December 2021

Why DevSecOps is Going Passwordless

I talk to a lot of engineers every day. SREs. Systems Architects. Security Engineers. What I am hearing from them is that they are moving away from passwords — both in their personal lives, opting for more secure forms of authentication like biometrics and second factors, and at work. It just doesn’t make sense anymore to protect your personal bank with a second factor, but to share around an SSH key to access critical server infrastructure.

Automotive Industry Glance

Subscriptions-based services are a reality we all are getting used to; most people no longer buy physical media for example, opting to use streaming services for movies and music. This has numerous advantages like letting us explore new artists and genres without additional costs and commitment. Yet, while best known for its implementation in the digital world, subscription payment models are slowly but surely being adopted by more and more industries.

Three Little-Known Features in Teleport That I Wish Everyone Knew

As a solution architect at Teleport, I help potential customers get up and running with Teleport, but I am also a power user myself. In my time here, I have picked a few favorite features to help me be more efficient using Teleport, but they aren’t as widely known as they should be. This article hopes to change that and give some love to three little-known features that can enhance your usage of Teleport. I use them every day and hope that after reading this blog, you will too.

Arctic Wolf's 2021 Year in Review

The pride of Arctic Wolf is our Pack. Now more than 1,200 Wolves strong, our team’s dedication, drive, and commitment to ending cyber risk has enabled unprecedented growth and innovation for Arctic Wolf. As we close out 2021 and look to the year ahead, we wanted to take a moment and reflect on a few of the highlights from the past year.

How to Secure Kubernetes, the OS of the Cloud

As infrastructures and workloads transition to cloud and teams adopt a CI/CD development process, there is a new paradigm shift: infrastructure is becoming code. This approach of treating infrastructure as code (IaC) is incredibly powerful, brings us many advantages, and enables transformative concepts like immutability. We define infrastructures in a declarative way and version them using the same source code control tools (in particular git) that we use for our application code.

Using Visibility to Combat Against Ransomware

In the first half of 2021, average ransomware demands surged by 518%, while payments climbed by 82%. There has been a growing number of attacks in healthcare, with 560 healthcare facilities hit by ransomware last year in the U.S. alone. As new attacks generate headlines each week, we get real-world use cases for how ransomware proliferates in diverse ways, including social engineering attacks and exploitation of vulnerabilities.

What is Penetration Testing (Pen Testing)?

Penetration testing (also known as pen testing) is the process of checking if your infrastructure and applications are robust enough to protect against cyberattacks. This is done by effectively hacking your own systems in a controlled way to simulate a cybercriminal’s activities. Pen testing allows you to uncover a range of weaknesses that a criminal could exploit, such as poorly configured systems, potential flaws in pen testing software and hardware, and social engineering exploits.

Arctic Wolf Named A 2021 Gartner Peer Insights Strong Performer for Vulnerability Assessment

Arctic Wolf has been recognized as a November 2021 Gartner Peer Insights Strong Performer for Vulnerability Assessment. Gartner categorizes the Vulnerability Assessment market as “vendors that provide capabilities to identify, categorize and manage vulnerabilities. These include unsecure system configurations or missing patches, as well as other security-related updates in the systems connected to the enterprise network directly, remotely or in the cloud.”

Improving Edge Computing Security in 2022

More organizations are turning their eyes to edge computing as cloud adoption reaches new heights. Experts predict there will be 55 billion edge devices by 2022 as latency and resilience demands grow and 5G makes these networks possible. While this growth is impressive, it raises several security concerns. Edge computing expands attack surfaces, and data centers lack the resources of traditional cloud infrastructure.

Ransomware 2021 - The Bad, The Bad & The Ugly

Ransomware remains a growing and increasingly problematic threat to organizations across all industries. Posing a significant and increasing threat throughout 2021, ‘Big game hunter’ ransomware campaigns, orchestrated by highly sophisticated organized cybercriminal groups, continue to compromise and extort high-value ransoms from victim organizations across all industries.

What are Open Ports - Learn what open ports are and why they're essential

Open Ports are essential for you to have a safe internet experience. Learn what open ports are and why they're important for you to have a secure connection! Cyphere is a UK-based cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.

Understanding Saudi Arabia's new Personal Data Protection Law

The processing of data is a long-standing debate among governments, businesses, and tech giants alike. Major corporations are identifying data privacy violations and sharing how personal data should be handled and shared ethically. Government entities have framed their own laws on data protection and privacy to protect the personal data of their residents.

IT-OT Convergence and Log4j

By now, we’re all likely tired of talking about Log4j and nodding our heads over Zoom when we all discuss the ramifications of exploitation of this small, but very pervasive and powerful vulnerability. At the risk of adding another layer of complexity to the information we have learned about Log4j, I think we are remiss not to mention IT-OT (Information Technology-Operational Technology) convergence and how it could be an enabler for Log4j to impact our critical infrastructure.

CVE-2021-44832: A New Medium Severity Vulnerability Was Found in Log4j

Another — though unlikely — vulnerability was discovered in Log4j’s latest versions: CVE-2021-44832. This is an Arbitrary Code Execution exploit using, yet again, the now infamous JNDI functionality. The vulnerability lets an attacker with control over the Log4j configuration set a malicious datasource for the JDBC (Java DataBase Connectivity API) appender. The datasource refers to an attacker-controlled JNDI URI that will execute arbitrary code on the application using Log4j.

Top 7 Cybersecurity Regulations in the Financial Industry that you Need to Know

Cybersecurity incidents aren’t rare for businesses now. In fact, in the first 6 months of 2021, around 1767 data breach incidents rocked the business world and exposed more than 18 billion records. And one of the hardest-hit industry verticals from threatening cyber-attacks is the financial industry.

OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt

Following the Dec. 9, 2021, announcement of the Log4j vulnerability, CVE 2021-44228, CrowdStrike Falcon OverWatch™ has provided customers with unrivaled protection and 24/7/365 vigilance in the face of heightened uncertainty. To OverWatch, Log4Shell is simply the latest vulnerability to exploit — a new access vector among a sea of many others.

Digital signatures must use MFA

Digital signatures are increasingly used in companies and public administrations. However, without adequate cybersecurity measures, this method can be a vector for cybercriminals and fraudsters: through social engineering they can dupe signer victims into believing a document is legitimate and, through their signature, obtain authorization to carry out other operations without their consent, among many other malicious activities. So, how can we avoid this?

CVE-2021-44832: New Vulnerability Found in Apache Log4j

A new vulnerability was discovered in the Apache Log4j library. Tracked as CVE-2021-44832, this bug may allow arbitrary code execution in compromised systems when the attacker has permissions to modify the logging configuration file. CVE-2021-44832 has received a CVSS score of 6.6 out of 10, and it affects all versions of Log4j from 2.0-alpha7 to 2.17.0, excluding 2.3.2 and 2.12.4. This is the fourth Log4j vulnerability addressed by Apache in December 2021.

SSH Keys are Passwords Too

Use of misused or stolen credentials is the number one cause of data breaches. Using Password123 is worthy of a good laugh, but there are other passwords that are used everyday: SSH keys and other tokens used to access critical infrastructure. Teleport recently commissioned a survey of 1000 IT, DevOps and Security professionals and found that passwords are the number one way of managing access to infrastructure.

Will Zero Trust Shape the Future of Cloud Security?

Zero trust is everywhere, and it will change the way we undertake security. Just as zero trust concepts are shaping the data center and our networks, they will shape cloud environments, as well. Many of the challenges of cloud security arose because we moved workloads to the cloud with no clear idea of how to secure them. Zero trust provides exactly those ideas.

11 Steps to Secure SQL in 2022

Whether you’re running Microsoft’s SQL Server (soon to run on Linux) or the open source MySQL, you need to lockdown your databases to keep your data private and secure. These 11 steps will guide you through some of the basic principles of database security and how to implement them. Combined with a hardened web server configuration, a secure database server will keep an application from becoming an entry point into your network and keep your data from ending up dumped on the internet.

What are Traffic Bots? Methods to detect and stop Bot traffic!

Bot traffic is a type of traffic that is generated by automated programs, or bots. These bots can be used to generate fake traffic for testing purposes or to engage in malicious activities. Malicious bot traffic is a huge problem for many website owners, and bot detection can be difficult. There are various types of bot traffic that you need to watch out for. In this guide, we will discuss their different types and how to combat them!

Netacea announces new £8.5m investment

Manchester, UK – 22nd December 2021 – Netacea, the bot detection and mitigation specialist, today announces that its parent company Intechnica has completed a new £8.5m funding round with Mercia Asset Management PLC (AIM: MERC). The investment will accelerate Netacea’s growth in the UK and the US. Netacea is a fast-growing cybersecurity business that detects and mitigates against bot attacks that target mobile, web and API applications.

What is Domain Hijacking? Tips to Protect yourself

Domain hijacking is the act of domain name theft. It can happen to individuals or organisations and it’s increasing in frequency. The name may be hijacked by someone else who passes themselves off as you, tricks your domain registrar into transferring your domain to them, or hacks into your account (sometimes through phishing) and transfers it themselves.

Low-code Security Risks: 7 Sins and How to Overcome Every Single One

Low-code security vulnerabilities can be deadly - but not for you. Learn how to mitigate all the risks involved by downloading our free whitepaper “7 Deadly Sins of Low-Code Security and How to Avoid Them”. If you’ve followed our last two blog posts, you should already be familiar with the reasons why organizations that are undergoing digital transformation are turning to low-code development.

