results. Let Code Dx centralize your AppSec management to help you make sense of your data. Most organizations have more than one application—some large enterprises have hundreds or thousands of applications in development and production. Each application is constantly updated to fix security issues, improve performance, and meet new customer demands, and an essential part of the update process is to test the application for security issues.


Outbound email: Microsoft 365's security blind spot

Microsoft 365 is the world's go-to productivity platform - but its native security technology is limited in its ability to stop outbound email data breaches. Outbound email is the leading cause of data loss across all industries and native Microsoft 365 security features aren't intelligent enough to protect you from human-activated data loss.

ESG Research Finds SASE Adoption Has Accelerated, Multi-vendor Approaches are Preferred, and ZTNA Projects Are Leading the Way

Axis Security and industry analyst firm Enterprise Strategy Group (ESG) unveil new quantitative survey research of more than 600 cybersecurity, networking, and IT professionals in North America, UK, France, and Germany who are focused on their organizations Secure Access Service Edge (SASE) initiatives.

Everything You Need to Know About Neo Bank Security

Of all the modern business ecosystems, the Fintech sector is one of the most volatile landscapes that is teeming with industry and technological disruptions. And, adding to the pre-existing list is Neobanking. Currently, there are 246 neo banks in the world, and the market projections suggest an annual average growth rate (CAGR) of 47.7 percent until 2028, amounting to 722.6 billion U.S. dollars.


What is Ransomware-as-a-Service (RaaS)?

News of ransomware attacks disrupting supply chains has increased recently. As threat actors disrupt businesses and critical infrastructure, they may appear to be working harder. However, cybercriminals treat ransomware as a business, enabling an underground industry. Ransomware-as-a-Service (RaaS) is a growing underground industry that continues to place sensitive information at risk.


How SECUDE's HALOCORE complements Microsoft 365 E5 Compliance for securing sensitive SAP data

The new normal of working remotely calls for solutions that are seamless, flexible, and secure. Most enterprises believe that they are well-equipped to address the evolving cybersecurity threats. However, when employees connect through a myriad of devices, most of the time the security is highly questionable. This is because either they do not use secure devices or lack critical security updates. With cyberattacks becoming highly sophisticated, a host of security challenges awaits for the enterprise!

ConveneAGM - Redefining the Future of Virtual AGMs

ConveneAGM is the national leading virtual AGM system for listed companies, institutions, and membership associations to hold their annual general meetings and any other company-wide meetings. Our solution empowers companies to hold engaging virtual or hybrid AGMs for their shareholders that are compliant to legislative guidelines. If you're interested, you may email us at and we'd gladly assist regarding any inquiries.

The meaning behind XDR: A beginner's guide to extended detection and response

In the world of threat detection and response, alert fatigue and tool sprawl are real problems. Security professionals are struggling to manage different tools and control points and still relying on manual processes, which results in security that is fragmented and reactive. Analysts need better visibility and control, more context, and better use of automation so they can cut through the noise and respond to threats faster and more effectively.


Do We Still Need a Bastion?

There is a growing discussion among network engineers, DevOps teams, and security professionals about the security benefits of bastions. Many assume that they are the “old way” of network access and have little relevance in the modern cloud native stack. These speculations are not irrelevant as in recent years, the corporate IT network perimeter as we knew it is diminishing, and the concept has been shifted to data, identity, and compute perimeter.


Lookout is Collaborating With the U.S. Government on a New Vision for Zero Trust

In early 2020, almost every government agency embraced telework in response to the pandemic. With telework, employees operate outside the security perimeter that was put in place to protect them and the agency’s data. As a result, telework has had significant cybersecurity ramifications. Lookout has a long history of collaborating with the public sector to secure agency employees.


BazarLoader: Using LoLBins through Office Documents to Deliver Payloads

Malicious Microsoft Office documents are a popular vehicle for malware distribution. Many malware families such as Emotet, IcedID, and Dridex abuse Office documents as their primary distribution mechanism. Attackers have long used phishing emails with malicious Microsoft Office documents, often hosted in popular cloud apps like Box and Amazon S3 to increase the chances of a successful lure. The techniques being used with Office documents are continuing to evolve.


Why-and How-Managed Service Providers Need to Evolve

As a managed service provider, you can never sit still. Change is constant, whether it’s the technology, business needs, or clients’ expectations. And while MSPs are accustomed to the churn, this time it’s different. Businesses are digitizing their assets and moving to the cloud, governments continue to layer on more data regulations, security threats are on the rise, and the pandemic has turned traditional office culture on its head.


CIS Control 5: Account Management

Knowing who has credentials, how those credentials are granted, and how they are being used is the foundation of any secure environment. It begins with user accounts and the credentials they use. Maintaining a thorough inventory of all accounts and verifying any changes to those accounts as authorized and intentional vs unintended is paramount to establishing a secure environment and this includes service accounts.


