At first glance, DevSecOps and Agile can seem like different things. In reality, the methodologies often complement each other. Let’s see how. Agile is a methodology that aims to give teams flexibility during software development. DevSecOps is about adding automated security to an existing automated software development process. Both are methodologies that require high levels of communication between different stakeholders and continuous improvement as part of the process.
Mobile phone apps are more popular than ever with a rapidly expanding user base each year. They have literally made everything come to the fingertips of the users and there’s a significant demand for mobile apps for just about everything, generating great competition and pressure among app developers around the world.
This blog was written by an independent guest blogger. Non-fungible tokens (NFTs) are the new player in the financial investment market. They’ve seen tremendous interest from a wide range of parties, whether that be institutional investors or retail hobbyists looking to find an angle. As with anything involving money, malicious actors are already starting to take hold; Insider magazine recently highlighted the 265 Ethereum (roughly $1.1 million) theft due to a fraudulent NFT scheme.
In this blog post, we discuss the key security issues of the last year and explore what this could mean for 2022. With the continuous exploitation of vulnerabilities which took place in 2021 likely to continue in 2022 and beyond, organisations can benefit from conducting tabletop exercises using some of the scenarios presented below.
Deloitte, a leader in managed security services, has launched MXDR by Deloitte — a Managed Extended Detection and Response suite of offerings — within which the CrowdStrike Falcon® platform will power a number of solutions. MXDR by Deloitte combines an integrated, composable and modular managed detection and response SaaS platform with managed security services in a unified offering of advanced, military-grade threat hunting, detection, response and remediation capabilities.
In an incident response investigation, CrowdStrike analysts use multiple data points to parse the facts of who, what, when and how. As part of that fact-finding mission, analysts investigating Windows systems leverage the Microsoft Protection Log (MPLog), a forensic artifact on Windows operating systems that offers a wealth of data to support forensic investigations. MPLog has proven to be beneficial in identifying process execution and file access on systems.
This weekly cybersecurity news overview provides a brief recap of the most important and interesting stories that dominated headlines in the past seven days.
The SSH agent (ssh-agent) is an SSH key manager that stores the SSH key in a process memory so that users can log into SSH servers without having to type the key’s passphrase every time they authenticate with the server. In addition to the key management feature, SSH agent supports agent forwarding, which helps to authenticate with servers that sit behind a bastion or jump server.
Elastic Security engineers have documented a less tedious way to find network beaconing from Cobalt Strike. In their full analysis (), Elastic Security team researchers Andrew Pease, Derek Ditch, and Daniel Stepanic walk users through the Elastic fleet policy, how to collect the beacon, beacon configuration, how to analyze its activity, and how you can set it up in your organization’s environment.
At SnykCon 2021, there were a number of insightful talks from companies that were able to build successful AppSec programs. As the Lead Platform Architect at Lunar and a Cloud Native Computing Foundation (CNCF) ambassador, Kasper Nissen’s presentation was no exception. In this post, we’ll recap Nissen’s talk about how his security team at Lunar was able to shift security left while building a cloud native bank.
Let me begin by stating the obvious: The cyberattack surface is growing exponentially and diversely. Essentially, it’s a bigger shark and we’ve got the same small boat. The environments, platforms, services, regions and time zones that constitute modern enterprise operations and drive digital transformation for business continue to require increasing specialization and expertise beyond current in-house capabilities.
Nowhere is this more apparent than in DevSecOps where developers and releases outnumber security experts by thousands to one. It’s simply not feasible for the security teams to manually tackle flagged issues with any kind of accuracy—and have any time left in the day to - you know - eat and sleep!
I recently ran an unofficial poll on LinkedIn asking how people found every instance of Log4J in their application portfolio. The options I gave were CMDB (Configuration Management Database), SBOM (Software Bill of Materials), SCA (Software Composition Analysis), and internal detective work. The overwhelming majority, 54% to be exact, said internal detective work. These results got me thinking as organizations spend millions of dollars a year on CMDB, SBOM, and SCA technologies.
Passwords have been the long-time guardian of our personal lives and data ever since the dawn of the internet. Though passwords might still retain most of their relevance, they are not robust enough to protect today’s digital economy.
This blog was written by an independent guest blogger. There are more online stores and services available than ever, and you are able to shop for almost anything online whether it's groceries or insurance. There are many ways to protect yourself while browsing the internet, and one of those ways is to choose reputable businesses with strong security. Although there are standards for online businesses to follow, some have better safety measures in place than others.
The market for penetration testing is expected to reach $3.1 billion by 2027, rising at a market growth of 12% CAGR during this time. Fueled by the rising number of mega-breaches and more sophisticated attacks, IT teams are taking a more proactive approach, using penetration testing to validate and improve their security configurations. As more organizations do business on SaaS and cloud programs, penetration testing is becoming an important complement to cloud data loss prevention tools.
As our online lives become subject to new and evolving threats, we’re doubling down on protecting the digital privacy and peace of mind of everyday people – at home and at work. 1Password has raised $620 million (USD) in the largest funding round ever for a Canadian company. Our latest round was led by ICONIQ Growth, with participation from other wonderful partners including Accel, Tiger Global, Lightspeed Venture Partners, and Backbone Angels.
Increasingly, life science companies are applying omics-based testing to clinical trials. These tests support precision medicine models for the study of rare cancers and other diseases. Genomics research tests, for example, can help account for diverse drug responses and outcomes caused by genetic differences in trial participants.
Elastic Security has verified a new destructive malware targeting Ukraine: Operation Bleeding Bear. Over the weekend, Microsoft released details about this multi-stage and destructive malware campaign that the Ukrainian National Cyber Security Coordination Center has been referring to as Operation Bleeding Bear.
The Cambridge Dictionary defines a policy as: “a set of ideas or a plan of what to do in particular situations that has been agreed to officially by a group of people, a business organization, a government, or a political party.” And in the context of software development, your organization may have some rules about how a policy is built, configured, deployed, and used. Some examples of software policies include.
When a large government agency decided to refresh its infrastructure down to Layer 2 switches, Forward Networks data delivered over $6 million in savings. Like many companies around the world, this organization had challenges getting full visibility and the structure of its network, which had grown organically over time.
The retail sector has its own unique cybersecurity risks, especially given the growing emphasis on online commerce. The trend toward purchasing goods and services on the internet has been going on for years. But the volume of e-commerce has seen a sharp increase since the beginning of the pandemic, when many physical stores were forced to lock down or consumers simply opted to buy online rather than visiting brick-and-mortar locations.
Z3 is a satisfiability modulo theories (SMT) solver developed by Microsoft Research. With a description like that, you’d expect it to be restricted to esoteric corners of the computerized mathematics world, but it has made impressive inroads addressing conventional software engineering needs: analyzing network ACLs and firewalls in Microsoft Azure, for example.
Software development cycles have changed immensely in the last ten years. New practices and design philosophies are being tried every day. One of these practices is CI/CD pipelines, utilizing aspects of agile software development paired with automation and robust testing. In this post, we’ll be covering all aspects of CI/CD, as well as some popular CICD tools your organization can use to implement a CI/CD pipeline.
