Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Blogs

What Is RBAC? Examples, Benefits and Implementation

Access control is a key component of security programs, since it regulates who or what can access data and resources within an organization’s systems. Granting access only to authorized users prevents data breaches and malicious attacks and is a good way to practice the security principle of least privilege. This article focuses on RBAC, a type of access control, and its benefits and implementation.

How to Find Arbitrary Code Execution Vulnerabilities with Fuzzing

Remember Log4j? Arbitrary code execution bugs are more common than you think, even in memory-safe languages, like Java. Learn how to find these vulnerabilities with fuzzing. Arbitrary code execution vulnerabilities represent one of the most dangerous classes of vulnerabilities in Java applications. Incidents such as Log4Shell clearly demonstrate the impact of these security issues, even in memory-safe languages. They also show that fuzzing can be very effective in finding these vulnerabilities.

Phishing May Have Preceded Data Breach Exposing Personal Information of Over 2.5 Million People

In late August, a technology provider that offers student loan account management and payment services submitted a breach notice indicating that a compromise detected on July 22 exposed 2.5 million individuals’ data, including their names, contact information, and social security numbers. At present, neither the breach notice nor subsequent reporting have provided detailed insights into the nature of the breach, noting only that it likely began in June and continued until July 22.

Choosing Secure Container Images: Secure Cloud-native Development Series

When it comes to building secure cloud-native applications, the baseline is choosing a secure container image. Docker defines a container as “a standard unit of software that packages up code and all its dependencies, so the application runs quickly and reliably from one computing environment to another.” The problem is, they’re often a pain point for many developers.

Holistic Cybersecurity for Government IT/IoT/OT Converged Networks

Government agencies rely on IoT and OT devices to carry out their missions and manage everything from security cameras and personal identity verification (PIV) card readers that monitor and control access to facilities and data, to environmental controls that improve comfort, safety and efficiency. Data centers couldn’t operate around the clock without tightly controlled air conditioning, electricity and other physical infrastructure, much of which relies on IoT.

4 tips to achieve Data Compliance

Data compliance is a crucial and essential factor in organizations that should be carefully followed for data management. Data compliance is more than maintaining relevant standards and regulations and ensuring that the data is secured. The substantial amount of data that is processed and used in organizations must be managed properly. All phases of data access, usage, modification, and storage should be governed by correct policies, protocols, and standards.

The State of Security: Poland

Poland is getting ready for the upcoming Presidential elections in August 2023 amidst a turbulent geopolitical and economic environment. The war in Ukraine has placed the country in the epicenter of the events, becoming home to more than 3.5 million refugees. The unprecedented energy crisis with prices soaring every day threaten to destabilize local economy. Besides those two important factors, cyber threats are also shaping the future of Poland.

Ingesting CrowdStrike Falcon Platform Data into Falcon Long Term Repository

Threat hunters and security teams need more data about the IT environment to add context to their investigations. To add that additional information to your Falcon environment, Falcon Data Replicator (FDR) gives you a way to pull raw event data from the CrowdStrike Falcon® platform. Now, customers can ingest, transform and analyze the data as part of their standard process.

End-to-End API Security

Doing security properly for application programming interfaces (APIs) is a process that goes well beyond security. It’s also about IT operational and architectural issues that drive security outcomes. To be successful, API security must be viewed as an end-to-end process covering the full software lifecycle. It starts with development but continues through runtime and end-of-life.