2021 SecureAge COVID & cybersecurity study

In 2021 SecureAge surveyed 1,000 US-based respondents (400+ employers; 600+ employees), 600 UK-based respondents (200+ employers; 400+ employees), and 300 Japan-based respondents (100+ employers; 200+ employees) to find out more about cybersecurity concerns during the pandemic and what has been done to prepare for the future. The study, conducted between July and August 2021, revealed new cybersecurity trends as well as how businesses have and have not adapted.


Credential leaks are growing on the dark web

Credential leakage on the dark web is constantly growing, which reveals a painful reality: a significant proportion of organizations still don’t protect employee data properly. A report published by Arctic Wolf highlights that the number of corporate passwords that have been leaked to the dark web has shot up by 429% since last March. Thus, on average and for each organization, up to 17 credentials (including username and password) are available on the dark web.


Through edtech, society's cybersecurity ability is heading up a notch

Edtech is helping to provide children and adults all over the world with new and updated skills and knowledge. One important area it’s helping with is cybersecurity. A recent report by Forbes gave the opinion that edtech would provide the perfect backdrop for cybersecurity learning, and it's easy to see why.


Integrating static analysis tools with build servers for continuous assurance

Learn how to set up continuous assurance with Code Dx to improve code quality and security at the speed of DevOps. Continuous integration (CI) has made a tremendous impact on how we develop software. The concept is simple: fail fast and fail often. This allows the team to fix problems before they become a big deal, saving time and money.


Yes, We Really Are This Confident in NewEdge Performance. Here's Why.

Over the last year, we’ve made tremendous progress expanding NewEdge to provide Netskope customers with the global coverage they demand. We have real, full-compute data centers in nearly 50 regions today and plans to go live with our Lima, Peru data center in early October (which will be our fifth in Latin America).


What are bots costing the financial services industry?

Netacea recently conducted a wide-ranging survey to uncover how much bots are really costing businesses. We compiled responses from 440 enterprise businesses spread across the US and UK, and have summed up our findings in an exclusive report, as well as an upcoming live webinar. Of all the sectors we surveyed, financial services was the industry most affected by API attacks, with 97% of businesses stating an API had been attacked by bots in 2020.


MPT's Value at Veracode

You finally have some budget to buy tools for your application security (AppSec) program! GREAT! Purchasing the correct tools for your AppSec pogram can be overwhelming. Even when looking only at point solutions, there still may be some confusion on the value that various tools can provide. Sometimes you'll find the perfect tool, but others may offer you a similar tool with added manual penetration testing (MPT) as part of the overall bundle. That seems like a great idea for the budget.

Forward Networks

How to Safely Integrate Networks During Mergers and Acquisitions

I recently published a piece in Dark Reading covering the network security challenges of M&A activity. As we ease the restrictions put in place to combat COVID-19, we’re expecting to see business activity including M&A pick up speed, it’s important that the implications of integrating networks are fully understood to ensure that the expected business benefits are achieved as soon as possible.


Snyk Code CLI support now in public beta

Snyk is on the mission to make Static Application Security Testing (SAST) tools work for developers throughout the DevOps pipeline. Snyk Code scans in real time with high accuracy — and it does it right from the tools and workflows developers are already using. For example, the IDE plugins for IntelliJ, PyCharm, WebStorm, and Visual Studio Code make it easy to code, scan and fix even before code hits the version management.


How to Map HIPAA to ISO 27001

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a U.S. federal law meant to protect sensitive electronic protected health information (ePHI). Every healthcare organization (“covered entity”) must comply with its two fundamental rules. In 2013, the U.S. Department of Health and Human Services (HHS) passed the HIPAA Omnibus Final Rule, which expanded compliance requirements to the business associates that also handle ePHI on behalf of covered entities.

RDP Forensics without endpoint visibility

With increases in remote work, VPN and RDP services are prime targets for gaining unauthorized access to organizations. RDP services secured by passwords are subject to brute-force guessing and credential stuffing attacks, not to mention remote exploitation. Advisories are using RDP to gain initial access to organizations and then pivot to distribute and spread ransomware. In this technical training, we will take a deep dive look at threats to RDP services, adversarial TTP involving RDP, and explore how artifacts from encrypted RDP sessions are leveraged to build detections.

Using Zeek to track communication state

One of Zeek's greatest strengths is its ability to deeply inspect packet streams that are fed into it. It is adept not only at identifying network protocols but also parsing them to extract large amounts of useful information. There is another strength that is often overlooked: Zeek not only extracts information from individual packets of network sessions, it also provides a very flexible and useful way to track state across the lifetime of network sessions.


Detecting CVE-2021-38647 - OMIGOD

Researchers at recently found a series of vulnerabilities in Windows Open Management Infrastructure (OMI) software, which is widely installed on cloud-based Azure Linux Agents. We have open-sourced a Zeek package for the most severe of these vulnerabilities, which we’ll discuss later in this blog. One of the four vulnerabilities found is a trivially exploitable unauthenticated remote code execution (RCE).