How prepared is your business to fend of bad actors seeking to infiltrate your network systems and breach your data? Imagine, if you will, the following scenario: It’s 5:30 am, and an employee has just clicked a malicious link in a phishing email. An attacker, armed with ransomware, has just gained access to your enterprise.
Unique open source licenses provide amusement for developers but they create extra work for legal teams overseeing a company’s IP. Several of my open source friends had the same reaction when they heard of the death of Bob Saget. Sadly, the actor/comedian passed away last week at a relatively young age, and with him went an increment of open source license risk. Wait… what?
The increasing number of yearly reported data breaches and new critical vulnerabilities, such as log4j, impacting both small and large businesses shows that cyberthreats are real and targeting everyone. You can minimize risk by implementing runtime security and having an incident response plan in place to contain attacks. But, in container environments, responding fast to incidents is challenging.
On Jan. 15, 2022, a set of malware dubbed WhisperGate was reported to have been deployed against Ukrainian targets. The incident is widely reported to contain three individual components deployed by the same adversary, including a malicious bootloader that corrupts detected local disks, a Discord-based downloader and a file wiper. The activity occurred at approximately the same time multiple websites belonging to the Ukrainian government were defaced.
From nation-state threat actors to typical cybercriminals, the public sector faces a multitude of cybersecurity threats. At the same time, public-sector organizations struggle to maintain a robust cyber hygiene posture because they need to balance limited budgets with complex IT environments and highly interconnected ecosystems.
There are truisms that span history. One truism is that a single mistake can lead to disaster, and to some extent the series of vulnerabilities affecting the organizations that use Apache Log4j.
Kubernetes is an open-source platform for governing clusters of containerized application services. Kubernetes automates the vital aspects of container lifecycle management, including scaling, replication, monitoring, and scheduling. The central component of Kubernetes is a cluster, which is itself made up of multiple physical or virtual machines.
The modern digital environment is more risky than ever before, and the incidence of cyberattacks only increased throughout the COVID-19 pandemic. In this day and age, even the most robust security systems may still be penetrated or breached by a sophisticated cyber-attack. This means companies can no longer afford to be complacent about security.
When an unfortunate event occurs, people tend to be curious about who was responsible for the event. It can be interesting and helpful to know who your enemy is and what their motives might be. But in cybersecurity, the primary focus is ultimately on preventative and detective measures to avoid similar issues. Let’s use a recent example to illustrate this point below.
In case you missed it, Samsung Knox has verified Mobile Device Manager Plus as a Knox Validated Partner solution. This means that our EMM solution meets its business-level requirements for 2022, and that we support a wide range of features to help you get the best out of all your mobile devices that support Samsung Knox capabilities.
So, to what extent are we able to protect ourselves from Cybersecurity events? With the alphabet soup of acronyms out there such as NIST, ISO, SOC, CISA, DevSecOps, etc…… protecting your business from Cybersecurity threats can be overwhelming. Making Cybersecurity a priority can save your business down the road. Threat Actors, once in, may lay dormant for months much like a human virus.
Israeli cybersecurity researcher and analyst Ido Hoorvitch has published the results of an experiment he conducted on residential Wi-Fi networks and the findings were surprising: he was able to crack about 70% of the hashes from residential Wi-Fi networks in one Tel Aviv neighborhood.
In my first blog in this three-part series, we discussed the importance of data to the modern SOC, and the unique approach of ThreatQ DataLinq Engine to connect the dots across all data sources, tools and teams to accelerate detection, investigation and response.
BFSI (Banking, Financial Service and Insurance) organizations have remained a primary target of cybercriminals over the last several years. Given the amount of sensitive data that the BFSI sector has to deal with, they become an obvious goldmine for hackers and that is why they have to prioritise cybersecurity above all else. As a matter of fact, more than 70% of fintech companies cited information security as their top concern in the Sixth Annual Bank Survey.
Snyk Code provides a new generation of static application security testing (SAST). It uses a unique process that uses machine learning to rapidly grow its knowledge base and a Snyk security engineer to assure the quality of the rules. As a result, the Snyk Code knowledge base grows exponentially and results in an industry-leading high accuracy. On top of that, Snyk Code provides real-time scanning so developers can use it right from their favorite IDE.
Learn about the five cryptography best practices every developer should follow to secure their applications. Cryptography is a huge subject with dedicated experts, but that doesn’t mean developers can leave it entirely to their security teams. Building security into DevOps means you need to understand how to deliver secure, high-quality code at velocity. Having some basic cryptography under your belt will help.
Our security research team will explain a real attack scenario from the black box and white box perspective on how a vulnerable AWS Lambda function could be used by attackers as initial access into your cloud environment. Finally, we show the best practices to mitigate this vector of attack. Serverless is becoming mainstream in business applications to achieve scalability, performance, and cost efficiency without managing the underlying infrastructure.
Lack of access accountability and unmonitored access create a considerable security risk for organizations, and the best way to mitigate this challenge is by implementing identity-based access.
No sooner did word start to spread about Apache Log4j that the usual torrent of blaring headlines, vendor marketing, and tips and tricks-style “information” quickly followed. You can find plenty of solid technical analysis out there about Log4j, and we’ve already posted information about Netskope protections and threat coverage from Netskope Threat Labs. But that’s not this post.
Here at Nightfall we ensure that we are always using the most appropriate technology and tools while building services. Our architecture involves serverless functions, relational and NoSQL databases, Redis caches, Kafka and microservices written in Golang and deployed in a Kubernetes cluster. To effectively monitor and easily troubleshoot our services, we use distributed tracing across our services.
Remote learning is now an inevitable reality for academic institutions. Even before the pandemic, remote learning was on the rise. The pandemic has only made that trend more pervasive and dominant across institutions, most notably among the public schools. The Multi-State Information Sharing and Analysis Center (MS-ISAC), a federally funded threat intelligence and cybersecurity advisory organization, recorded a 19% increase in cyberattacks targeting K-12 schools in the 2019-2020 school year.
Spending on security and risk management is soaring worldwide. But exactly which improvements should you focus on next to best strengthen your cybersecurity program? For many organizations, building a solid information security architecture should be at the top of the list. Read on to learn how what information security architecture is and how it can help you protect your critical IT assets from security threats with less work and worry.
Earlier this year, I wrote about what’s new in Version 8 of the Center for Internet Security’s Critical Security Controls (CIS Controls). An international consortium of security professionals first created the CIS Controls back in 2008. Since then, the security community has continued to update the CIS Controls to keep pace with the evolution of technology ecosystems and emerging threat vectors—all the way to Version 8 and the 18 Controls contained therein.
As we begin a new year, many organizations will enter a “goal-setting and strategic planning” season. During this time, individuals are re-energized and motivated to record new accomplishments for their professional development. Traditional corporate goal setting aligns with fiscal calendars and forces companies and individuals to build goals in chunks of 365 days. But why set your deadline based on the Earth’s orbital period?