Axis Client Deployment Options

In this video, we will walk through the different options Axis Security provides to obtain the Axis client. End users will learn where to download the Axis client for self enrollment and the admins will learn where they can download the Axis client to deploy through some type of MDM, or enterprise software deployment tool.

AWS Pentest Beginners Guide - Tools and Techniques

AWS Penetration Testing Guide This video is an informational video about the pentesting service we offer at Security Audit. Here you will learn how our pentesting team can help you with AWS penetration testing and what it entails. Cyphere is a UK-based cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.

Snyk Log4Shell Stranger Danger Live Hack (APJ)

Note: As of Dec. 28, 2 PM PST, we recommend upgrading to the latest Log4j version. We give a brief overview of the vulnerability and dive right into some examples of the exploit in action. We then show several real-world remediation approaches as well as other fixes outside code.. We give a final round of fun demos, including container and IaC hacks as well as Java-based game hacks. We wrap up with a great list of takeaway resources and answer your questions.

CrowdStrike Strengthens Exploit Protection Using Intel CPU Telemetry

CrowdStrike’s goal is to stop breaches — and we do that better than any cybersecurity company in the world. As attackers advance their tactics and techniques, we continually refine our tools and capabilities to stay ahead of them. We recently added a new feature to the CrowdStrike Falcon® sensor: Hardware Enhanced Exploit Detection, which uses hardware capabilities to detect complex attack techniques that are notoriously hard for software alone to detect and prevent.

5 Tips for a Successful Teleport Proof of Value Evaluation

Most car purchases start with a test drive. Increasingly, enterprise software purchases (including security software) are made the same way. These evaluations are often called a Proof of Concept or PoC. This term is a great fit for lots of situations, especially when the solution evolves a novel way of combining established tools or a hard-to-define use case that can only be judged in practice.

Cybersecurity Predictions for 2022

2021 was a busy year for the cybersecurity industry. It began in January, as we were just beginning to understand the impact and massive scope of the SolarWinds attack. Then Kaseya happened. Then the Colonial Pipeline was breached. And now, as 2021 comes to a close, we’re in the early days of the Log4j crisis that will take all of next year—if not longer—to fully unpack, understand and mitigate.

Pet surveillance with Falco - Home Security

If you are here, chances are that your pet is always running around, destroying things in your sweet house. We will show you how to enrich Falco security through a smart plugin that may not stop your pet from bad behavior, but will at least warn you when it does misbehave! Out of the box, Falco is denoted as the cloud-native runtime security project. Recently though, it gained support for plugins, in other words, shared libraries that provide external event sources. What does that mean?

New Log4j 2.17.1 fixes CVE-2021-44832 remote code execution but it's not as bad as it sounds

As previously predicted to unfold, at approximately 7:35 PM GMT, 28th of December 2021, another security vulnerability impacting the Log4j logging library was published as CVE-2021-44832. This new CVE-2021-44832 security vulnerability is affecting versions up to 2.17.0, which was previously thought to be fixed. This vulnerability is similar in nature to CVE-2021-4104 which affected the 1.x branch of Log4j.

What is ITAR Compliance?

Most organizations, especially those in the defense trade, are finding themselves on the spot when their prime contractors ask them whether they are ITAR Certified and ITAR Compliant. Some contractors even want to know the steps you're taking to meet this regulation. As a chief information security officer, you've probably heard of CPA and GDPR compliance and their role in consumer data. But, how well are you versed with International Traffic in Arms Regulations (ITAR)?

The Top 59 Cybersecurity Conferences in 2022

Looking to 2022, cybersecurity and business leaders are looking forward to digital and in-person conferences. Cybersecurity conferences offer everyone a way to connect, learn, and share. We’ve compiled a comprehensive, chronological list of cybersecurity conferences that you want to attend in 2022.

Protect Your Organization by Cultivating a Culture of Cybersecurity Awareness

The cybersecurity market offers excellent solutions and services to combat the threats that are exploited by cybercriminals. However, are these tools enough to fully protect an organization? It is clear that human error is a strong attack vector for many popular cybercrimes, so the best way to augment any security program is to create a cyber-aware workforce. After all, with the correct training and education, the front-line staff can become one of the most effective allies in preventing an attack.

A Year of Threat Intel: Looking Back at SpiderLabs Research in 2021

2021 will go down in the record book as another critical year in the cybersecurity sector, with high-profile ransomware campaigns and supply chain attacks making national headlines. The elite Trustwave SpiderLabs team was in the trenches for our clients around the world -- providing key insights, threat intelligence, and breakthrough research on a wide array of vulnerabilities and malware. Take a journey through some of the most-read research from Trustwave SpiderLabs in 2021.

Random but Memorable - Episode 8.5: Watchtower Awards 2021 Special

It's the end of another year and what better way to look back at the highs and lows than with the Watchtower Awards! 🏆 Strap yourselves in as we revisit some of the worst data breaches and most memorable tech moments of 2021. Want to know what will come out on top? Tune in to find out! 🏆 Anna also shares yet another terrible security joke, and we wrap up with our final thoughts from a rollercoaster year of podcasting.

LDAP Server Guide - How Does It Work?

Understanding LDAP servers can be confusing, but it doesn't have to be. In this video, I try to explain the basics of how they work and what you should know about them before setting one up for your company. Cyphere is a UK-based cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.

Fixing the Log4j Vulnerability with WhiteSource

The announcement of Log4j vulnerability cve-2021-44228 sent security and development teams into a tailspin and highlights the one of biggest challenges of open source security: dependency management. The open source libraries that make up up to 80% of our applications are often a tangled web of dependencies.

Malvertising: The enemy of shoppers everywhere

You’ve seen suspicious ads. Some were obvious — ads that claim your browser is infected with malware and you need to click immediately to remedy the situation — but likely, some weren’t obvious at all. They just looked like regular ads, and might have appeared on a site you trust. You didn’t know it (and hopefully didn’t click) but some of the ads you see regularly are malvertising.

The Essential Guide to Slack Data Loss Prevention (DLP)

DLP ensures confidential or sensitive information (like credit card numbers, PII, and API keys) isn’t shared outside of Slack by scanning for content within messages and files that break predefined policies. DLP is important for both security and compliance reasons. With DLP in place, you’ll be able to.

Cybersecurity: When Stress and Trauma 'Get in the Way'

This blog contains a discussion about stress, trauma, and domestic violence. This may be difficult for some readers, and given the alarming figures around Post-Traumatic Stress Disorder (PTSD), trauma, and early life experiences (ACEs), this will likely concern at least a small population of readers. Please take care of yourself when reading this and break off from reading if you feel the need to.

Sensitive Data: What is it, and why you should never share it.

What is sensitive data? Sensitive data can be any type of information that you may not want to share. The scope of what falls into this category is vast, but includes things like your name, address, phone number and social security number. Watch this video for more on the different types of sensitive data and why you should never share it!

MFA everything!

This session will discuss what MFA is, why it is critical to use it for all access, and strategies for implementing MFA across an organization. This presentation will also include a brief demo showing how open source software can be used to help enforce MFA when accessing servers, databases, web applications, and Kubernetes clusters. Speaker: Jonathon Canada

How To: Mitigate Log4j Vulnerabilities with the Forescout Platform

Learn how to detect vulnerable managed assets with eyeSight and potentially exploited endpoints with eyeInspect. To download the latest Security Policy Templates, login to the Customer Support Portal. For the latest IOC / Industrial Threat Library - Please log into the Forescout OT/ICS portal.

Cybersecurity Architecture: A Complete Guide to Preparing Your Organization for a Cyberattack

What is cybersecurity architecture? Is your company's cybersecurity architecture prepared for the future? This video will give you everything you need to know about how to prepare your organisation and make sure it is ready for any threats in the years ahead. Cyphere is a UK-based cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.

Europol IOCTA 2021 Report: The Key Takeaways

Europol, the European Union’s law enforcement agency, recently published the 2021 Internet Organized Crime Threat Assessment (IOCTA) report. The report, which is Europol’s flagship strategic product that provides a law enforcement focused assessment of evolving threats and key developments in the area of cybercrime, highlights the expansion of the cyber threat landscape due to the impact of the COVID-19 pandemic and accelerated digitization.

Fulfilling Security Requirements for the Transportation Sector

Protecting our critical infrastructure against the threat of ransomware remains a top priority for both the private sector and the federal government. In fact, a recent survey from Tripwire found that security professionals in both sectors still identify ransomware as a top security concern. More than half (53%) of respondents in that study said they were most concerned about ransomware, for instance.

Operationalizing the SOC of the Future

As technology continues to change rapidly, and so do the tactics cybercriminals use. Responding to these changes requires adapting your security operations center (SOC), or eventually, you may encounter a security incident. Security is a journey, not a destination. You don’t just become secure and move on to another project. Instead, you continuously observe, adapt, and improve.

Baselining and Hunting Log4Shell with the CrowdStrike Falcon Platform

Note: This post first appeared in r/CrowdStrike. First and foremost: if you’re reading this post, I hope you’re doing well and have been able to achieve some semblance of balance between life and work. It has been, I think we can all agree, a wild December in cybersecurity (again). At this time, it’s very likely that you and your team are in the throes of hunting, assessing and patching implementations of Log4j2 in your environment.