5 Tips to Provide Your Customers with The Advanced Endpoint Security They Really Need

Advanced cybersecurity is now the baseline of complex IT environments that include computers, servers, laptops, and other devices that may be used within the corporate network but also outside the office. It is also critical to face the growing threat landscape of advanced, silent, and targeted attacks. But how can you make sure you meet each of your customers’ specific requirements and deliver a cutting-edge IT approach in a way that is sustainable for your business?

Office 365 Administrator's Guide

If you are just getting started with Office 365 or you want to master its administration, this guide is for you. The beginning features very easy tasks, including provisioning and de-provisioning of Office 365 user accounts. Then it offers guidelines on managing licenses and explains how to administer different applications using both the Office 365 admin console and PowerShell. Last, this Office 365 tutorial (.pdf) provides more advanced guidance, helping you set up a hybrid environment, secure your cloud-based email application with encryption and spam filtering, and more. After reading this guide, you'll also know how to troubleshoot Office 365 issues, ensuring a seamless experience for your business users.

Top 3 Cyberattacks in 2021

A recent study reveals that cybercrime costs the world economy more than $1 trillion a year - a 50% increase since 2018. Damage to companies also includes downtime, ruined reputation, and reduced efficiency. To help you mitigate the information security risk, we have put together this short ebook to inform you about the top 3 cyber attacks in 2021, how they work, how to detect and efficiently prevent them.

8 Ways to Secure the Internet of Medical Things (IoMT)

Connected devices offer healthcare providers ways to remotely monitor patient health. Additionally, hospitals use these devices for enhanced patient care, including medication delivery and vitals monitoring. However, malicious actors often use unsecured IoMT as part of their attack methodologies.


Use Kubescape to check if your Kubernetes clusters are exposed to the latest K8s Symlink vulnerability (CVE-2021-25741)

A new HIGH severity vulnerability was found in Kubernetes in which users may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. The issue is affecting the Kubelet component of Kubernetes (Kubelet is the primary "node agent" that runs on each node. It registers the node with the apiserver and launches PODs on it).


How to cyber security: Butter knives and light sabers

Building an effective application security program for your organization begins with establishing policies and processes. Psychologist Abraham Maslow wrote, in 1964, “Give a small boy a hammer, and he will find that everything he encounters needs pounding.” This is commonly rephrased as “if you have a hammer, everything looks like a nail.”


Why Is Traditional SIEM Not Enough Anymore?

Cybersecurity has been gaining more and more importance due to the increasing number of cyber attacks and hackers threatening organizations of every size. In order to enable your business operations to continue and your organization to be safe and secure, you should benefit from real-time security monitoring, threat detection, investigation and automated responses. Once implemented, a SIEM solution becomes a vital component of an enterprise security strategy.


4 Barriers to DevSecOps Adoption

DevSecOps is a process that aims to build security in at the outset of software development. It ensures security audits and testing throughout the agile development process so that security is a priority – not an afterthought. A new survey of more than 1,000 security leaders conducted by Ponemon Research and security firm Reliaquest finds almost half (49%) of security leaders are enabling DevSecOps best practices in their organizations. That’s a promising number.


INETCO Launches Game-changing Payment Fraud Solution

Vancouver, Canada – September 14th, 2021 – INETCO Systems Limited, a leader in real-time payment fraud prevention, is pleased to announce the launch of INETCO BullzAI, which combines a web application firewall with a real-time payment fraud detection and blocking system in one elegant solution.


How to Report a Data Breach per GDPR

The General Data Protection Regulation (GDPR) Act is a broad set of data privacy rules that define how an organization must handle and protect the personal data of citizens of the European Union (EU). The Regulation also outlines the way that organizations can report a data breach. Articles 33 and 34 outline the requirements for breach notification; however, most businesses are still unaware of their responsibilities.


Cybersecurity Maturity Model Certification (CMMC) - A Model for Everyone

Data breaches have reached a fever pitch over the last few years. The rapid frequency of successful attacks coupled with the rising costs to businesses has raised attention at the highest levels of global governments. In the past, breaches were relatively “localized,” that is, they affected the targeted company only. However, the newer attacks have disrupted entire supply chains.

Research Report: Application Security, Executive Orders and Compliance

In May 2021, the White House issued an Executive Order (EO) focusing on improving the United States' cybersecurity posture. Among other things, the EO calls for enhancing software supply chain security and strengthening the security of software used by the Federal Government. In short, this EO puts application security (AppSec) front and center. Beyond this EO, various regulatory and industry guidelines and mandates either imply or point directly to building stronger AppSec programs to protect private consumer information.

Everything You Need to Know about Cyber Crisis Tabletop Exercises

Cybersecurity has become a critical concern in every business sector nowadays due to organizations’ growing dependency on technologies. Research by Immersive Lab reported that in 2019 there were more than 20,000 new vulnerabilities. Not only that, TechRepublic reported that global companies experienced a 148% spike in ransomware attacks after COVID-19 hit the world. So, for most organizations, the question isn’t who will be the target of a cyber attack.