Cyber security is a crucial element of the digital age. You may not notice it, but cyber attacks are happening every day to companies and individuals alike. We’ve got you covered with this detailed guide on the importance and benefits of cyber security along with the mitigation strategies and tips for protection against cyber attacks.
Third-party risk management (TPRM) has grown in prominence as organizations increase their reliance on external parties, from cloud providers to credit card processors. As more enterprises invest in this critical business function, certain best practices are becoming key to a successful TPRM program.
Millions of workers are leaving their jobs after enduring stay-at-home lockdowns and reflecting on what they need to be truly happy and healthy. While the ‘Great Resignation’ could have a positive impact on society, it also represents a security risk for businesses of all sizes.
For the last decade, AWS has dominated the cloud computing space with a plethora of cloud services. One of AWS’ great innovations was AWS Fargate, their first containers as a service (CaaS) offering. Prior to the introduction of Fargate, those building in the cloud were forced to choose between IaaS paradigm-focused containers or FaaS-focused serverless functions.
The FBI recently warned and advised on a current scam in which bad actors mail malicious thumb drives in packages and trick recipients into thinking there is a legitimate reason for connecting the thumb drive to their computer. Let’s be clear. DON’T. Don’t stick that thing in your computer. You don’t know where it’s been!
The supply chain is under a historic amount of pressure, but the strain on its cybersecurity and risk management may be in even worse condition. As 2021 draws to a close, the global supply chain is in a state comparable to rush-hour traffic in bad weather. Everything seems to be backed up whether due to supply and demand issues, wait times at shipping ports, or any number of other delays.
Now is a great time to look back on cybersecurity statistics for 2021. They can help IT professionals understand which issues from last year may carry over into 2022. However, it’s also useful to gain expert insights on likely cybersecurity scenarios impacting this year. Knowing about threats makes it easier to combat them. Here are 10 cybersecurity statistics from 2021 and five predictions for 2022.
The California consumer privacy act (CCPA) is a law that was passed in 2018, and it is in effect from January 1st 2020. The California attorney general’s office has not taken any enforcement action against firms that did not meet the standards until July 1st 2020. A lot of people are unsure about what this new law means for them. Like the GDPR, there are significant penalties for non-CCPA compliance and potential loss of consumer loyalty.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. In an act of ‘revenge’ or retaliation against the unpaid or even unaccredited use of FOSS by commercial entities, one developer did something that has created a large amount of discussion (which is a good thing) but at what cost?
Companies are increasingly moving their IT operations to IaaS (infrastructure-as-a-service) solutions. Gartner estimates that by 2022, about 60% of business entities will be leveraging cloud-managed offerings, doubling the recorded use in 2018. Cloud offerings like Amazon Web Services (AWS) are generally secure. But since IaaS uses a shared security model, there's a great chance of data security issues, including cybersecurity and workload concerns.
Manufacturing is one of those industries that seems like a natural fit for vulnerability management, in part because these companies can be such easy targets for cyber criminals. Manufacturers in many cases operate far-flung, global facilities including factories, warehouses, and other distribution points. Increasingly, these different facilities are connected as companies look to modernize their operations through digital transformation.
Just as the move to DevOps required a cultural shift, incorporating security into a DevSecOps initiative typically requires a delicate dance between developer and security teams. The two groups historically haven’t seen eye to eye and view one another with distrust.
Assessing the security risks of critical infrastructure organizations is a bit of a challenge, because the category includes multiple industries. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), which leads the nation’s effort to manage and reduce risk to cyber and physical infrastructure, identifies 16 critical infrastructure sectors.
SSH servers are a common target for brute-force attacks. This is even more true if your infrastructure sits behind an SSH bastion because attackers have no choice but to compromise the bastion host either by exploitation or denial of service. In this article, we will list a few controls which will help you harden your SSH servers from brute- force attacks.
Arctic Wolf joins the Gartner Peer Insights Customer First Program in the vulnerability assessment and managed detection and response service. The members of the Arctic Wolf team are excited to announce that we have pledged to be a Customer First vendor in the vulnerability assessment and managed detection and response service. Our team at Arctic Wolf takes great pride in this program commitment, as customer feedback continues to be a critical priority and shapes our products and services.
If year-end reviews have taught us anything, it’s that people love recaps that cram 12 months of growth and change into a five minute digestible read. Last year we worked hard to bring easy but secure password management to everyone – businesses and individuals alike.
Mega-breaches, or reported breach incidents that impact more than one million records, have increased dramatically. Our analysis shows that, on average, mega-breaches increased 36% year over year since 2016. In total, mega-breach incidents that we analyzed cost at minimum a combined $8.8 billion and exposed 51 billion records.
Welcome to the first edition in 2022 of our Cloud Threats Memo! One of the key findings of our Cloud and Threat Report – January 2022 is the leadership of Google Drive as the most exploited cloud app for the distribution of malware (and for the record, guess which service ranks at number two—spoiler alert: it is a cloud storage service from Microsoft). Unsurprisingly, this is not the only way in which threat actors can exploit these and other cloud services.
Reuters reported on Friday that the Russian Federal Security Service (FSB) and local police launched a series of raids against members of the REvil/Sodinokibi ransomware gang at the request of the United States. More than a dozen arrests were made with millions in cash and goods being confiscated by authorities. This unprecedented action from the Russian Federal Security Service aligns with the fear that we've observed while conducting cybercriminal chatter reconnaissance on the Dark Web.
Data is among the most valuable assets that need to be safeguarded at all costs. But in the digitally-driven business world, cybercrimes are prevalent, making data protection and data privacy a main focal point. The increasing use of technology and the growing exposure to evolving cyber threats have dramatically changed the data security and privacy landscape. For these reasons, international regulatory bodies around the world have created stringent data privacy laws for businesses to meet.
As we enter 2022, it’s important that organizations invest in cybersecurity for their operational technology (OT) systems. Why? One of the reasons is that Industry 4.0 can sometimes introduce more risk for OT. This is evident in several Industry 4.0 market trends. For example, there’s digital twin infrastructure. That’s where you make a digital copy of your production facility or your machine.
With the recent release of Sysmon (System Monitor) for Linux by Microsoft, new opportunities for monitoring, detection development, and defense are now possible. Sysmon for Windows is a very popular tool among detection developers and blue teamers as it provides extensive details from system activity and windows logs. Due to the extensive information this service/driver provides in Microsoft Windows, it is very useful when researching attacks and replicating malicious payloads on lab machines.
Passwords are dying as a sole security measure, particularly within financial services. It is widely expected (and in the UK, mandatory) that any institution responsible for finances, from banks to brokers and even crypto wallets, should be implementing multi factor authentication (MFA) to prevent fraudsters gaining access to accounts using automated attacks, even if they know the user’s password.
Following the 2021 cyberattack on Colonial Pipeline that caused a nationwide supply-chain disruption, numerous cybersecurity companies and federal agencies increased their efforts to find and shut down ransomware groups and curb the rise of cyberattacks. Those efforts have resulted in the shutdown of ransomware-as-a-Service (RaaS) groups such as DarkSide and REvil, which had been targeting critical infrastructure including healthcare providers of financial systems.
