In our last release of the PowerShell security series, we talked about how PowerShell could be leveraged by malicious actors to gain unprecedented access to your organization’s critical assets. From enumerating sensitive domain information and carrying out credential-based attacks to running malicious executables in memory (file-less malware), we shined a light on the potential of PowerShell and why it’s an ideal weapon for cyber attackers today.

API has become one of those catch-all terms that developers throw around without really considering the context. On any given week, you will come across discussions like "How to use the Twitter API", "New framework X is great because it has a low API surface", and "Best practices for building an API." Is an API a data source? Is it a service? Is it a way to call native functionality? The truth is, in modern software development it can mean any of these things.

Your application is running smoothly. Tests have passed. Suddenly you start to see 429 error responses from an API. As the name implies, you have made too many requests and your application has been rate limited. The 429 (Too Many Requests) error is an HTTP status code that often occurs when you've hit a request limitation of an API.

The climb is getting steeper, but thanks to hard work, vision and insight are much keener. At ML:4, all assets are scanned by a combination of agent and remote scans on a normal cadence. This will generate a lot of data dictated by threat and patch priority. Thousands of new vulnerabilities are released each year, and no company or product can detect all of them. Organizations must prioritize their coverage of vulnerabilities that they determine will have the biggest impact.

If you want to become a digital forensic expert, be aware that when entering the field, you will be presented with an abundance of information that you will not know. It is a wonderfully challenging career path. Some believe that having the title of a cybersecurity professional (e.g. digital forensics expert, cybersecurity analyst, incident response commander, etc.) means that this is an area where the field of knowledge is intimidating because it’s so expansive.

This blog post is one in an occasional series about how we at Elastic embrace our own technology. The Elastic InfoSec team is responsible for securing Elastic and responding to threats. We use our products everywhere we can — and for more than just logs. By harnessing the power and breadth of capabilities of the Elastic Stack, we are working on tracking risk and performance metrics, threat intelligence, our control framework, and control conformance information within Elastic.

Out of the box, Node.js offers the http library for making requests, but it isn't particularly user friendly and requires some customization before it can be easily used. As a result, a large ecosystem of third-party libraries have emerged to make AJAX and HTTP requests easier. Some offer cross-platform (browser and Node.js) support, while others focus on bundle size or developer experience. With some many options, how do you choose?

Historically, common detection methods have used file hashes (MD5, SHA1, and SHA256)—unique signatures based on the entire contents of the file—to identify malware. Modern threat actors have increased in sophistication to a point where every instance of a given malware will have a different hash, and that hash will vary from machine to machine.

As part of digital transformation, the adoption of a wide range of devices for work is on the rise. A unified endpoint management (UEM) solution is capable of enforcing management policies and configurations, as well as securing endpoints. In a previous blog, we reviewed the capabilities of a good UEM solution. In this instalment, we look at UEM security features.

Post-exploitation can be one of the most time-consuming but worthwhile tasks that an offensive security professional engages in. Fundamentally, it is where you are able to demonstrate what an adversary may do if they compromise a business. A big component of this is trying to get as far as you can without alerting the defenders to what you’re doing.

Javascript's built in Error provides useful information, but can often feel lacking in clarity. One-size-fits-all is great for the language, but we can do better in our own apps. That's where custom errors come in.

The California Consumer Protection (CCPA) act took effect on January 1, 2020, and companies across the globe are scrambling to get their act together to avoid non-compliance penalties. Although enforcement of the CCPA doesn’t officially begin until July 2020, the California Attorney General’s office will still be able to penalize violations that occurred between implementation on January 1 and official enforcement in July.

Working on the web means coming into contact with HTTP responses. Whether you spend your time primarily on the client or on the server, you're likely familiar with the popular ones like 200, 404, and 500. While memorizing all the codes using cat memes as a mnemonic can be helpful, let's dive deeper into what some of the most common codes mean.

What is cyber resilience? If you search the definition within the Oxford Dictionary, resilience alone is defined as “the capacity to recover quickly from difficulties; toughness.” If you narrow the definition down to cyber resilience, it shifts to maintaining vs recovery. As noted on Wikipedia, it becomes “the ability to provide and maintain an acceptable level of service in the face of faults and challenges to normal operation.”

A few years ago, I myself was vished, or ‘phished,’ over the phone. The caller was someone, likely offshore in a call center, who had done a little bit of research online to find my name, my phone number, my wireless phone carrier and a few other details that they used to build rapport with me on the phone. Spoofing the customer service phone number of my wireless service provider, they called me and claimed that a credit was being added to my bill.

In an early January post by Mohamed Dabo of Cards International, the CEO of INETCO and the Director of Barclaycard Payment Solutions shared their views on key payment fraud and security issues that will dominate the payments landscape in 2020. Both alluded to the delicate balance between delivering an amazing customer experience, meeting compliance such as the Strong Customer Authentication (SCA) legislation, and trying to keep one step ahead of the fraudsters.

Welcome to Part 2 in our series on building your own circuit breaker in Node.js. In Part 1, Building a Circuit Breaker in Node.js, we built a starter version that handles the core states of a circuit breaker. In this article, we will add configurability, manual overrides, and fallback request support. You can find the complete code for each example here.

Trouble choosing an HTTP client for your Ruby project? We've got you covered. To help with the decision making, here is a list of the most popular and interesting libraries in the space. We've also included examples of making a request in each, and some reasons each library might be of interest to you and your project.

I think we all know what log management is. As discussed in a 2017 article for The State of Security, log management is about systematically orchestrating the system and network logs collected by the organization. That being said, there’s still some confusion surrounding why an enterprise would want to collect log data in the first place. There are two primary drivers for an enterprise to collect log data. These are security and compliance.

Today, we have sent out our monthly newsletter with a short recap of the latest updates on Bearer.sh. Here's an abstract of what we shared - if you haven't joined the newsletter yet, subscribe at the end of this article.

Cyberattacks are a growing threat, and organizations are investing time and money in security strategies to make certain that their infrastructures are secure. Active Directory (AD) is a constant target for compromise, as it’s at the core of any organization’s security — it handles authentication and authorization for all users in an organization.

Threats against industrial environments are on the rise. Near the beginning of 2019, for example, Kaspersky Lab revealed that 47% of industrial control system (ICS) computers on which its software was installed suffered a malware infection in the past year. That was three percent higher than the previous year.