The Digital Pandemic - Ransomware

In 2021, there are two words that can send a cold chill down the spine of any Cybersecurity professional and business leader; Phishing and Ransomware. Research carried out by the Data Analytics and training company CybSafe, identified that 22% of all cyber incidents reported in the first quarter of 2021 were ransomware attacks. According to the figures obtained from the Information Commissioners Office, they are up by 11% compared to 2020.


How to manage and secure service accounts: Best practices

Service accounts can be privileged local user or domain user accounts or have domain administrative privileges. Service accounts best practice involves usage to execute applications and run automated services. A single service account can easily be referenced in many applications or processes. The critical nature of their usage and their use makes them challenging to manage.


LDAP vs Active Directory: What's the Difference

The main difference in LDAP vs Active Directory is that while both LDAP and Active Directory are used for querying user identity information, AD contains a complete network operating system with services such as DNS, DHCP etc. In contrast, LDAP does not have any of those functionalities. Understanding LDAP plays an essential part in getting to know your Active Directory better and preventing data breaches and unauthorised access.


Cyber Hygiene: Importance, Benefits and Best Practices

The internet and all of its conveniences have had a significant impact on how we do business. Our reliance on technology has never been greater, which means cyber hygiene is more important than ever before. In this blog post, we will talk about cyber hygiene, its benefits and why it’s so essential for businesses to practice it.


Cyber Security Incident Response Plan - How to Create One?

Cyberattack is one of the common threats that modern businesses are facing today. Despite the growing threat landscape of cybersecurity attacks, many small and medium companies that experience data breaches and threats do not have adequate preparations. This includes prevention measures before the attack and incident response plans during/after the attack.


How brute-force attacks are spearheading ransomware campaigns

Ransomware groups have been exploiting the switch to remote work unlike any other. Ransomware attacks increased by more than 485% in 20201. By 2031, a new organization is expected to fall prey to a ransomware attack every 2 seconds2. Multiple reports by threat hunting firms confirm that the primary attack vector they are using to infiltrate corporate networks are poorly guarded Remote Desktop Protocol (RDP) connections.


Weekly Cyber Security News 17/09/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Cryptocurrencies are never far from the news, and with El Salvador making it an official currency many are jumping at the slightest news of an uptick in respectability. That thirst has not gone unnoticed and a fantastic coup played out in the last week.


Designing Your Hybrid Workplace: Things to Consider

In today’s definition, a workplace is no longer a place. Most people realized they could work literally anywhere — office, coffee shop, home. Organizations and companies worldwide have turned to remote working for some time now. With the onset and offset of multiple lockdowns in many countries, there is a need to implement a hybrid workplace to adapt to the demanding conditions of today’s work setup.

New Trends With Ransomware - Fall 2021

Ransomware has become an annual event for many organizations, costing them millions in lost productivity and revenue. While there have been some notable successes in fighting off this threat, the industry as a whole must continue strengthening its resolve in order to safeguard against future attacks. Part of this can come down to recognizing the role that users and employees play in fighting off these attacks and providing them with info and tools they need to help reduce risks.

Five takeaways from my first year at Styra, the founders of Open Policy Agent

It has been one year since I joined Styra as the first European hire, and what a year it has been! Not only have we significantly grown our customer footprint with enterprises such as Zalando, European Patent Office and Extenda Retail, but the EMEA team has been growing at a rapid pace across engineering, sales and customer success and open source! I thought I’d share some takeaways on the industry / market from my interactions with customers and the community.


Hunting for Malicious PowerShell using Script Block Logging

The Splunk Threat Research Team recently evaluated ways to generate security content using native Windows event logging regarding PowerShell Script Block Logging to assist enterprise defenders in finding malicious PowerShell scripts. This method provides greater depth of visibility as it provides the raw (entire) PowerShell script output. There are three sources that may enhance any defender's perspective: module, script block and transcript logging.


How Devo Helps Our Customers Solve Pressing Cybersecurity Challenges

For the past 10-plus years, cybersecurity solutions have been innovating rapidly to thwart new threats. But as they solved security challenges, new ones constantly emerged — especially as organizations continue to expedite their digital transformation efforts and shift to the cloud.

The Tokenised Auth

Authentication can sound simple. It's just a login form and a couple of database columns, right? Why would you need a separate identity platform to solve this? You've probably heard that you shouldn't roll your own crypto, or payments. Well, add authentication to that list. Ben Dechrai joins us to discuss the aspects of good authentication, from tokenisation to multi-factor, and dives into a few features of Auth0 that help you customise, extend, and personalise your users' experience.

Conducting Penetration Testing for Your Corporate Security

Understanding your organization’s cybersecurity posture is becoming more important every day. So how do you know how secure your IT infrastructure really is? One way to get a glimpse into your organization’s security is penetration testing: pretending (or hiring someone to pretend) to be a hacker, attempting to infiltrate your organization’s physical and cyber systems however possible.