The year 2021 started off with organizations slowly reopening their doors and welcoming back their employees. This couldn’t happen overnight, of course. It meant devising new IT strategies to accommodate a hybrid workforce. Ensuring the organization’s business continuity is crucial for it’s sustenance, and this became the IT department’s primary mission.
The unexpected and rapid switch from the global workforce to the WFH setup caused by the coronavirus pandemic has prompted companies around the world to make extensive infrastructure adjustments to support employees working exclusively from home. According to the new IDC forecast, the number of mobile workers in the US will steadily increase from 78.5 million in 2020 to 93.5 million in 2024 over the next four years.
Organizations need to stay ahead of the ever-evolving security landscape. It’s no secret that Zero Trust security is crucial for successful endpoint protection. Due to the rapid transition to a remote workforce and shift from the traditional data center into dynamic cloud infrastructure we’ve witnessed in the last year, more and more companies are finding the need to accelerate their digital transformation to keep pace with the expanding threat surface.
The early stages of an intrusion usually include initial access, execution, persistence, and command-and-control (C2) beaconing. When structured threats use zero-days, these first two stages are often not detected. It can often be challenging and time-consuming to identify persistence mechanisms left by an advanced adversary as we saw in the 2020 SUNBURST supply chain compromise. Could we then have detected SUNBURST in the initial hours or days by finding its C2 beacon?
Following the devastating vulnerabilities recently found in Log4j, the Cybersecurity & Infrastructure Security Agency (CISA) in the United States has pointed to the SBOM – called for in President Biden’s cybersecurity Executive Order (EO) – as a way to make remediation of similar vulnerabilities easier in the future. In light of this, we thought it would be useful to provide an easy overview of SBOMs – what they are, and how to obtain them.
Security Service Edge (SSE) describes the evolving security stack crucial to a Secure Access Service Edge (SASE) journey, with core platform requirements that include CASB, SWG, and ZTNA capabilities. SASE is an architecture—really, a long-term journey that will change how we all think about security and networking. But SSE, as part of SASE, is a set of cloud-delivered security services you can acquire and make the most of today.
A notorious cybercrime gang, involved in a series of high profile ransomware attacks, has in recent months been sending out poisoned USB devices to US organisations. As The Record reports, the FBI has warned that FIN7 – the well-organised cybercrime group believed to behind the Darkside and BlackMatter ransomware operations – has been mailing out malicious USB sticks in the hope that workers will plug them into their computers.
It’s been a whirlwind year for Styra — from going fully remote as a company to raising $40 million in Series B Funding to more than doubling our workforce. We have a lot to be thankful for as a company, and before we say “goodbye” to 2021 and “hello'' to 2022, I wanted to take a moment to recap some of my favorite moments and initiatives of this past year.
Malware targeting Linux-based operating systems, commonly deployed in Internet of Things (IoT) devices, have increased by 35% in 2021 compared to 2020, according to current CrowdStrike threat telemetry, with the top three malware families accounting for 22% of all Linux-based IoT malware in 2021.
SSH bastion hosts are an indispensable security enforcement stack for secure infrastructure access. Every security compliance standard that deals with remote infrastructure access (e.g., FedRAMP AC-17 - Remote Access, HIPAA §164.312(a)(1) - Access control, SOC2 CC6.1 - Manage Points of Access) mandates preventing direct network access to the servers and APIs.
Artificial intelligence (AI) is playing an increasingly important role in cybersecurity. This is confirmed by a recent Pulse survey of 191 senior executives from companies on four continents: two out of three organizations (68%) say they are using tools that use AI technologies and among those who are not yet using AI, 67% are considering adopting it.
Business security is often associated with larger companies where employees spend most of their time in front of computers. This stereotype can lead small business owners – especially ones outside the tech industry – to think they’ll never be targeted by hackers and don’t need to invest in security. It’s a mistake that cybercriminals are exploiting.
The volume, variety, and velocity of data being collected in clinical trials is constantly increasing. It regularly surpasses what any one person or even a team of people can process, organize and monitor. Companies can no longer throw people at the problem, which is why many have turned to automation and AI to fill the gap.
Following the discovery of Log4Shell, a vulnerability in Log4J2, Elastic released a blog post describing how users of our platform can leverage Elastic Security to help defend their networks. We also released an advisory detailing how Elastic products and users are impacted.
As the pandemic continues, organizations around the world are working hard to adapt to the “new normal.” This article highlights the key trends that we will face in 2022 and beyond. Ransomware attacks more than doubled in 2021 compared to 2020, with healthcare and utilities the most commonly targeted sectors. Moreover, attacks are getting more expensive, with the average ransomware payment leaping from US$312,000 in 2020 to $570,000 in 2021.
Managing the security of your Amazon Web Services (AWS) environment requires constant vigilance. Your strategy should include identifying potential threats to your environment and proactively monitoring for vulnerabilities and system weaknesses that malicious actors might exploit. In a complex environment—such as your AWS account with a multitude of services, coupled with various architectures and applications—the ideal solution should be both comprehensive and straightforward.
Both proxy servers and VPNs hide your IP address, allowing you to access websites anonymously, but only VPNs direct all network traffic through an encrypted tunnel. Another key difference is that VPNs address all network data while proxy servers only operate on an application level. The differences between the two solutions can be summarized as follows: Before diving into their technical differences, its important to first solidify your understanding of proxy servers and VPNs.
Compliance management is the process of ensuring all workflow, internal policies and IT initiatives align with specific industry cybersecurity regulations. This effort is ongoing since the digital attack surface is always expanding.
Businesses have always had to manage risk – everything from operational, financial, or strategic risks; to other risks that are reputational, regulatory, or cybersecurity-related. So how does enterprise risk management (ERM) work today, when so many businesses are moving so much of their operations into the cloud? How can CISOs and other senior executives take traditional ERM principles and apply them to the cloud-based technology that underpins so much of the modern enterprise?
Risk culture is the set of shared beliefs, attitudes, and understanding among a group, usually in a corporate environment, about risk and risk management practices. A company has a strong risk culture when all employees understand the business and regulatory landscape in which the organization functions, and what risks are acceptable within that landscape to achieve business objectives.
Bots are rampant across the web – in fact, around 50% of all web traffic is automated or invalid, i.e., doesn’t come from a real user with genuine interest. While some of this traffic is good and useful, for example, search engine crawlers and content aggregators, a high percentage is malicious. Hosting bad bots on your server can result in a plethora of problems for your website and business, from damage to your brand reputation to excessive financial and technical costs.
Organizations across industries are increasingly concerned about their cybersecurity posture and overall ransomware preparedness – and rightfully so – with the 64% increase in attacks from 2019 to 2020 (304 million attacks worldwide in 2020). We have also seen a 2x increase in demand for ransomware preparedness assessments and exercises.
Since the return of the Qakbot Trojan in early September 2021, especially through SquirrelWaffle malicious spam campaigns, we’ve received a few Qakbot samples to analyze from our Trustwave DFIR and Global Threats Operations teams.