Why Energy Infrastructure is National Security and How to Protect It

I am writing this from my home office in Texas. Texas isn’t just my home. It is the home of the best brisket on the planet, some of the most iconic high tech brands in the world, and energy production that powers the global economy. In the morning, I might meet with one of the fastest growing SaaS companies in the country about achieving the rigorous FedRAMP certification so they can sell to federal agencies.

A Look Back at the Top Data Breaches of 2021

This past year was a banner year for cybercriminals. By the end of September, the Identity Theft Resource Center (ITCR) reported that the number of breaches that had taken place over the first three quarters of 2021 had exceeded the total number of breaches in 2020.

Devo's 2022 Cybersecurity Predictions: Part Two

In part one of our 2022 cybersecurity predictions series, Devo CSO Gunter Ollmann explained the rise of XDR, the detection-as-code and response-as-code movement, and the growing interest in security tools with built-in, on-demand expertise. In this second installment of our series, I share my take on how the cybersecurity landscape will evolve. Let’s dive into it.

From 0 to Log4j Vulnerability Management: 3 Easy Steps in 3 Minutes

Most enterprises, as well as small organizations globally are now painfully familiar with the Log4j2 vulnerability (CVE-2021-44228). It has taken over the lives of all cybersecurity professionals and it appears it is here to stay for a while. Most enterprises are scrambling for solutions, applying patches if they can find the vulnerability, and trying to implement mitigation strategies. But unfortunately what security teams are doing to tackle the Log4j beast is not always enough.

Advice for SMBs to Defend Against Log4j Attacks

It’s not just about the big name companies who are vulnerable to the Apache Log4j2 vulnerability (CVE-2021-44228). Tech small businesses – which offer customers digital products but which often have tight budgets and understaffed security teams – are an important story when it comes to the implications for Log4j exploits. Research now finds that almost all environments have vulnerable Log4j libraries.

Holiday shopping? Get an amazing 75% discount offer? A case study on evaluating a special holiday sale

Malicious actors always try to be creative and find new ways to trick people into a scam. In this case a new website is offering 75% discount on all Timberland shoes. The information looks almost identical to the original page, but when looking closer questions start to pop.

Sitdown With a SOC Star: 11 Questions With MRK's Managed Security Services Director Todd Pigram

Our “holiday” edition of Sitdown gives you the gift of Todd Pigram, who began his IT career in the late 1990s as a laptop repairman. His lengthy tenure in the IT space has truly come full circle, as his role now involves helping to protect those popular endpoints, especially vulnerable in the era of heavy remote work.

It takes a community: Responding to open source criticism post-Log4Shell

The last week has been a wild ride for just about everyone in the technology world due to the public disclosure of the Log4Shell vulnerability. As a developer security company, Snyk has built our business around proactive automation to identify and fix security issues in applications. To say we’ve been busy this week would be an understatement.

Log4Shell or LogThemAll: Log4Shell in Ruby Applications

The notorious Log4Shell vulnerability CVE-2021-45046, has put Log4j in the spotlight, and grabbed the entire Java community’s attention over the last couple of weeks. Maintainers of Java projects that use Log4j have most probably addressed the issue. Meanwhile, non-java developers are enjoying relative peace of mind, knowing that they are unaffected by one of the major vulnerabilities found in recent years. Unfortunately, this is an incorrect assumption.

COVID-19 Phishing Lure to Steal and Mine Cryptocurrency

Recently, we observed a malware spam campaign leveraging the current COVID-19 situation. The emails were sent from a compromised mailbox using a mailer script. The message contains a link leading to a Word document. The email takes advantage of a COVID-19 test mandate as a pretext to lure the unsuspecting user into clicking the link and downloading the document. Figure 1. COVID-19 themed malspam with link to the malicious document.

Log4Shell PoC exploit and mitigation demo on Kubernetes

Demonstration of an RCE against the Log4Shell / CVE-2021-44228 vulnerability on a PoC Java EE app running on Kubernetes. I also go over a few mitigation steps you can take to reduce your exposure to this and other such exploits. References mentioned in the video: Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

How Black Duck Addresses the Log4j Zero-Day Open Source Vulnerability

Synopsys experts will demonstrate how to use Black Duck to quickly discover and remediate open source security vulnerabilities like Log4j. Black Duck Software Composition Analysis (SCA) not only helps you address open source risk, but enables you to stay ahead of the next zero-day open source vulnerability with robust scanning, detailed and actionable security information and continuous monitoring and alerting.

What Financial Services Companies Need to Know About Infrastructure Access

Ding. That is the sound of the elevator opening on the ground floor of the One WTC building in New York. We’re both there for a meeting. You, as Director of Systems Engineering for a Financial Services provider, are presenting your plans to shore up the hybrid infrastructure used to run the bank’s new crypto-based services. I’m meeting with clients who are trying to rebuild their reputation, and SOC2 certification, after a data breach.

Snyk Container in 2021: Shifting container security all the way left

No matter how you slice it, the use of containers and Kubernetes continues to swell. And recent high profile vulnerabilities-that-shall-not-be-named have shown us how important container security is for an overall application security program. Protecting your own code, your dependencies, and the containerized services you use are all a must.

Snyk IaC in 2021: Leading infrastructure as code security for developers

With great automation, comes great risk. The advent of infrastructure as code brought about automation for the tedium of deploying, provisioning, and managing resources in public clouds with declarative scripts. However, this automation increased the importance of creating secure IaC scripts or configurations with cloud infrastructure misconfigurations being cited as the biggest area of increased concern (58%) from 2020 to 2021 in the 2021 Snyk Cloud Native Application Security report.

Elastic Security uncovers BLISTER malware campaign

The Elastic Security team identified a noteworthy cluster of malicious activity after reviewing our threat prevention telemetry. A valid code signing certificate is used to sign malware to help the attackers remain under the radar of the security community. We also discovered a novel malware loader used in the campaign, which we’ve named BLISTER. The majority of the malware samples observed have very low, or no, detections in VirusTotal.

2021 SANS Security Operations Center Report Offers Insight into Latest Industry Standards and Practices

A security operations center (SOC), which includes the people, processes, and technology needed to monitor, detect, analyze, and respond to cyber threats, is the foundation of many businesses’ cybersecurity. A SOC, however, is difficult to manage and maintain, requires significant budget and resources, and comes with many other challenges.

CrowdStrike Launches Free Targeted Log4j Search Tool

The recently discovered Log4j vulnerability has serious potential to expose organizations across the globe to a new wave of cybersecurity risks as threat actors look to exploit this latest vulnerability to execute their malicious payloads using remote code execution (RCE). An immediate challenge that every organization faces is simply trying to understand exactly where you have applications that are using this very popular Java library — but you are not facing this challenge alone.

Data Loss Prevention (DLP) for Salesforce

Salesforce houses high volumes of customer information, support tickets, quotes and files, synced emails, tasks & notes, and much more. This data can often be accessed by teams across the company who may leverage Salesforce to provide prospects and customers with a great customer experience. However, allowing sensitive data like PII and credit card numbers to live within Salesforce can pose security & compliance risks.

Use Egnyte to Guard Against Insider Threats from Outgoing Employees

One of the biggest societal trends of 2021 has been the “Great Resignation.” For a variety of reasons—including a robust job market and the ongoing impact of the global pandemic—an average of 3.8 million U.S. workers quit their jobs on a monthly basis so far this year. That’s on pace to be the highest resignation rate on record, and the trend recently expanded to include international locations, such as Germany and Denmark.

Netskope Achieves 100% Threat Detection as Confirmed By SE Labs 2021 On-Demand Malware Detection Certification

Co-authored by Zhi Xu and Matt Allen We are proud to share that Netskope Threat Protection has received the 2021 On-Demand Malware Detection certification from prestigious SE Labs for a third consecutive year. Specifically, Netskope performed 100% threat detection on both known malware samples and unknown malware samples during tests conducted in December 2021, with a 0% false-positive rate.

Third-Party Risk Management Framework: How to Select the Right One

Third-party technology providers can confer huge strategic advantages to a business. It allows each organization to focus on their highest value activities, but there’s a downside; new cyber security risks come with each partnership. Third-party risk is now an integral part of business ecosystems. A solid risk management framework is required to manage risk and keep you and your customers safe.

The Changing Profile of the CISO: New Roles, New Demands, New Skills

The CISO’s role is never static. Over the last two decades, it has evolved beyond technical IT security. CISOs are now central to their organization when it comes to risk, compliance and governance. And this comes at a time when businesses are undergoing rapid change in the face of changing threats. In the past, the CISO or head of IT security has been an inward-facing role, ensuring compliance and keeping data secure. But that has changed, with cybersecurity teams more business oriented.

Top Cybersecurity Metrics (KPI) to Track

Cyber security KPI or other Key Performance Indicators are established in different areas of every organisation to track and monitor the progress towards attaining a certain goal or target. Cybersecurity is no exception here, and companies should maintain proper cybersecurity KPIs. There are many blog posts available around this topic but in this article, we have gathered a list of important cybersecurity KPIs that every organisation should consider.

A Review of Log4Shell Detection Methods

Ever since the public exploit of the Log4Shell remote code execution (RCE) vulnerability became known on December 10, 2021, security teams have been scrambling to understand the risk to their environments. Part of that scramble has been to ascertain which tools are best positioned to help detect the vulnerability. Which approaches are most effective and where do they fall short?