NIST's New Draft for Ransomware Risk Management

Cyberattacks against businesses of all sizes are at all-time highs. Data from 2021 and projections for the future of cybersecurity suggest that the frequency and intensity of these attacks will only continue to grow. At the forefront of most cyberattacks in 2020 was ransomware, a type of malicious malware attack where attackers encrypt your organization’s data and demand payment in exchange for a decryption key to restore access.


How to protect yourself from APTs to avoid incidents like the Microsoft Exchange case

APTs (Advanced Persistent Threat) have more serious consequences than conventional cyberattacks. The explanation for this lies in the fact that, on the one hand, the perpetrators spend much more time and effort (often promoted by government organizations), and on the other, the victims are also more high profile.


Opportunistic Attackers: Who Are They and How Can You Deter Them?

When presented with an opportunity, people who never even planned to attack your organization may turn into a severe cybersecurity threat. Forget to block a dismissed employee from accessing your system and they may steal or alter your critical data. Grant a third-party contractor excessive access to your infrastructure and they may cause a serious data breach. That’s why it’s crucial to make sure you don’t give insiders an opportunity to turn malicious.

Data Exfiltration in Ransomware Attacks: Digital Forensics Primer for Lawyers

Nearly 80 per cent of all ransomware attacks in the first half of 2021 involved the threat of leaking exfiltrated data. Exfiltration is a popular pressure tactic as it introduces the threat to publish stolen sensitive data to a threat actor extortion website if a ransom payment is not received. Our team currently tracks over 40 threat actor extortion websites, with new sites belonging to new ransomware groups emerging each week.


Partnerships - The Key to Navigating the Industrial Security Landscape

The events of 2020 helped to accelerate the convergence between information technology (IT) and operational technology (OT) for many organizations. As reported by Help Net Security, for instance, two-thirds of IT and OT security professionals said in a 2020 survey that their IT and OT networks had become more interconnected in the wake of the pandemic.

Axis Security

Confluenza and the Network Attack Surface, Part 2

In Part I, we put on the shoes of a novice hacker and easily exploited a Confluence Server on the public internet, resulting in full network access. We also realize the problem is not specific to a software vendor but rather the common practice of placing servers on the public internet. Make sure to read Confluenza: What is CVE-2021-26084 and why should you care by Gil Azrielant (CTO, Axis Security) for more technical details around this exploit.


ForgeRock Is Now a Public Company

ForgeRock launched in 2010 to help build a future where people could simply and safely access the connected world. At the heart of the company is the belief that better access to what you want to achieve online can transform business and change lives. Today, our team is taking an important step together that will further our mission. We are now a public company, trading on the New York Stock Exchange under the symbol FORG.


ASOC series part 3: How to improve AppSec accountability with application security orchestration and correlation

Accountability is essential for AppSec analysts, managers, and CISOs. Learn how ASOC tools bring the visibility and transparency required. We have already discussed how application security orchestration and correlation (ASOC) makes the AppSec process more efficient and scalable. In this final post in our ASOC series, we will demonstrate how ASOC tools bring accountability to both the technical and business sides of application security.


What is a Network Vulnerability Assessment?

A network vulnerability assessment is the reviewing and analyzing of an organization’s network infrastructure to find cybersecurity vulnerabilities and network security loopholes. The assessment can be carried out either manually or by using vulnerability analysis software — although the latter is preferred because it’s less susceptible to human error and usually delivers more accurate results.


What is an Audit Universe?

An audit universe is a document that details all the audit activities to be carried out by the internal audit function. It consists of multiple and distinct auditable entities, processes, and activities, which can be considered “auditable units.” The number of these auditable units varies depending on the organization’s size, business complexity, and operational scale. In some cases they can run into the hundreds or even thousands.

Demo - Remote Browser Isolation

Safely isolate risky and uncategorized websites. Remote browser isolation (RBI) uses pixel rendering to deliver seamless and safe viewing of risky websites and ensures no website code executes on end-user devices. RBI isolates uncategorized and risky websites as an option for Netskope secure web gateway (SWG) solutions. Known safe sites are allowed, known bad sites are blocked, and risky websites are isolated for safe viewing all within one cloud platform, one console, and one policy engine.

Minnesota Judicial Courts See $1M ROI with Splunk

Security analysts know this situation well: inundated by alerts, alternating between 10 different security tools, and feeling the pressure of responding to each and every threat. It’s typically around this point that SOC teams realize it’s humanly impossible to process the amount of data that needs to be processed, and they should start looking for a solution. Gretchen White, Chief Information Security Officer at Minnesota Judicial Courts, experienced this firsthand.


Anatomy of a Cloud Infrastructure Attack via a Pull Request

In April 2021, I discovered an attack vector that could allow a malicious Pull Request to a Github repository to gain access to our production environment. Open source companies like us, or anyone else who accepts external contributions, are especially vulnerable to this. For the eager, the attack works by pivoting from a Kubernetes worker pod to the node itself, and from there exfiltrating credentials from the CI/CD system.