Here, security experts from across Redscan and Kroll share their top tips for boosting your cyber resilience in the year ahead.
Moving into 2022, looking back at the plentiful year of 2021, regarding security, we at the Cyberint Research Team will try and shed some light on the upcoming year: the key security risks and threats, and what we feel will change in the coming year. We will focus on the actions required to be as vigilant and protected as possible.
At times, the quest to stay on top of web application security can seem futile. It seems as though the adversaries are always a step ahead, and all we can do is try our best to contain the breaches. In this blog, we’ll look at the root causes of concern for today's CISO and share some practical strategies to deter cybercriminals.
Cybersecurity is more important than ever before, with the number of corporate breaches increasing dramatically since 2020. In response to recent spikes in threats, many companies are working to create a more cybersecurity-focused employee base. The most effective way to do this is through a top-down, widespread shift in company culture, which places security among the top values.
In November of 2021, we described several techniques used by attackers to deliver malware through infected Microsoft Office files. In addition to exploits like CVE-2021-40444, these infected documents frequently abuse VBA (Visual Basic for Applications) to execute their techniques, regardless of the final payload. Attackers also often use extra layers of protection to evade signature-based detections, like constructing PowerShell scripts and WMI namespaces at runtime, as done by Emotet.
Security and privacy are inherently linked, yet decisions about each are often made in silos. It can be a challenge for teams of all sizes, with varied specialities, to connect the two domains. With that in mind, we’re pleased to announce our first live panel event: How do you bridge the gap between data security and privacy?
Traditionally, we start the new year with resolutions. We want to do more good things, like working, other things we try to eliminate. Considering the latter, my 2022 resolution is to stop accidentally exposing confidential information while I hack my application during demos on stage or similar. Yes, this new years resolution sounds very specific, and it has an excellent security horror story behind it…
2022 feels a little different, doesn’t it? Every day I’m prepared to hear something new, something scary, or something exciting. These last couple of years have made it seem like we just never know what is coming next. It’s no different for financial services companies who have to be prepared for the unexpected, including disruptive technologies that can challenge their core businesses.
You can't do business without your vendors. They support critical elements of your organization, from cloud storage services to payment processing to physical items like office supplies or physical components. Your vendors make your organization run more efficiently – but sometimes at a risk to your financial, reputational and operational resiliency.
The idea of converging cyber intelligence, AML, and fraud prevention activities to eliminate the gaps between these silos of financial crime risk management has been discussed for years. However, recent developments in global real-time payments, open banking, and booming digital transactions have escalated the need for this convergence. In this era of instant payments and CNP transactions, traditional siloed approaches to financial crime prevention are loosing their effectiveness.
Jira and Confluence house high volumes of customer information, tickets, notes, wiki articles, and more. To scan Jira and Confluence Data Center or Server editions, you can use Nightfall’s APIs to scan data at-rest in these silos. In this article, we’ll walk through how you can run a full historical scan on your Jira and Confluence data to discover sensitive data, like API keys and PII. The output will be a report detailing the sensitive findings discovered in your environment.
Many of us are fond of collecting things, but not everyone is excited about Collections #1-5. In 2019, these Collections, composed of ca. 932 GB of data containing billions of email addresses and their passwords, made their way around the Internet. These collections weren’t breaches but compilations of emails and passwords that had been gathered. Even after repeat entries were whittled down, the collection still contained billions of distinct address and password combinations.
Several years ago, a global investment bank embarked on an ambitious plan to automate its network configuration deployment process and use internal teams to run all aspects of network operations. The move was made, in part, because of the fluidity of the bank's network, which is constantly undergoing configuration changes.
Change is prolific in organizations’ IT environments. Hardware assets change. Software programs change. Configuration states change. Some of these modifications are authorized insofar as they occur during an organization’s regular patching cycle, while others cause concern by popping up unexpectedly. Organizations commonly respond to this dynamism by investing in asset discovery and secure configuration management (SCM).
Securing your Windows servers and Windows 10 running is vital, especially given today’s sophisticated threat landscape. These are usually the first machines to be compromised in an attack through exploitation of the weakest link in the chain — the user. Through trickery and social engineering, threat actors gain access to these machines and then seek to move laterally and elevate their privileges.
In some ways, IT teams had a great life in the early 2000s. Data was stored inside data centers and accessed through known ingress and egress points like a castle with a limited number of gates. As a result, organizations had control over exactly whom and what devices could access company data. This is no longer the case. With users accessing cloud applications with whatever networks and devices are at their disposal, those defense mechanisms have become inadequate.
Enterprises know they need defenses integrated into each aspect of their network while not being an inhibitor to innovation. Digital transformation realized through new 5G-enabled IoT, Operational Technologies (OT) and IT use cases are no exception. Therefore, security teams need to take a closer look at the best technology to support this innovation.
Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path to a compromised domain. In mid-December 2021, a public exploit that combined these two Microsoft Active Directory design flaws (referred also as “noPac”) was released.
In recent weeks a critical vulnerability (CVE-2021-44228) has been discovered in Log4j2, a popular logging library for Java applications. Attackers can exploit this flaw by performing Remote Code Execution (RCE) on any systems where it is implemented.
IDOR is a broken access control vulnerability where invalidated user input can be used to perform unauthorized access to application functions. IDOR can result in sensitive information disclosure, information tampering etc. This issue was previously part of OWASP top 10 2007, later it was merged with OWASP top 10 A5 Broken Access control vulnerability.
During a recent client engagement for a tabletop exercise (TTX), it became apparent that the client did not have a methodology for tracking indicators and building an incident timeline. The CrowdStrike Services team wanted to provide more information to our client on how incidents can and should be tracked, but nothing was available in the public domain.
In my first blog in this series, we discussed the importance of data to the modern SOC, and the unique approach of ThreatQ DataLinq Engine to connect the dots across all data sources, tools and teams to accelerate detection, investigation and response. We developed the DataLinq Engine with the specific goal of optimizing the process of making sense out of data in order to reduce the unnecessary volume and resulting burden.
As the frequency of new products released rises and as the attack surface keeps growing, most companies are faced with a common problem – a growing vulnerability workload. Their vulnerability scanners report countless vulnerabilities and there is simply not enough resources or time to fix all of these vulnerabilities, leaving their networks vulnerable and exploitable.
Many market-leading companies who have dominated their respective sectors with hardware or on-prem/installable software solutions are turning to SaaS offerings to fuel the next phase of their growth. Why? Simple. Market valuations are much higher for SaaS companies than they are for traditional software and hardware companies. The median multiple on earnings for a SaaS company is 12.7x as of Q3 2021 according to venture capitalist Jamin Ball who tracks the Public Cloud Software (e.g.
Every functioning security team has an incident response plan. Advance strategizing and preparation are absolutely imperative to ensure a quick response to data breaches, ransomware, and numerous other challenges, but most companies first developed that plan years, if not decades, ago and now only revisit it periodically. This is a problem. How many organizations have developed a separate incident response plan to address the unique risks of the software-as-a-service (SaaS) era? Far too few.