Notes on Cybersecurity and Operational Risk

Last week one of the country’s top banking regulators published its semi-annual report on risks to the financial system, and to no surprise cybersecurity risk was near the top. The more one ponders the findings, however, the more you can see insights about cybersecurity, internal control, and innovation that are worth the time of a compliance professional in any sector.

Snyk Log4Shell Stranger Danger Live Hack

In this recorded session, we present a live hack webinar on the Log4Shell exploit. We give a brief overview of the vulnerability and dive right into some examples of the exploit in action. We then show several real-world remediation approaches as well as other fixes outside code. We give a final round of fun demos, including container and IaC hacks as well as Java-based game hacks. We wrap up with a great list of takeaway resources and answer your questions.

Snyk Code Hands-on Workshop

Snyk Code is developer-first: embedding SAST as part of the development process, enabling developers to build software securely during development, and not trying to find and fix problems after the code is compiled. Snyk Code works in the IDEs and SCMs developers use to build and review software and provides fast, actionable, meaningful results to fix issues in real-time.

Hack Yourself Stockholm 2021 - David Jacoby, Jesper Larsson, Mathias Karlsson, and Shane Murnion

A recording of a panel discussion from Hack Yourself Stockholm 2021 on the theme of attack surface management. Hear the panelists discuss what organizations can do to find and better protect their external attack surface. Featuring security experts from: David Jacoby - Deputy Director for the European Global Research and Analysis Team, Kaspersky Jesper Larsson - Freelance IT-Security Researcher & Penetration Tester Mathias Karlsson - Head of Technical Security, Kivra Shane Murnion - Security Specialist, Skandia

Application Security: Strengthen, Secure and Protect Replay

With hackers waiting to exploit any weaknesses, it's no surprise that application security has become one of the industry’s top priorities. Watch this webinar replay and gain timely ‘how-to’ AppSec knowledge that will help you protect your web applications and improve their overall security—you'll even learn some tricks and tips of your own to outwit hackers.

Review API Scanning Prescan Results

In this video, you will learn how to review Dynamic Analysis prescan scan results for an API specification. After creating and submitting a Dynamic Analysis API specification scan, you can return to the list of Dynamic Analyses at any time to check for status updates and to view results. Please note, you must have the Creator, Reviewer, or Security Lead role to be able to view the results of a Dynamic Analysis, unless the results are linked to a Veracode application profile for which you have permission to view.

Review API Scanning Results

In this video, you will learn how to review Dynamic Analysis scan results for an API specification. After creating and submitting a Dynamic Analysis API specification scan, you can return to the list of Dynamic Analyses at any time to check for status updates and to view results. Please note, you must have the Creator, Reviewer, or Security Lead role to be able to view the results of a Dynamic Analysis, unless the results are linked to a Veracode application profile for which you have permission to view.

The NERC CIP standards are a set of mandatory requirements for North America's bulk electric system.

They are designed to secure the assets of these essential services. There are 11 standards in total, covering everything from the protection of critical cyber assets to security management, personnel & training, incident reporting, and recovery planning. In this free eBook we explore how the continuous network monitoring capabilities of eyeInspect can streamline your compliance with these NERC CIP standards, saving you considerable time and money.

Dynamic Network Segmentation: A Must Have in the Age of Zero Trust

The IT landscape is rapidly evolving to meet the demands of our digitally transforming world and a radically changed business environment that calls for always-on performance and agility at scale. As a result, client-server computing has given way to disruptive IT architectures that reshape business and ownership models. These include private and public cloud services, 'bring your own device' (BYOD), mobility and the Internet of Things (IoT).
Sponsored Post

The Battlefield vs Red Teaming - Where the Skills Collide!

It was early 2003 in central Iraq, a couple of hours before dawn, 30 degree heat, and everything had a green tint through the night vision goggles. I was on an operation with a team from the US Psychological Operations forces (psyops) and an ODA (Operational Detachment Alpha) from the US Special Forces. We'd spent days gathering HUMINT (Human Intelligence) and undertaking reconnaissance on the target. The ODA team was set up for the assault, the psyops were ready to run diversionary tactics and I was on the team providing comms and perimeter security. Authorisation was given from above, the operation began, and the sky lit up with tracer rounds.

Featured Post

Four learnings UK organisations can take from cybersecurity research in 2021

If the opinion of every UK business leader was surveyed back in February 2020, it's very likely cybersecurity wasn't at the top of their priority list. Fast forward to December 2021, and the reality is very different. Steep rises in data breaches, ransomware attacks and phishing scams in recent months, means many organisations are frantically trying to bolster their security operations, in a bid to keep pace with the evolving and progressively more complex cyber threat landscape they are now facing heading into 2022.

New Log4j flaw: 5 reasons why organizations should worry now

The world of cybersecurity has been constantly challenged since the pandemic started. With the dust still settling, a new concern has taken the entire cyber landscape by storm. A flaw in Log4j, a widely used Java-based logging library, allows hackers unbridled access to computer systems. The vulnerability (CVE-2021-44228) affects everything from the cloud to security devices. Attackers have come up with worms that can spread independently from one vulnerable system to another.

Top 4 Malicious Domain Incidents of 2021

Cybercriminals are increasingly using malicious domains as an attack vector. Our Internet Security Report Q1 2021 already detected a 281% increase in the number of domains blocked by DNSWatch over the previous quarter, and there has been significant activity in the past year with such links exploiting the interest in COVID-19.

Log4j Incident Update - Dramatic Turn of Events

Following December 9th, 2021, the news of a Log4j Remote Code Execution (RCE) vulnerability began to grow (Figure 1). In addition to various malware families that already have utilized this vulnerability and added it to their delivery methods arsenal, more vulnerabilities related to this case were published, making Log4j, once simple Java-based logging utility, “the talk of the internet” these days.

Protect User Credentials and Manage Access Rights to Prevent Brute Force Attacks

Brute forcing user credentials is one of the easiest ways for hackers to get access to protected resources. The fewer password and access protection measures an organization has in place, the easier it is to steal or guess credentials. During the pandemic and the switch to remote work, the security posture of many organizations weakened. As a result, the amount of brute force attacks spiked from 13% in 2019 to 31.6% in 2020 according to a Kaspersky report .

Blocking log4j with Response Actions - Sysdig Secure

The situation involving the log4j ( log4shell ) vulnerability has been rapidly evolving since its release a little over a week ago. A new exploit, CVE-2021-45046, was found which was not covered by the initial 2.15.0 patch. Not long after the 2.16.0 patch was released, another issue was found, CVE-2021-45105, which resulted in the release of 2.17.0. There is clearly a lot going on in the log4j library.

6 Questions IT Leaders Are Asking About Zero Trust Network Access (ZTNA)

Given the need to support hybrid work, Gartner heavily recommends that IT leaders consider a Security Service Edge (SSE) platform for the practical implementation of a zero trust strategy. An SSE platform largely incorporates these main technologies into a single offering: ZTNA, SWG, and CASB. Gartner recommends that SSE implementation should begin by prioritizing high areas of risk by replacing remote access VPN with a modern ZTNA solution.

How to evolve your organization into a data-centric security architecture

Defense strategies have evolved as hackers have changed their schemes, and one new approach companies are putting into practice for their security plan is data-centric security. Older security models focused on network infrastructure and hardware security controls while data-centric security concentrates on the data itself. This means data should be secure at all points regardless of where it is stored, processed, or where it is in transit.

What Is Data Logging?

Humio is a CrowdStrike Company. Data logging is the process of capturing, storing and displaying one or more datasets to analyze activity, identify trends and help predict future events. Data logging can be completed manually, though most processes are automated through intelligent applications like artificial intelligence (AI), machine learning (ML) or robotic process automation (RPA).

Snyk Open Source in 2021: A year of innovation

More than 90% of organizations rely on open source software, a reliance that introduces a significant amount of security and legal risk via either direct or transitive open source dependencies. To overcome this challenge, Software Composition Analysis (SCA) solutions are playing an increasingly important role in helping organizations successfully identify and mitigate potential security issues.

Snyk Code in 2021: Redefining SAST

Starting in early 2021, Snyk Code and became available as a freemium offering for Snyk users. Snyk Code helps developers quickly and accurately find, prioritize, and fix security flaws in proprietary code. With detailed remediation guidance at every stage of the software development lifecycle (SDLC), from the developer’s environment (IDE) to continuous integration and development (CI/CD) pipelines, Snyk Code revolutionizes static application security testing (SAST).

Leave SSL in the Dust, Turbocharge TLS with ALPN and SNI

As part of Teleport 8 we’ve made significant improvements to our routing, so much so the improvements have become a feature. Teleport 8 has new TLS routing that greatly reducing the port requirements needed for Teleport to run. Reducing the open network footprint down to a single port for your entire infrastructure and minimizing the attack surface. Want to know how we did it? Read on!

How fully remote companies can create a culture of security from day one

In 2020, millions of businesses were thrust into remote work. What started as necessity has revealed lasting benefits for both employers and employees, though. The model improved productivity and employee morale, while lowering operational costs. Between these benefits and the continued priority of worker safety, many startups are launching with a remote or hybrid approach from the outset.

The top 3 data security problems plaguing tech companies

Tech companies building cloud-native applications face a set of unique and rising data protection challenges. At Bearer, we had the chance to speak with 100+ data security and privacy professionals including Chief Information Security Officers, Directors of Security Engineering, Application Security Engineers, Data Protection Officers, Privacy Engineers, and many more. Here are the top concerns that keep them up at night.