To Detect or Not to Detect, Is that the Question?

Tripwire Enterprise (TE) is at its heart a baselining engine. It’s been built to take information, create a baseline of it, and show when that baseline has changed. (It’s called a “version” in TE terms.) TE starts with a baseline version designated by an organization’s security teams. At some point, a change version with new information (file, registry entry, RSoP, command output, or data captured in some other way) emerges.


Kubernetes network segmentation using native controls

Network segmentation is almost as old as computer networking. The evolution of network segmentation went through switches to routers and firewalls, and as modern networks evolved, the ability to better control traffic by operating system native functionality evolved as well. Native controls like IP Tables became lingua franca, alongside access control lists, process isolations, and more. Native controls are not a new concept.

5 Stats On The Costs Of Data Loss EVERY Business Owner Needs To Know

A major data loss event is one of the most detrimental things that can happen to a business. They’re not only costly, the side effects of such an incident are felt long after the loss occurs. Some businesses never recover and ones that do are left dealing with the consequences for years.

What Is SIEM?

Technology companies love abbreviations and acronyms. Starting with what’s probably the original tech company, International Business Machines (better known as IBM), initials, abbreviations and acronyms continue to dominate the personal computer (PC), telecommunications (telco), security operations (SecOps), and many other tech industries.


Supply Chain Security Update: How Secure is Composer?

When it comes to PHP, composer is without discussion, THE package manager. It’s fast, easy to use, actively maintained and very secure — or so most thought. On April 21, 2021, a command injection vulnerability was reported, which shook the PHP community. Fortunately it didn’t have a very big impact, but it could have. The problem with the vulnerability is that it affected the very heart of the Composer supply chain: Packagist servers.


What is Regulatory Compliance?

Regulations have long existed to govern how organizations collect and use information online, as well as what cybersecurity precautions organizations should take while conducting business online. As digital transformation of business processes has accelerated in the last few years, however, that means ever more organizations — large and small — must comply with all those regulations.


What is HIPAA Compliance?

The Health Insurance Portability and Accountability Act (HIPAA) was enacted by Congress in 1996 to prevent medical fraud and to assure the security of protected health information (PHI), such as names, Social Security numbers, medical records, financial information, electronic health transactions and code sets. The law is managed by the U.S. Department of Health & Human Services (HHS).


Beyond the Binary: A Third Contender in the Full Tunnel vs. Split Tunnel VPN Debate

Co-authored by James Robinson and Jeff Kessler As rapidly as wide-area networking (WAN) and remote access strategies with associated technologies are changing, we’re always surprised by the amount of time some security professionals and auditors dedicate to the either/or debate between split tunnel and full tunnel connectivity.


What is the California Privacy Rights Act (CPRA) 2020 and how does it compare to the CCPA?

The California Privacy Rights Act (CPRA) is an extension of the 2018 California Consumer Privacy Act (CCPA). The goal of both laws is to enhance the privacy rights of California residents with regards to the personal information that companies collect about them, giving them the right to see, delete and limit the sale of that data. The CPRA will be fully implemented in mid-2023. In this article, we will take a close look at the provisions of CPRA and how it amends the CCPA.


2021 Gartner Market Guide for Cloud Workload Protection Platforms (CWPP)

Based on our understanding of the Gartner report, security and risk management leaders should develop a strategy for addressing the unique and dynamic requirements for protecting hybrid cloud workloads. Gartner's recommendations for cloud workload security include: Sysdig is listed by Gartner® as a Representative Vendor for Cloud Workload Protection Platforms. Gartner also notes Sysdig in the list of companies building or acquiring CSPM capabilities.

What is Security Compliance Management?

Security compliance management is the process of monitoring and assessing systems, devices, and networks to ensure they comply with regulatory requirements, as well as industry and local cybersecurity standards. Staying on top of compliance isn’t always easy, especially for highly regulated industries and sectors. Regulations and standards change often, as do threats and vulnerabilities. Organizations often have to respond quickly to remain in compliance.


Zero Trust by Executive Order | Best Practices For Zero Trust Security You Can Takeaway From Biden's Executive Order

Cyber attacks, like the pandemic that has spurred the rise in incidents, have been relentless. Over the past eight months, there has been a significant escalation as the sophistication of these attacks has risen. Hackers are going after key vendors, allowing them to target wide swaths of valuable victims like we have seen in the attacks on SolarWinds, Microsoft Exchange, Colonial Pipeline, and more recently, MSP software provider Kaseya.


What Hybrid Workplace Setup is the Right One for You?

As we continuously make our way towards a post-pandemic world, adapting to the new normal is necessary. Speaking of new normal, one big trend we are seeing in the workplace is going hybrid. In fact, some organizations consider going hybrid as the future of work. Going hybrid means establishing a work setup that involves both working in the office and elsewhere, usually at home.