Naming themselves Night Sky, a new ransomware family was spotted on the first day of 2022, by the MalwareHunterTeam. They appear to work in the RaaS (Ransomware-as-a-Service) model, similar to other ransomware groups like REvil, LockBit, and Hive, publishing stolen data exfiltrated throughout the attack in a deep web site if the ransom is not paid by the victim. Currently, there are two companies listed on their deep web site, where the group has published the victim’s allegedly stolen data.
It’s always frustrating when your laptop starts to slow down. The more you click, the more it seems to stutter and have a good think about everything you ask it to do. Joining video calls and even opening documents becomes a chore. Normally, this is a sign to free up some storage space or request a new device/component from the IT department. However, an unusually slow laptop can also be the sign of something more sinister – cryptojacking.
In part two of our 2022 cybersecurity predictions series, Devo Security Engineering Director Sebastien Tricaud explained Web3 and new security testing trends. While cybersecurity tools and approaches are certainly evolving quickly, so are cybercriminals. Here are my insights on cyberthreats and attacks we should expect to see more of this year.
On December 9th, 2021, Apache disclosed CVE-2021-44228 (colloquially referred to as Log4Shell), a remote code execution vulnerability in the Apache Log4j library, a Java-based logging tool widely used in applications around the world. A highest possible severity score of 10 has been assigned to this exploit.
What can data security and privacy leaders expect from the year ahead? How will key trends shape the industry? Our team looks at three key trends that will impact security and privacy in 2022, and what leaders can do to get ahead of the curve.
With our recent 7.16 Elastic Security product release, we improved our existing Linux malware feature by adding memory protection. In this blog, brought to you by Elastic’s Engineering Security Team, we lean into this recent advancement to show how we are protecting the world’s data from attack.
Data leaks are a type of data loss threat that often fly under the radar — making them potentially more damaging than a malware or ransomware attack. Compared to data breaches, data leaks put customer information at risk accidentally. Data leaks can lead to credit card fraud, extortion, stolen IP, and further attacks by cybercriminals who seek to take advantage of security misconfigurations.
Security operations centers (SOCs) exist to deliver sustained monitoring and response capabilities. Staff members are a core pillar of this mission. Each SOC should have clearly articulated roles and levels for its personnel. This helps to establish fair practices for hiring, training, promotion, compensation and performance expectations.
The oil and gas industry’s global supply chain uses a vast array of information technology (IT) and operational technology (OT) systems. These systems require constant cybersecurity protection to ensure energy flows efficiently and productively around the world to meet global needs. Hackers know that IT and OT systems are often interdependent and closely linked. In fact, the recent Colonial Pipeline attack resulted from the successful breach of Colonial’s IT network.
The TellYouThePass ransomware family was recently reported as a post-exploitation malicious payload used in conjunction with a remote code execution vulnerability in Apache Log4j library, dubbed Log4Shell. TellYouThePass was first reported in early 2019 as a financially motivated ransomware designed to encrypt files and demand payment for restoring them. Targeting both Windows and Linux systems, TellYouThePass ransomware re-emerged in mid-December 2021 along with other ransomware like Khonsari.
First reported by The Record, the FBI has issued a new security Flash Alert warning organizations that the cybercrime gang FIN7 is again sending malicious USB drives to U.S. business targets in the transportation, insurance and defense industries through the U.S. Postal Service and United Parcel Service. This latest wave of attacks began in August 2021 with FIN7, which is also known as Carbanak Group and Navigator Group. The drives can be recognized by the LilyGo label on the case.
For the next interview in our series speaking to technology and IT leaders around the world, we’ve welcomed Co-chair of Cybersecurity, Data Protection & Privacy at Clark Hill, Jeffrey R. Wells to share his views on the state of cybersecurity today.
I was logging into one of my favorite online shopping sites the other day, and, as with all my other sites, I was presented with the multi-factor authentication prompt to complete the login process. Anyone who knows me, knows that I have been a long-time supporter of multi-factor, or 2-step verification of any kind.
Several layers of protection guard the data you store in 1Password, but is it enough to defend against cyberattacks like credential stuffing?
Code Dx was recognized for its leadership in application security development. Learn how Code Dx helps to build trust in your software. Synopsys is proud to announce that Code Dx® has won the 2021 CybersecAsia Reader’s Choice Award for Best in Application Development Security.
URLs have forever changed the way we interact with computers. Conceptualized in 1992 and defined in 1994, the Uniform Resource Locator (URL) continues to be a critical component of the internet, allowing people to navigate the web via descriptive, human-understandable addresses. But with the need for human readability came the need for breaking them into machine-usable components; this is handled with URL parsers.
Software composition analysis (SCA) tools provide automated visibility throughout the software development life cycle (SDLC) for more efficient risk management, security, and license compliance. As organizations accelerate their digital initiatives, they rely on development teams both internally and externally to build the applications that will help them move forward. But applications are also a popular target for criminals.
In this second of a five-part series of posts on why strong vulnerability management is so vital for cybersecurity programs, we look at the need for effective vulnerability management in the healthcare sector. Like financial services, healthcare is a highly-regulated industry and it’s also among the most common targets of cybercriminals.
By 2025, there will be more than 100 zettabytes of data stored in the cloud – that’s a lot of data! With more applications needing to process a significant amount of data in real-time, there is a shift in demand for distributed cloud and edge computing. Fortunately, the distributed cloud brings many impressive benefits to organizations – generating immense cost savings, greater scalability, and reaching resource-intensive business demands.
Everyone’s development is different, it stands to reason everyone’s perfect security toolkit will also be different. But finding the right tools to suit your project, and making the most out of those tools shouldn’t have to be a headache. In the field of application security, there are literally thousands of security tools to choose from that may help the development, security and longevity of your projects.
As a thorn in the side of marketing teams of all sizes, awareness of ad fraud has grown in recent years due to the sheer amount of money it can cost advertisers. In one famous case, Uber discovered fraudulent app installs attributed to its ads had cost the company $100 million. But it’s not just overtly malicious activity like ad fraud that marketing budget-setters need to be concerned about. Marketers must be aware of the potential damage bots of all kinds can do, intentionally or otherwise.
Nowadays, malware used to have several stages before it fully compromised the targeted host or machine. The very well-known initial stager is the “phishing email” that contains a malicious macro code or malicious URL link that will download either the actual loader or the next stager to download the actual payload.
As a major financial hub in Asia and globally, Singapore is very aware of the challenges facing the financial industry, especially the accelerated digital transformation that stemmed from the COVID-19 pandemic. In response to the sector’s increased exposure to cloud technology, the Monetary Authority of Singapore (MAS) has released a guideline to address cybersecurity risks associated with the adoption of public clouds.
Traditionally, most organizations have had siloed departments wherein teams’ activities are highly separated and the objectives within organizational structures are divided. This operational methodology has brought about friction – especially within the IT department, where developers and ITOps lack collaboration.