Time for a Dynamic Software Bill of Materials (DBOM)

I recently read this article on, and it got me thinking. Why is an SBOM not dynamic and updated every time a release happens in your CI/CD pipeline? To keep up with the speed of DevOps, organizations are scaling back things like QA and SBOM updates to only look at the latest release and not focus on the components that were already part of their application architecture. Log4Shell shows that secure things don’t always stay that way.

CrowdStrike Services Launches Log4j Quick Reference Guide (QRG)

The Log4j vulnerability burst onto the scene just a few weeks ago, but to many defenders it already feels like a lifetime. It has rapidly become one of the top concerns for security teams in 2021, and seems set to remain so for the foreseeable future. The critical details of this threat evolve almost daily, making it a formidable challenge for defenders to keep tabs on the threat and their organizations’ exposure.

Recover from a Ransomware Attack with Egnyte's Self-Service Feature

Ransomware is on the rise and shows no signs of slowing. In the past year alone, major ransomware attacks have hit just about every major industry, including health care, physical infrastructure, digital infrastructure, and food. It’s no longer a matter of if, but when an organization will be attacked, which is why most companies now spend considerable resources to defend against ransomware attacks.

Netskope Advanced Analytics Simplify Risk Management Across Roles (Part 1)

Risk management doesn’t belong to one person or department at an organization. It’s a shared effort—partly because it touches on multiple roles at a company and partly because it is a massive and complex undertaking. Successful CISO’s use risk management visualization and reporting to provide a clear and easy way to understand the value of their security program.

Log4j Blindspots: What Your Scanner Is Still Missing

The popularity of the Log4j library, coupled with the ease of exploitability and severe potential impact, means Log4Shell’s blast radius is enormous – that’s old news by now. However, what’s being revealed these last few days is not just how popular it is, but how deeply rooted it is in the software we use – and this depth is creating some unique challenges in detecting it.

The Building Blocks of Neo Bank Security

Neo banks are fighting an uphill battle. Not just because they have to convince consumers to choose them over long-established institutions, but also because legislators often lack the understanding of technology as well as the eagerness to give them a fair chance. From strict AML laws and KYC processes to fraudsters and criminals looking to take advantage, neo bank security is a major concern.

How Tripwire Can Be a Partner on Your Zero Trust Journey

In a previous blog post, I discussed the different applications of integrity for Zero Trust and provided four use cases highlighting integrity in action. The reality is that many organizations can’t realize any of this on their own. But they don’t need to. They can work with a company like Tripwire as a partner on their Zero Trust journey. Let’s explore how they can do this below.

Cybersecurity in 2022 and Beyond

It’s that time of year that the usual happens. Christmas crackers with bad jokes. Holiday specials on TV (constantly). And cyber specialists like me make predictions about the year to come. With the help of insights from Gartner and my own views on what we are likely to see in 2022, I think I can help you with a couple of these. Firstly, it’s worth knowing that Gartner’s predictions come from Gartner IT Symposium/Xpo Americas, which ran virtually in October 2021.

What Is Digital Risk Management?

A digital security risk is any action or event that could cause loss of or damage to computer software, hardware, data, processing capability, or information. Digital risk management is an organization’s effort to keep such risks at acceptable levels. It’s crucial to understand that a risk is not the same as vulnerability. A risk is any event that could lead to an undesired outcome or loss. A vulnerability, on the other hand, is a weakness that can be exploited.

2021 Highlights and Insights: Netacea's Top 5

2021 has been a whirlwind of a year for most, with lockdown restrictions easing, businesses re-opening, and people finally being able to see their family and friends in person again. For Netacea, 2021 has been all about strengthening our remote-first team and finally venturing back into the office to meet new and old colleagues face to face once again.

Ugly Sweaters, Season's Greetings, and Cybersecurity Advice - Marketing Support

The pressure of creating products customers want to use while growing a business can take away from important priorities. Luckily, WatchGuard can support you with your marketing, whether that be web marketing, advertising, trade shows, and so much more.
Featured Post

Cybersecurity Predictions To Help Your Business Stay Safe

Cyberattacks are not a recent phenomenon, but their risk is growing. 2021 has proven that these hacks are occurring more frequently and that even the most sophisticated organisations can be threatened. The reality is that these cyberattacks will continue to be an enormous threat in 2022. Below, we have collated predictions from top cybersecurity executives on how to navigate these new challenges and ensure that your business stays safe in 2022.
Sponsored Post

Discovering vulnerable Log4J libraries on your network with EventSentry

Just when the Microsoft Exchange exploit CVE-2021-26855 thought it would win the “Exploit of the year” award, it got unseated by the – still evolving – Log4J exploit just weeks before the end of the year! Had somebody asked Sysadmins in November what Log4J was then I suspect that the majority would have had no idea. It seems that the biggest challenge the Log4J exploit poses for Sysadmins is simply the fact that nobody knows all the places where Log4J is being used.

Other Ways Remote Work Has Changed Businesses

As the pandemic continues and employees are finding themselves “stuck at home” for the foreseeable future, companies are coming up with new ways to approach overall wellbeing for their employees. Things like breakroom snacks, on-site gyms, and commuting passes are less appealing and don’t make a lot of sense. So, companies are getting creative in the ways they support their employees during remote work. Here are some of our favorite examples.

Will China's Personal Information Protection Law be a game-changer for data security?

20th August 2021, dawned a new era for China’s cybersecurity with the passing of China’s Personal Information Protection Law (PIPL) which is the first comprehensive legal attempt to define personal information and regulate its storing, transferring, and processing.

Four cybersecurity predictions for 2022

2021 has been another challenging year for businesses, not least because of the ongoing wave of cyberattacks. Everyone is hoping for some good news in 2022, but realistically, cybercrime slowing down won’t be on the agenda. Cybersecurity and avoiding the threat of data breaches is going to be front of mind for many going into next year. We’ve spoken to two members of our leadership team who’ve shared their thoughts on four trends we’re likely to encounter in 2022.

The Top 9 Cybersecurity Predictions for 2022

Cyberattacks are constantly evolving as criminals discover new ways to crack strong networks or automate attacks to target vulnerable systems. Nowadays, it seems as if cyberattacks are everywhere you look. In 2021, we faced many new attack vectors as the shift to remote work challenged traditional work operations, and we are likely to see those continue well into 2022.

Deep Dive Into PYSA Ransomware - The Monitor, Issue 18

PYSA is the most recent ransomware variant known distributed by the Mespinoza Ransomware as a Service (RaaS) gang, which has been infecting victims since 2019. Kroll has consistently observed PYSA in our incident response engagements since 2020 and has noted an increase in frequency of this variant since the second quarter of 2021. Our analysis shows PYSA is opportunistic and not restricted to one sector or geographical area.

Security Service Edge (SSE) Considerations for the Future of Work

As we all learn how to practically apply the emerging technology of Secure Service Edge (SSE), here is a significant SSE use case—perhaps the most significant, at least in our immediate future. Looking ahead to 2022, many businesses will no doubt have return-to-office plans at the front of their minds. But coming back to the office brings its own unexpected risks that security leaders need to be ready for.

Passwordless Remote Access to Windows Servers and Desktops

During my time as a penetration tester, I’ve seen many IT teams storing server catalogs with respective IP addresses and passwords in a sharable Excel sheet. This is more so true in windows server infrastructure as many organizations resort to password-based auth for local and remote access. Of course, security-conscious organizations would use a password vault. But in any case, password storage in any form is often an Achilles heel in infrastructure security.

CrowdXDR Alliance Expands to Help Security Teams Identify and Hunt Threats Faster

CrowdStrike is proud to announce that Armis, Cloudflare and ThreatWarrior have joined the open CrowdXDR Alliance. The addition of these industry leaders enhances XDR with telemetry from cloud, network and Internet of Things (IoT) solutions.This best-of-platform approach to XDR will help solve real-world productivity challenges that security teams face by empowering them to identify and hunt threats at accelerated speed and scale.

Snyk makes it easier to fix Log4Shell with extended free scans

Due to the recently discovered Log4Shell vulnerability, and to support the tremendous effort being mounted by the community to address it, we are happy to announce that we are increasing the free test limit in Snyk Open Source! This means that any developer, no matter the company or project, can now use Snyk Open Source to find and fix Log4Shell with double the number of free tests, whether it’s within your IDE, your Git repositories, CI environments, or using the Snyk CLI.

The Log4j2 Vulnerability: What to know, tools to learn more, and how Elastic can help

Welcome to Elastic’s Log4j2 vulnerability information hub. Here we will explain what the specific Log4j2 vulnerability is, why it matters, and what tools and resources Elastic is providing to help negate the opportunity for malware exploits, cyberattacks, and other cybersecurity risks stemming from Log4j2.

View and Annotate CAD Files in Field Quickly and Inexpensively

Everyday thousands, if not millions, of dollars are wasted on delays and reworks caused by project teams not having access to the latest files. And while there are myriad reasons for this waste, one of the biggest culprits is field teams' inability to easily access CAD files on-site. Computer-aided design, or CAD, has become the backbone of most construction projects because its precision improves design quality and facilitates better communication through documentation.