How to Build Your Employee Monitoring Posture to Combat Ransomware

Ransomware has become an annual event for many organizations, costing them millions in lost productivity and revenue. While there have been some notable successes in fighting off this threat, the industry as a whole must continue strengthening its resolve in order to safeguard against future attacks. Part of this can come down to recognizing the role that users and employees play in fighting off these attacks and providing them with info and tools they need to help reduce risks.

Axis Security

Confluenza and the Network Attack Surface, Part 1

It feels like there’s a new story every week about a vulnerability that affects thousands of enterprises. This is great job security for everyone working in InfoSec, as well as anyone on the “other” side! Before we get to the fun stuff, I want to reiterate how vulnerabilities like this can happen to any vendor. We are here to learn from these situations and share insights on how these types of situations can be mitigated.


The Intersection of AppSec and Compliance

In May 2021, the White House issued an Executive Order (EO) focused on improving the United States’ cybersecurity posture. Among other things, the EO calls for enhancing software supply chain security and strengthening the security of software used by the Federal Government. In short, this EO puts application security (AppSec) front and center.


Introducing the new Snyk Docs Portal and Support Portal

We’re excited to announce two big updates to our Snyk User Content platform. You can now get better, quicker, clearer access to Snyk user documentation, allowing you to find the information you need, to get more and better use of your Snyk platform. This will help you implement, enable, and configure your Snyk integration, leading to a faster and smoother adoption and usage of Snyk at your company. Here are the enhancements to our User Content platform.

Access Control Podcast: Episode 9 - SRE-Powered Dev Productivity

In this ninth episode of Access Control, a podcast providing practical security advice for startups, Developer Relations Engineer at Teleport Ben Arent chats with Mario Loria. Mario is a Senior SRE at Carta who has been leading their move to Kubernetes and other cloud native technologies. Carta helps companies and investors manage their cap tables, valuations, investments, and equity plans. As users of Carta, we hope their security is top notch. Today we’ll be chatting about orchestrating Kubernetes, training teams on cloud native, and optimizing for the developer experience!

DevSecOps Road Trip Netherlands stop - Nanne Baars & Brian Vermeer

Session 1: From attack to writing code...what do you need to know as a developer? We will look at a concrete attack called: "XML external entity attack (XXE)" and see how we can trace it back to writing code. The described mitigations are simple: configure your parser securely, but is it this simple? We will focus on some examples and see if we can catch the attack with tests, code reviews, etc. Nanne Baars, Developer at Xebia and OWASP WebGoat Project lead

Demo - Introduction to Netskope SaaS Security Posture Management (SSPM)

Continuously enforce correct cloud configurations for SaaS Applications. SaaS Security Posture Management (SSPM) ensures common SaaS applications like O365, Zoom, Github, or Salesforce are correctly configured, prevents drift, and simplifies compliance management. Built-in guided remediation helps ensure misconfigurations are swiftly fixed before they can be exploited. Netskope SSPM compliments CASB for unmatched SaaS security.

Carson Zimmerman Versus Anton Chuvakin: A Live SOC Debate!

Bloggers and social media pundits are full of grandiose proclamations and claims about security operations. SIEM is dead. The only way to run a SOC is to outsource. Everything is encrypted, so don’t bother with network monitoring. Data collection only requires one schema. Automation will eliminate the need for all humans in the SOC. The list goes on.

Don't Let Account Takeovers (ATO) Take Over Your Business

A long time ago (in the early 2000s), I was playing games online. One of my accounts was compromised – the password was changed, and multiple “high-priced” items I had earned were “traded” without my knowledge, to the account of another player. One could easily blame my simple password at that time when there were no rules around password strength. Regardless of the reason, what happened was one of the earliest versions of an account takeover (ATO) attack.


CIS Control 4: Secure Configuration of Enterprise Assets and Software

Most fresh installs of operating systems or applications come with pre-configured settings that are usually insecure or not properly configured with security in mind. Use the leverage provided by multiple frameworks such as CIS Benchmarks or NIST NCP to find out if your organization needs to augment or adjust any baselines to become better aligned with policies your organization is trying to adhere to.


5 reasons why security automation won't replace skilled security professionals

The cybersecurity landscape is constantly evolving, even more so in the past decade, with technological revolutions changing the core of the cybersecurity industry. With new emerging technologies, machine learning, security automation, and AI are slowly but surely becoming a reality in the cybersecurity world. But as the cybersecurity landscape continues and redefines the roles of security workers, which logically begs the question - what does this mean for security professionals?


Back to Basics: Making a Start with GRC

Companies list governance, risk, and compliance (GRC) as a top priority, but “doing GRC” isn’t easy. It takes time, effort and a strategy – and starting is usually the hardest part. So, in the first of our Back to Basics blogs, we’re going to focus on where every compliance and risk practitioner should start when building a GRC program: selecting the compliance frameworks which will form the foundation of your GRC program…


What is 5G security? Explaining the security benefits and vulnerabilities of 5G architecture

5G is already transforming and enhancing mobile connectivity. With its high speeds and low latency, almost all businesses and industries are now in the position to digitize applications and services they couldn’t dream of not long ago. With 5G networks, billions of devices and IoT (the internet of things) are interconnectible — leading to use cases like smart cities, AR/VR on mobile networks, remote medicine and much more. The potential is practically unlimited.