The past two years have brought about significant disruptions to global supply chains. Recent headlines have focused on labor shortages and their impact on everything from product production to shipping delays. However, another, more significant supply chain issue should be top of mind for every organization: supply chain attacks.
Aaron McCray, Ignyte’s Chief Operating Officer, is giving a brief overview of the changes to CMMC 2.0, and more specifically its Practice levels vs Maturity levels in the video below. Aaron is a commercial risk management leader by trade and a Commander in the U.S. Navy Reserves.
Companies today face increasing pressure to implement strong cybersecurity controls. While the U.S. has no comprehensive cybersecurity law, many organizations still fall under state, international, or industry regulations. Two of the most prominent controlling publications are the General Data Protection Regulation (GDPR), and the ISO 27701 standard. One has the force of law, and the other is a guiding framework, respectively. Both of these documents apply to an increasing number of businesses.
One of the biggest problems with the IT / OT convergence in critical infrastructure is that much of the legacy hardware cannot simply be patched to an acceptable compliance level. Recently, Sean Tufts, the practice director for Industrial Control Systems (ICS) and Internet of Things (IoT) security at Optiv, offered his perspectives on where the industry has been, where it is going, and some of the progress being made to secure critical infrastructure.
Phishing emails are a serious problem for both businesses and consumers. Phishers use phishing emails to steal users’ personal information, like usernames, passwords, credit card numbers, social security numbers and other sensitive data.
On January 8, 2022, the open source maintainer of the wildly popular npm package colors, published email@example.com and firstname.lastname@example.org in which they intentionally introduced an offending commit that adds an infinite loop to the source code. The infinite loop is triggered and executed immediately upon initialization of the package’s source code, and would result in a Denial of Service (DoS) to any Node.js server using it.
Domain hijacking is the act of domain name theft. It can happen to individuals or organisations and it’s increasing in frequency. The name may be hijacked by someone else who passes themselves off as you, tricks your domain registrar into transferring your domain to them, or hacks into your account (sometimes through phishing) and transfers it themselves.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. What a start to 2022…. I happened to be on Twitter New Year’s Day and spotted a flurry of tweets about MS Exchange. Digging deeper it looks like a lot were firefighting a serious bug.
Earlier this week, the FTC issued a warning to companies regarding the Log4j vulnerability. Given the rampant exploitation of the recently discovered vulnerabilities in this ubiquitous open source logging package, it’s encouraging to see the agency take this rare step, beginning to form a firm stance on software supply chain security. Although this increased scrutiny from the FTC may at first seem daunting, violations can be remediated with the right practices.
For the newest instalment in our series of interviews asking leading technology specialists about their achievements in their field, we’ve welcomed Kathleen Moriarty, Chief Technology Officer at the Center for Internet Security. During her tenure in the Dell EMC Office of the CTO, Kathleen had the honour of being appointed and serving two terms as the Internet Engineering Task Force (IETF) Security Area Director and as a member of the Internet Engineering Steering Group from March 2014-2018.
As organizations look to take their 2022 security concerns head-on, they need to create resilient cybersecurity programs that help them make smarter, faster, informed decisions. In our recent webinar, I had the pleasure of chatting with security professionals Mike Wilkes from SecurityScorecard, Scott Fuller from Access Health, and John Beal from St. Charles Health. They discuss the challenges they face and how their security plans for 2022 to mitigate risk across their entire ecosystem.
Creativity can be fickle. One day, your brain is full of bright ideas you’re keen to jot down, develop, and share with others. The next day, you have nothing. Zilch. Not even a flicker of an idea. You suddenly feel like a world-class restaurant that’s run out of ingredients.
Security researchers say they have seen a “massive wave” of malicious hackers exploiting the comment feature in Google Docs to spread malicious content into the inboxes of unsuspecting targeted users. According to a blog post published by Avanan, the comments functionality of Google Docs, as well as its fellow Google Workplace web-based applications Google Sheets and Google Slides, is being exploited to send out malicious links.
It should come as little surprise that when enterprise and IT leaders turned their attention to the cloud, so did attackers. Unfortunately, the security capabilities of enterprises have not always kept up with the threat landscape. Poor visibility, management challenges and misconfigurations combine with other security and compliance issues to make protecting cloud environments a complex endeavor.
One way to enhance SSH login security is by using two-factor authentication (2FA). This approach forces an administrator to self-identify with an additional security verification in addition to the local admin credentials. This tutorial guides you through setting up Google Authenticator PAM to enable 2FA for users connecting to SSH on a Linux server. We’ll use nano as our editor in examples.
Things tend to slow down for many businesses at the end of the year. As the holidays roll in and employees take time off with their families, December is generally a time to take stock of what transpired over the year and start looking ahead to the next one. Unfortunately, that’s not how cybercriminals operate.
As one large, global financial institution prepared for employees to return to the office, its IT team identified a significant issue with the company's more than 8,000 access switches. The switches in question were used to provide connectivity to IP Phones – a crucial part of people's work across virtually all areas of the company.
DevOps and Security. One encourages speed, agility, iterative learning, enabling technology to keep up with the pace of business. The other wants to keep you safe, slows things down, crosses all the T's and dots all the I's. They seem to be at odds with one another — but do they need to be? DevSecOps says no, that’s not the way it has to be.
With just about everything delivered from the cloud these days, employees can now collaborate and access what they need from anywhere and on any device. While this newfound flexibility has changed the way we think about productivity, it has also created new cybersecurity challenges for organizations. Historically, enterprise data was stored inside data centers and guarded by perimeter-based security tools.
This blog was written by an independent guest blogger. Online transactions are essential for every modern business. From online shopping to banking, transferring funds, and sending invoices, online transactions ensure utter convenience and efficiency. However, the familiarity of making financial transactions online can make people forget about security and all the dangers that they may be facing. On top of that, new cybersecurity threats keep popping up constantly.
SSH client configuration files allow us to connect to servers with pre-configured commands. This saves typing each SSH command parameter when logging into a remote machine and executing commands on a remote device. This article will examine secure shell (SSH) client configuration (config) files and their functions. Specifically, we will show an example of an SSH client config file to learn how to use these files before creating an example config file that connects to a fictitious server.
For many organizations, cybersecurity is an overwhelming challenge. New threats emerge seemingly in the blink of an eye, and IT and security teams are constantly reacting to the moves of bad actors who always remain one or two steps ahead and get to dictate where and when their attacks are carried out. As you might expect, a reactionary approach to cybersecurity is not ideal. It’s typically borne of necessity due to undermanned teams or inadequate resources.
In recent blogs, we’ve explored the role of Security Service Edge (SSE) technologies as part of a SASE architecture, and the key differences between SSE and SASE. But so far, we’ve focused more on overall functionality than on its realization and what SSE means from a cloud design and implementation perspective. In this post, we shift gears to put a spotlight on networking and infrastructure as it relates to security clouds.
Most organizations use at least some (and perhaps many) external vendors in their daily operations, sometimes even to provide mission-critical services or supplies; we’ve discussed them before as third-party vendors and the risks they bring. Indeed, most businesses today already consider third-party risk management in their overall cybersecurity protocols.