What are Indicators of Attack (IOAs)? How they Differ from IOCs

Indicators of Attack (IOAs) demonstrate the intentions behind a cyberattack and the techniques used by the threat actor to accomplish their objectives. The specific cyber threats arming the attack, like malware, ransomware, or advanced threats, are of little concern when analyzing IOAs. Instead, only the sequence of events leading to the deployment of a cyber threat are considered in this cybersecurity strategy.

What is LDAP? How it Works, Uses and Security Risks in 2022

The Lightweight Directory Access Protocol (LDAP) is an open-source application protocol that allows applications to access and authenticate specific user information across directory services. LDAP is a lightweight version of Directory Access Protocol (DAP) LDAP works on both public networks and private intranets and across multiple directory services, making it the most convenient language for accessing, modifying, and authenticating information in any directory.

Major Updates to the Cybersecurity Maturity Model Certification: What You Need to Know

The United States Department of Defense (DoD) views securing the supply chain and the Defense Industrial Base (DIB) as one critical pillar in protecting national security. Dedicated security requirements exist for the protection of federal information systems as well as classified information based on the NIST 800-53 standard. However, several years ago, a gap was identified in the security requirements for the protection of non-federal systems and controlled unclassified information (CUI).

Revisiting the Relevance of the Industrial DMZ (iDMZ)

If you enter the term “Purdue Model” into your favorite search engine, the resulting images will vary considerably. There’s almost no better way to stir up an Operational Technology (OT) security conversation than to begin debating what belongs on Level 1 or Level 3 of the model. You might even find some diagrams place operator Human-Machine Interfaces at Level 3. Notably, the original 1990 publication defines “operator’s console” as a Level 1 entity.

Software Bill Of Materials: What is an SBOM and How Do I Use It?

Just like you’d find all the ingredients on a package of food, a software bill of materials is a list of all the components contained in a software product. Vendors typically create these bills to describe what the components are. In addition, a Software Bill of Materials also includes information about these components’ dependencies and their hierarchical relationships.

CVE-2021-45105: New DoS Vulnerability Found in Apache Log4j

Just a few days after CVE-2021-45046 was released and fixed, a third zero-day vulnerability was discovered in Apache Log4j, tracked as CVE-2021-45105. The bug was reported on December 15, 2021, and disclosed on December 18, 2021. This third vulnerability has received a CVSS score of 7.5 out of 10, whereas the first one known as Log4Shell (CVE-2021-44228) received the maximum CVSS score of 10 due to its criticality.

11 big predictions for cybersecurity in 2022

After the Covid-19 pandemic accelerated digital transformation and shifted businesses to online first, cyber-attackers exploited a broader, more sophisticated attack vectors. The rollout of 5G, reliance on supply chains, and increased use of application programming interfaces (APIs) means businesses have more cyber-related vulnerabilities.

SecurityScorecard CISO Mike Wilkes talks about 2022 Cybersecurity Predictions

There's never been a more important time to strengthen your cybersecurity posture. Hear what SecurityScorecard's Chief Information Security Officer, Mike Wilkes, has to say about 2022 Cybersecurity Predictions. He'll also share key ways you can improve your cyber posture going into the new year.

Live Hacking: Find Vulnerabilities in Your Apps Before Hackers Do

As cloud-native technologies disrupt the Application Security (AppSec) market, forward-thinking enterprises are shifting their security to the left. A range of cutting-edge security platforms is now available, empowering developers to build secure applications within the development process. But what do secure applications look like, and why does it matter? Why are enterprises implementing security during the deployment phase?

The CrowdStrike Falcon OverWatch SEARCH Threat Hunting Methodology

The CrowdStrike®️ Falcon OverWatch™️ team is one of the industry’s most sophisticated threat hunting teams, responsible for continuous hunting across a massive global data set. Key to the team’s success is OverWatch’s carefully tuned methodology, SEARCH, which supplies the framework needed to balance the people, process, and technology, providing successful threat hunting results every minute of every day and leaving the adversary nowhere to hide.

Using Arctic Wolf's Open Source Log4Shell Detection Script

After successful deployment to Arctic Wolf’s customer community of more than 2,300 organizations worldwide, Arctic Wolf’s Log4Shell Deep Scan is now publicly available on GitHub. Log4Shell Deep Scan enables detection of both CVE-2021-45046 and CVE-2021-44228 within nested JAR files, as well as WAR and EAR files.

Advanced Custom Fields

Advanced concepts in custom measures. Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, Netskope is fast everywhere, data-centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.

How to Find and Eliminate Blind Spots in the Cloud

Visibility in the cloud is an important but difficult problem to tackle. It differs among cloud providers, and each one has its own positive and negative aspects. This guide covers some of the logging and visibility options that Amazon Web Services (AWS) and Google Cloud Platform (GCP) offer, and highlights their blind spots and how to eliminate them.

Reduce Active Directory Security Risks

Since a majority of the breaches are credential based, securing your multi-directory identity store - Microsoft Active Directory (AD) and Azure AD - is critical to protecting your organization from adversaries launching ransomware and supply chain attacks. Your security and IAM teams are concerned about securing AD and maintaining AD hygiene - and they need to be in sync, for example, to ensure that legacy and deprecated protocols like NTLMv1 are not being used and that the right security controls are in place to prevent breaches in real time.

Log4j Vulnerability CVE-2021-45105: What You Need to Know

A third Log4j2 vulnerability was disclosed the night between Dec 17 and 18 by the Apache security team, and was given the ID of CVE-2021-45105. According to the security advisory, 2.16.0, which fixed the two previous vulnerabilities, is susceptible to a DoS attack caused by a Stack-Overflow in Context Lookups in the configuration file’s layout patterns. What is this CVE about? What can you do to fix it? How does it differ from the previous CVEs?

CISO Interview Series: What Are Some of the Key Components to Succeeding as a CISO in Today's Business Environment?

The role of the modern CISO is more than understanding the technical side of the business. In fact, the role consists of even more than understanding the business side of the business. When I spoke with Ian Thornton-Trump, he was able to shed light on how important effective communication and team-building are to the overall success of a modern CISO. His insights can be valuable to any person currently in a CISO position and also to anyone looking to embark on the path to becoming a successful CISO.

AuthPoint Risk Framework - Geofence Risk Policy

The geofence risk feature is available in WatchGuard Cloud and provides advanced risk-based authentication capabilities to customers and partners. Two key benefits include enhanced real-time incident management and limited exposure by configuring rules that block attempts from unauthorized geographies.

Detecting Log4j exploits via Zeek when Java downloads Java

We have published an initial blog on the Log4j exploit and a followup blog with a second detection method for detecting the first stage of exploits occurring over LDAP. Today, we will discuss a third detection method, this one focused on the second-stage download that happens after the first stage completes. In this case, the JVM will download additional Java code payloads over HTTP.

Log4j 2.16 High Severity Vulnerability (CVE-2021-45105) Discovered

Overnight, it was disclosed by Apache that Log4j version 2.16 is also vulnerable by way of a Denial of Service attack with the impact being a full application crash, the severity for this is classified as High (7.5). Snyk is currently not aware of any fully-fledged PoCs or exploits in circulation. CVE-2021-45105 has been issued, and a new fixed version (2.17) has been published by Apache which we recommend upgrading to.

Ultimate Guide to DevSecOps

DevSecOps meaning (Development, Security, and Operations) primarily aims to automate security in each part of the software development lifecycle. This modern approach to the way software development companies integrate security is a far cry from the past when security was often an afterthought. Furthermore, software security was implemented and tested by an external team, creating a disjointed process.

What is Dynamic Application Security Testing (DAST)?

DAST, meaning Dynamic Application Security Testing, is a form of black-box security testing. It simulates external attacks on a live application, checking for vulnerabilities. DAST tools don't have access to the source code. Instead, they’re only able to check for vulnerabilities that get exploited by bad actors. Generally, DAST runs in a QA environment, and it has to be running on a functional product. This means that DAST is usually run towards the end of a development cycle.

Part 4: Using Veracode From the Command Line in Cloud9 IDE

It’s Clint Pollock, principal solutions architect, here for the final lesson in the four-part series on how to use Veracode from the command line in the Cloud9 IDE to submit a software composition analysis (SCA) scan and a dynamic scan. To start, if you’re looking to leverage the Veracode API signing docker image with the Veracode rest APIs, go to the Help Center, go to the Rest API section, and take a look at the available options.

Five worthy reads: Congratulations! You have just been socially engineered

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about social engineering, its types, its evolution, and how to avoid falling victim to a social engineering attack. Kevin David Mitnick is considered one of the most famous social engineers among the IT community. Kevin is now a top cybersecurity speaker and a best-selling author.

Has the pandemic increased the burnout rate in the Cybersecurity profession?

In the last 18 months, many people have learned a lot about themselves. The solitude of lockdowns, isolation, remote work, and seemingly endless video meetings have taxed everyone’s mental health. One would think that cybersecurity would have been unaffected by these shifts in working environments and habits. After all, many of us are introverted by nature, which is one of the reasons often cited as why we gravitated towards technology as our chosen path.

Database Security: How Cloud DLP Can Help Protect Sensitive Data

Some of the most damaging data leaks have resulted from poor database security. In March 2020, 10.88 billion records were stolen from adult video streaming website CAM4’s cloud storage servers. In March 2018, 1.1 billion people were the victim of a breach of the world’s largest biometric database, Aadhaar. And, in April 2021, 533 million users had their information compromised when a Facebook database was leaked on the dark web for free.