A guide to OWASP's secure coding

Modern organizations rely heavily on software and systems. Secure coding standards are significant, as they give some assurance that software installed on the organization’s system is protected from security flaws. These security standards, when used correctly, can avoid, identify, and remove loopholes that might jeopardize software integrity. Furthermore, whether developing software for portable gadgets, desktop systems, or servers, secure coding is critical for modern software development.


SECUDE Extends Data-centric Security Across PLM and Multi-CAD Integrations

LUCERNE, SEPTEMBER 2021: SECUDE, a leading Digital Rights Management (DRM) solutions provider based on Microsoft Azure Information Protection (AIP) today announced that its flagship product HALOCAD® extends data-centric security across PLM and Multi-CAD integrations


Paths into coding: Netacea's National Coding Week Q&A

The theme of this year’s National Coding Week (from 13th September) is “digital skills stories”, where people share their career stories to help inspire others to get into coding. Whether you are a student interested in a future career in coding, someone already in the industry looking for a new challenge, or even if you don’t know how to code but want to learn, there is plenty of inspiration to be found.


SANS Report Reveals Significant Growth in Automation: Maximize Your Investments

The SANS 2021 Automation and Integration Survey is now available for download, focusing on the question: First we walked, now we run – but should we? Let’s face it, we’ve talked about security automation for years. We’ve grappled with what, when and how to automate. We’ve debated the human vs machine topic.


Styra DAS: Building for the Open Policy Agent community

It’s been a great year so far for the Open Policy Agent (OPA) project and community. OPA achieved graduated status in the Cloud Native Computing Foundation (CNCF) in February and is quickly nearing 100 million downloads! With all this growth, we were excited to see the results of the second annual Open Policy Agent user survey. As I mentioned in my post on the Open Policy Agent blog, we survey the community to help better steer the project's long-term roadmap in the right direction.


A new approach to AppSec

Are you putting your organization at risk with outdated security strategies? Embrace next-gen AppSec to reduce security risks without impeding DevOps. Application development practices continue to evolve, enabling development teams to deliver applications at a pace never before thought possible. At the same time, cyber-criminals have developed new levels of attack strategies and intensified their focus, making it more important than ever to scrutinize applications for security vulnerabilities.


A (soft) introduction to Python dependency management

Python has been deemed as a “simple” language — easy to use and easy to develop scripts to do numerous tasks — from web scraping to automation to building large-scale web applications and even performing data science. However, dependencies are managed quite differently in Python than in other languages, and the myriad options of setting up an environment and package managers only add to the confusion.

Siemplify: The Only Cloud Native SOAR Platform for Anywhere Security Operations

It’s time to think location-independent and people-centric. It’s time to build sustainable resilience and flexibility. It’s time to have an “anywhere operations” approach. The Siemplify Security Operations Platform, the industry's only cloud-native SOAR, sets you up with the building blocks you need to think beyond the traditional SOC and move into an anywhere operations mindset.

Straight Talk Series: Network and Security United

A Secure Access Service Edge (or SASE) solution requires both network and security teams, and their tools to work together harmoniously. Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, Netskope is fast everywhere, data-centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.

Ask SME Anything: What's the difference between SASE and SSE?

In this episode of Ask SME (Subject Matter Expert) Anything, Netskope’s Tony Kros dives into Gartner's new term Security Service Edge (SSE), what distinguishes SASE from SSE, and why both concepts are so fundamental to building cloud-centric security and networking architectures of the future.

Who Do You Trust? Challenges with OAuth Application Identity

In our recent blog, Who Do You Trust? OAuth Client Application Trends, we took a look at which OAuth applications were being trusted in a large dataset of anonymized Netskope customers, as well as raised some ideas of how to evaluate the risk involved based on the scopes requested and the number of users involved. One of the looming questions that underlies assessing your application risk is: How does one identify applications? How do you know which application is which? Who is the owner/developer?


Supervised Active Intelligence - The next level of security automation

Taking a proactive approach to threat hunting in cybersecurity is crucial, especially today when attacks are more stealthy and more complex than ever. What this means is that the olden ways of cybersecurity relying on time-consuming manual workflows are slowly becoming obsolete, and cybersecurity teams must be supported by active learning intelligence in their threat hunting processes.


Understanding the Benefits of Managed Cyber Services

As part of our upcoming attendance at the International Cyber Expo & International Security Expo, we were lucky enough to sponsor The Cyber Security Webinar Series with Nineteen Group and Grey Hare Media. Both Philip Ingram MBE and Emanuel Ghebreyesus, strategic account director for Tripwire, spoke about several topics including: You can read some of the highlights from their conversation below.