Amazon Web Services (AWS) is a cloud platform designed to meet the growing demand for cloud computing worldwide. AWS provides a set of cloud services such as storage, analytics, blockchain, business applications, security, and machine learning. Within this cloud environment is Amazon Simple Storage Services (S3), a cloud storage solution bringing scalability, data availability, security, and performance to companies of any size through so-called “buckets” or data containers.
The need for strong cybersecurity has reached critical mass. Seventy-six percent of security leaders have reported an increase in cyber-attacks over the past year -- accelerated by the COVID-19 pandemic and a rapid shift from an in-office to a remote workforce and on-premises to cloud infrastructure.
The CloudCasa elves has been busy in their workshop for the past few months, and in December we delivered a stocking full of brand-new Kubernetes data protection goodies just in time for the holidays!
Whether organizations call it digital transformation or just using technology to create opportunities for new, easier ways to work, one thing is certain. Businesses increasingly need to find simpler ways to securely build and manage new kinds of connections that support an era of: This is exactly the drive behind the latest collaboration between the cybersecurity and networking experts at AT&T and Cisco.
No-one wants to feel burned out at work. Battling physical or emotional exhaustion can quickly impact your health, happiness, and any sense of professional fulfillment. That in turn can affect your productivity and the likelihood that you’ll make an honest mistake that puts your company’s data at risk.
In October 2021, the IT systems of the Israeli healthcare system suffered a ransomware attack from which it took weeks to recover. Although the motive for the cyberattack on this occasion was not geopolitical but financial, government sources said they feared that far more dangerous incidents against this sector could be carried out by groups linked to foreign powers such as Iran.
Microsoft Azure is a great choice for enterprises looking to quickly build and deploy apps to the cloud. However, cloud teams must simultaneously consider how to implement DevSecOps practices to reduce, manage and avoid risks. Sysdig is collaborating with Microsoft to simplify cloud and container security and deliver robust SaaS-based solutions for the Azure ecosystem.
Last month, on December 8, we hosted a webinar alongside Bluecore CISO Brent Lassi to discuss data security risks facing high-growth organizations like his on SaaS systems like Slack. With 2022 just beginning, we wanted to share 5 important lessons about Slack and SaaS security that are worth keeping in mind this year.
As 2022 begins, it’s a great time to set resolutions for the coming year. Don’t worry, we don’t expect you to become a CrossFit guru or break world records on your Peloton. Instead, how about you set goals to improve your abilities as a secure developer? All too often, we choose resolutions that set ourselves up for failure. A better approach is to set realistic goals.
Without trust there is nothing. So, while the IoT is changing many parts of the digital transformation landscape, real trust is often the missing component for businesses to fully embrace the technology. How can we be sure that the temperature gauge was working and calibrated? Was it really in the location it said it was and was the limit the actual limit?
Strictly following security best practices is the first step to cybersecurity. Although SSH is the industry standard for both security and efficacy for remote server access, as with any software, SSH is only as secure as configurations applied to the server and client configurations. In this article, we’ll explore five SSH best practices you should observe to boost the security of your infrastructure.
The 2022 new year is here! That means it’s time to bid farewell to the winter of 2021. At the same time, looking at security trends can give us insight into the future. Last year was a record-breaking year for data breaches. According to the Identity Theft Resource Center (ITRC), the number of publicly reported 2021 breaches in the first three quarters of this year exceeded the total number of incidents in the entirety of 2020.
If you find yourself baffled by the influx of events and newly discovered vulnerabilities affecting the popular Apache Log4j Java logging library, this post is for you. This post aims to survey the entire flow of events since the first discovery of CVE-2021-44228, AKA Log4Shell, to the present date, explain the important aspects of each related vulnerability, as well as provide practical remediation and mitigation advice.
Mobile application security testing (MAST) covers a wide range of topics, including authentication, authorization, data security, session management, and vulnerabilities for hacking. The mobile AST market is made up of buyers and sellers of products that identify vulnerabilities and apps used with mobile platforms during or post-development.
This won’t come as a surprise to anyone who’s spoken to me for more than five minutes, but I am a Doctor Who fan. In fact, “fan” is being kind. I’m hopelessly obsessed with the show to the point that more than one ‘Who’ actor has a restraining order out on me.
On December 16, Prime Minister Justin Trudeau released mandate letters tasking his ministers of national defense, foreign affairs, public safety, and industry to develop a new “National Cyber Security Strategy.” He specifically highlighted the need for the strategy to “articulate Canada’s long-term strategy to protect our national security and economy, deter cyber threat actors, and promote norms-based international behavior in cyberspace,” as quoted by Global News.
If you attended SnykCon 2021, you may remember our inaugural CTF: Fetch the Flag. In this CTF, TopLang was a web challenge of medium difficulty that we received a lot of positive feedback about. So for those of you that loved it, this write-up explains how our team internally approached tackling and solving this challenge. This challenge was a pretty typical example of what is known as an “oracle attack” using blind SQL injection.
I spent part of the summer helping my mother recover from a major surgery. During our time together, she asked: “What is it your company does again?” So I explained: “We help manage digital identities. For example, if your healthcare system used ForgeRock, you could login to the website and see your records and medications from your surgeon, your GI specialist, your general practitioner, your physical therapist and more.
This blog was written by an independent guest blogger. Technology in healthcare has the potential to make all the difference in terms of safety outcomes. Right now, modern tech is pushing the envelope of what is possible in the doctor’s office and the patient’s home, as telehealth and artificial intelligence transform the landscape of medical care. But technology isn’t always safe.
Audit logging for SSH is essential for system security, and it’s often an important part of compliance regulations. Developers and administrators should only be granted access to the resources they need, and a continuous monitoring system should be in place to ensure that they aren’t abusing that access.
Today, I am excited and proud to announce that Siemplify has been acquired by Google. This marks an important milestone in the Siemplify journey. When co-founders Alon Cohen and Garry Fatakhov and I started Siemplify in 2015, we all knew, from our experience building and training security operations centers from around the world, that security operations was a function in dire need of innovation.
Evidence continues to mount that it isn’t a matter of if, but when and how an organization will be attacked. So, we are seeing Security Operations Centers (SOCs) narrow the focus of their mission to become detection and response organizations. As they look to address additional use cases, including threat detection and monitoring, investigation, incident response and hunting, data becomes incredibly more important.
President Biden’s Executive Order 14028 to improve the nation’s cybersecurity and protect federal government networks, was released more than half a year ago. At the time, one of the most exciting aspects about it was the multiple uses of the term “zero trust,” as Netskope discussed in a blog at the time. However, it’s clear that federal agencies are still working out the specifics of how to actually approach implementing zero trust.
Development teams are frequently under the gun to deliver software quickly, which is difficult to do without modern tools to build, test, and deploy applications efficiently. That’s why Atlassian’s Bitbucket Cloud — a Git-based source code repository service in the cloud that streamlines software development for collaborative teams — was built for both speed and effi