What is supplier due diligence?

Supplier due diligence is an action taken by an organisation to identify and understand the credibility and suitability of a prospective partner or vendor. Conducting supplier due diligence can help guide decision-making when choosing the right vendor, detect risks with potential suppliers and protect customer data in the process. It's also considered good business practice and can help mitigate future financial and reputational damage caused by a data breach.

Weekly Cyber Security News 17/12/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. If you have been (luckily) hiding under a stone this week you might not be aware of a major global infosec disaster that has been on going unfolding since last weekend. As usual it is a key component included in so many other products that has a 0-day. You might want to check Twitter right away…

The Security Service Edge: EXPLAINED

Security service edge (SSE) will be one of the most talked about subjects in 2022, and beyond. The problem is not many IT leaders understand what SSE is, how it differs from SASE, what to look for when selecting one, or the value they provide for the business. In the video below I demystify SSE. Enjoy. If you are interested in learning more about SSE feel free to speak with our team here at Axis! We’d be happy to provide a quick demo of our SSE platform

SecurityScorecard Finds Log4j Active Exploitation from Nation State Actors

There's little question that you've already heard about the recently discovered security flaw related to Log4j, a widely used Java library for logging error messages in applications. The vulnerability enables a threat actor to remotely execute commands via remote code execution (RCE) on nearly any machine using Log4j. But it's also important to cut through all of the noise to truly understand the implications of the Log4j and what organizations can do to combat it.

How Kroll is Handling CVE-2021-44228 (Log4J / Log4Shell)

A critical vulnerability has been recently discovered in the Apache Log4j Java logging library (CVE-2021-44228), a library used in many client and server applications. The Log4j library is commonly included in Java based software including multiple Apache frameworks such as Struts2, Solr, Druid and Fink. The library provides enhanced logging functionality for Java applications and is commonly used in business system development.

Locking Your Domain Name Helps Fight Cybercrime

Ransomware and cybercrime have had a major presence in the media this past year with some very prominent attacks happening in 2021 making headlines as well as government-issued executive orders emphasizing the need for stronger cybersecurity. This has resulted in many organizations taking action to bolster their security efforts which can make it difficult for cyber criminals to successfully conduct their attacks.

Simulating, Detecting, and Responding to Log4Shell with Splunk

For more information on how to respond to the Log4j vulnerabilities using Splunk products, please see our Log4Shell response overview page. Like most cybersecurity teams, the Splunk Threat Research Team (STRT) has been heads-down attempting to understand, simulate, and detect the Log4j attack vector. This post shares detection opportunities STRT found in different stages of successful Log4Shell exploitation.

Log4j Doesn't Have to Dampen Your Holiday Spirit - Remediate Quickly with the Right Tools

Given the holiday season, I suppose it’s timely to label the recent Log4j vulnerability as the “vulnerability gift that just keeps on giving.” A quick scan of the headlines is all one must do to understand my sarcasm: Cyberscoop reports that The US Cybersecurity and Infrastructure Security Agency (CISA) warns that the Log4j vulnerability will likely affect hundreds of millions of devices and that the vuln “is one of the most serious…if not the most serious” seen by t

Review and Approve GxP Documents with Egnyte

Multiple team members within a life science company may need to periodically review and approve GxP documents for compliance purposes, including those on the clinical, regulatory, quality and product teams. And with so many parties involved, you need to establish a clear and uniform set of instructions to ensure the process is a success.

Snyk + Dynatrace workshop: Integrating for real-time vulnerability detection

Since 2019, Snyk and Dynatrace have partnered with a shared mission of securing the entire software development lifecycle (SDLC) and accelerating digital transformation. As many agile organizations migrate their workloads to the cloud, it’s tempting for teams to let security take a back-seat until all the pieces of the infrastructure puzzle are in place.

Pfizer IP Leak Isn't Unique. Protect Your Cloud Data With Proactive Encryption.

The pharmaceutical company Pfizer recently acknowledged that thousands of internal documents were leaked, including trade secrets related to its COVID-19 vaccine. In a California lawsuit, Pfizer stated that a former employee had exfiltrated sensitive data to their personal cloud accounts and devices while they were still working there.

The Good, the Bad, and The Ugly: Understanding the API Security Top 10 List

The Open Web Application Security Project (OWASP) is a nonprofit organization with the purpose to help secure software. They provide data that can give engineering and security teams a better idea of where the most common risks may lie. The 2021 OWASP Top 10, released in November 2021, lists the most critical web application security risks. But OWASP also maintains the API Security Top 10 project which was last updated in 2019. Each category is ranked based on the frequency and severity of the defect.

Arctic Wolf Releases Open Source Log4Shell Detection Script

After successful deployment to Arctic Wolf’s customer community of more than 2,300 organizations worldwide, today we are making “Log4Shell Deep Scan” publicly available on GitHub. Log4Shell Deep Scan enables detection of both CVE-2021-45046 and CVE-2021-44228 within nested JAR files, as well as WAR and EAR files.

The State of Security in the UK: Lessons from the NCSC Report

The National Cyber Security Centre (NCSC) recently released its fifth annual review of the state of cybersecurity in the United Kingdom. The report is presented under five headings including an analysis of and response “The Threat,” advice for resilience, advances in threat detection and prevention technology, improving the cybersecurity ecosystem, and global leadership. The overarching message of the report is to provide safety for all online activities of all UK citizens.

December 2021 Patch Tuesday: AppX Installer Zero-day, Multiple Critical Vulnerabilities

It’s the last Patch Tuesday update of 2021, and as with many other updates this year, this month’s list includes important ones — among them a zero-day (CVE-2021-43890 in AppX installer), multiple critical vulnerabilities and a variety of attack types utilized in several Microsoft product families — highlighting once again that patching and prioritization are prominent programs SecOps staff must regularly implement to keep adversaries from infiltrating their organizations’

Best Practices of Cybersecurity Risk Management

Cyber threats are everywhere, regardless of your organization’s size or industry. Businesses today must adopt a systematic, disciplined cybersecurity plan to secure vital infrastructure and information systems — that is, a cybersecurity framework. Cybersecurity risk management encompasses identifying, analyzing, assessing, and addressing cybersecurity threats to your organization. In this sense, the first part of any cyber risk management program is a cybersecurity risk assessment.

Hangin' with Haig: Conversations Beyond the Keyboard with Guest cyber threat hunter, Jessica O'Bryan

ThreatQuotient's Director of Alliances, Haig Colter, assumes the role of host in our series Hangin’ with Haig: Conversations Beyond the Keyboard. In our upcoming episode, we welcome Jessica O’Bryan, Cyber Threat Intelligence & Threat Hunt Development Lead for the Cyber Security Operations Center (CSOC) at Viasat. Haig will dive into Jessica’s journey in the cybersecurity industry and her love for rock climbing and surfing. In order to follow her passion for the outdoors and sports, Jessica has traveled throughout the west coast in a camper. Join us and listen in on Jessica's incredible adventures.

DevSecOps and Data Engineering

As security is adopted more in the shift left devsecops approach it brings with it a re-examining of the full SDLC. This is increasingly important not only as part of security policies and app handling but also ensuring the protection of infrastructure, data and end user app experiences. In this Snyk Live episode we are joined by Saman Fatima, sharing experiences around security practices and approach. Looking at DevSecOps practices like IAM and how security can apply to data engineering.

How do we solve a problem like Log4shell?

With the infamous Log4shell vulnerability spread far and without any direct fixes available yet, what do we do? Our panel of Java champions discuss the immediate reality, the near term solutions, and how the community can help itself and its members Speakers Host - Randall Degges | Head of Developer Relations & Community at Snyk Ana-Maria Mihalceanu | Developer Advocate Red Hat Martijn Verburg | Principal Engineering Group Manager (Java) at Microsoft

Survey: Security and Federal Government

Tripwire and Dimensional Research surveyed 306 security professionals, unveiling the private sector's request for further action from the federal government to ensure the security of its data and systems. So then why have only roughly 49 percent of non-governmental agencies fully adopted the NIST standards? And why do 24 percent of federal respondents believe they are falling behind when it comes to preparedness to face new threats and breaches?

Arctic Wolf Cloud Detection and Response

Cloud Detection and Response protects you from key cloud threats like account and business email compromise, ransomware, suspicious resource usage, and phished credentials. Arctic Wolf's Concierge Security® Team continually reviews your cloud posture and works to harden your environment over time. The cloud has changed the way we work. Accelerate your cloud transformation and have confidence your business is secure with Arctic Wolf Cloud Detection and Response.

How to Keep Your Data Secure in Light of Apache Log4j Vulnerabilities

In quick succession in December, The Apache Software Foundation released information on two critical vulnerabilities in its Log4j Java-based library. The first vulnerability CVE-2021-44228, also known as Log4Shell or LogJam, was reported as an unauthenticated remote code execution (RCE) vulnerability. By exploiting how the library logs error messages, it could lead to a complete system takeover.

LOG4J security vulnerability (Log4Shell)

On Nov. 24th 2021 a severe security vulnerability, called “Log4Shell”, has been reported in the JAVA framework “Log4J” 2.x which is widely used for event logging in JAVA applications worldwide. The vulnerability allows cyber-attackers to execute arbitrary code by injecting it into a logging process implemented in Log4J. The “Log4Shell” vulnerability allows complete server takeover by the attackers.

Six of My Favorite Styra Declarative Authorization Service Features

Open Policy Agent (OPA) allows developers to accelerate time to market and focus on their differentiated work, instead of spending their time figuring out how they are going to write bespoke authorization policies. With OPA handling authorization decisions across the stack, each service, app or platform API just has to handle enforcement of OPA decisions.

How to Respond: The Apache Log4j Vulnerability Clearly Explained

The Apache Log4j vulnerability has been assigned the most critical cyber threat rating of CVSS 10. For a concise overview of the zero-day, and to learn how to secure your systems against its exploitation, all of the popular FAQs concerning this vulnerability have been conveniently compiled in this post.

What is an Advanced Persistent Threat (APT)?

An Advanced Persistent Threat (APT) is a cyberattack campaign where a threat actor establishes a long-term presence inside a breached network to continuously steal sensitive data. In order to evade detection throughout the entire APT attack life cycle (which could last for many years), these cyber threats must always exceed the evolving sophistication of common security controls. The advanced attack methods of APT groups makes this cyber threat significantly more difficult to intercept.

'Tis the Season for Payment Fraud: 5 Top Holiday Shopping Risks

Holiday shopping is right around the corner, but unfortunately, Black Friday isn’t just an opportunity for shoppers and retailers — it’s also an opportunity for cybercriminals. While criminals have always been attracted by the money that changes hands on Black Friday, the last couple of years have been a magnet for cyber attacks. The pandemic means that more people than ever shopped online in 2020 — with shoppers spending $14.13 billion online last year on Black Friday.

How to Become a Certified Kubernetes Administrator?

Without a doubt, Kubernetes is the most prominent container orchestration tool. And you’ve probably noticed that many positions available to IT professionals require Kubernetes experience. One way to gain or prove your Kubernetes knowledge is by becoming a Certified Kubernetes Administrator (CKA). This certification is issued by the Cloud Native Computing Foundation (CNCF) in collaboration with the Linux Foundation. They offer three Kubernetes related certifications.

A Guide to ThreatQuotient's Top Blogs for 2021

We know that keeping up with cybersecurity news can be a challenge. The threat landscape continuously evolves, and defenders must stay apprised of the latest innovations and best practices to better protect their organizations. So, throughout the year, ThreatQuotient publishes a steady stream of blogs with insights to help you optimize your security operations and accelerate detection and response.

Run out of Netflix options? Check out our Most Popular Webinars for 2021

We’re fortunate to have a depth and breadth of cybersecurity expertise here at ThreatQuotient, and through our partner network. And we take great pride in sharing that expertise with you in the form of high-quality, informative webinars throughout the year. In 2021, we covered a lot of important topics and wanted to make sure you didn’t miss our top five webinars for the year. Scan the overviews below and click on the links to watch those that capture your attention.

2022 software security predictions that should be on your radar

To paraphrase the familiar yuletide song, in the world of IT this is “the most speculative time of the year.” True, tying predictions to the regular calendar may be a bit out of sync for much of the business and government world—the federal fiscal year begins on Oct. 1, and here at Synopsys we say Happy First Quarter on Nov. 1. But we all still celebrate the new year on New Year’s Day.

Why Vulnerability Management is Foundational to Cybersecurity in Financial Services

The ability to effectively manage vulnerabilities in an efficient and strategic manner is critical for companies. The ongoing practice of identifying, classifying, prioritizing, and fixing software vulnerabilities should be a key component of the development process. If it’s not, teams might turn out applications that contain vulnerabilities with consequences ranging from mild annoyances to disastrous security breaches.

The Top Cybersecurity Trends to Watch in 2022

Right now, cybersecurity is more important than ever. Major changes to how we work and live — like the pivot to remote work or the growing use of IoT (internet of things) devices — have created new cybersecurity vulnerabilities and challenges. Businesses will need new strategies to respond to the changing cybersecurity threat landscape. These cybersecurity trends are likely to show where the field is moving in 2022 and how businesses should prepare.

Building Endpoint DLP to Detect PII on Your Machine in Real-Time

Endpoint data loss prevention (DLP) discovers, classifies, and protects sensitive data – like PII, credit card numbers, and secrets – that proliferates onto endpoint devices, like your computer or EC2 machines. This is a way to help keep data safe, so that you can detect and stop occurrences of data exfiltration. Our endpoint DLP application will be composed of two core services that will run locally.

Khonsari: New Ransomware Delivered Through Log4Shell

While many organizations are patching the two recent Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), attackers have been racing to exploit them to deliver malware, such as botnets, backdoors, and cryptominers. Among the threats delivered using Log4Shell exploits, a new ransomware family was found by Bitdefender: Khonsari.

Infrastructure is a disaster. The lessons from Log4J.

New day. New threat. New technology to combat said threat. Sound familiar? The threat landscape is continually evolving and getting more sophisticated, and, in an attempt to keep up, many organizations are quick to adopt the latest buzz-worthy product. This is a recipe for disaster.

Security in context: When is a CVE not a CVE?

At Snyk we have some general points of principle that we use to help guide our security thinking and decision making. Firstly, it is always important to understand from whom we are protecting, as it has implications for how we need to act. As an example of this, if our artefact is a web server, then we need to protect it against untrusted users. Whilst if our artefact is encryption software, then we clearly need to protect it even from users with physical access to the system.

Detecting Log4j via Zeek & LDAP traffic

We recently discussed some methods for detecting the Log4j exploit, and we’ve now developed another method that everyone running Zeek® or a Corelight sensor can use. Our new approach is based on the rarity of legitimate downloads of Java via LDAP. Zeek does not currently have a native LDAP protocol analyzer (though one is available if you are running Spicy). This will not stop you from detecting this exploit downloading Java over LDAP, though. To see how, read on.

Log4j Vulnerability CVE-2021-45046 Explained

As security and development teams rushed to assess the now-notorious Log4Shell vulnerability published December 10 (CVE-2021-44228), another, more minor vulnerability was discovered in Log4j — CVE-2021-45046. To understand the newly-discovered vulnerability, it is important to get the full picture and background on the original Log4j issue.

The "Office of the CISO": A New Structure for Cybersecurity Governance

When it comes to cybersecurity governance and management, there is no “one size fits all” approach. Today’s CISOs have a far wider range of responsibilities than their predecessors as heads of IT security. The CISO role is no longer purely technical, focused on hardware and endpoint protection and on operations within the organisational perimeter. Today’s CISO is as likely to be involved with software security, cloud applications, security awareness, and user training.

Use Egnyte To Reduce Content Sprawl in Microsoft Teams

Microsoft Teams has exploded in popularity in recent years, going from 2 million users in 2017 to roughly 250 million today. That growth is due in no small part to the disruptions caused by the global pandemic, with employees working from home and still needing to collaborate.

Automate Your Cloud Operations With Humio and Fylamynt

A new API integration for Humio and Fylamynt helps joint customers improve the efficiency of their cloud operations teams by automating repetitive and manual operations tasks. Fylamynt, a low-code platform that delivers a developer’s approach to ITOps with site reliability engineering (SRE), works with Humio to empower faster response times to critical operational issues, reduce human error and increase productivity so DevOps teams can focus on adding value through innovation.

log4jShell - Do you know what you don't know?

Is it just me or is the announcement of a significant CVE becoming a holiday tradition? Discovered on December 9, 2021 by Minecraft players, the Apache Log4Shell vulnerability is a uniquely insidious because it infects servers which are traditionally well insulated from attacks and perceived as unreachable by an intruder and not at risk for CVEs. Log4Shell is an entirely different can of works that proves this assumption wrong.

Trustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities

Dec. 29: Updated to cover three additional CVEs: CVE-2021-4104, CVE-2021-44832, and CVE-2021-42550 (in logback as opposed to log4j). Dec. 22: A joint Cybersecurity Advisory was issued by multiple national cybersecurity agencies providing mitigation guidance on addressing vulnerabilities in Apache’s Log4j software library: CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105. Dec. 17: Please note the emergency directive from CISA on Log4j.

Preparedness, Speed and Communication are the Cornerstones of a Solid Ransomware Defense

Ransomware attackers today have the technical skill and tools to analyze a target’s defenses and like a band of guerilla operatives attacking a more power adversary, the attackers avoid the teeth of the defense and hit their victim at its weakest point. All while layering in new tactics to force their victims to pay a ransom. To be prepared for this threat, an organization must have a plan in place to deal with the myriad of new tricks ransomware attackers have developed over the last few years.

Trustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities

Dec. 29: Updated to cover three additional CVEs: CVE-2021-4104, CVE-2021-44832, and CVE-2021-42550 (in logback as opposed to log4j). Dec. 22: A joint Cybersecurity Advisory was issued by multiple national cybersecurity agencies providing mitigation guidance on addressing vulnerabilities in Apache’s Log4j software library: CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105. Dec. 17: Please note the emergency directive from CISA on Log4j.

Cloud File Sharing for Managed Service Providers (MSPs) Overview

In this video, Director of MSP Community and Enablement, Eric Anthony, gives an overview of Egnyte and how you can tailor our cloud file sharing tool to the needs of your clients. As a Managed Service Provider or MSP, referring your clients to resources that best fit their needs is imperative to fostering a long-term working relationship. At Egnyte, we give you the support you need to help your clients make informed decisions to keep collaboration simple, adhere to industry-specific regulations, and most importantly, keep their data secure.