Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Digital transformation has changed the way people make purchases. The growth of ecommerce has led to credit cards becoming one of the most widely used payment methods, but mismanagement could jeopardize the integrity and security of company and customer data.

The attack surface is where you can understand what you have exposed and whether you should take action on it. Previously, users couldn’t see which assets were vulnerable from the Attack Surface view – it was only possible to view vulnerable assets from the Vulnerabilities page, which required more time. Viewing vulnerabilities on the Attack Surface page will help you better prioritize which assets you need to take action on.

On July 5th, 2023, Progress Software released a security advisory for a new critical SQL injection vulnerability, CVE-2023-36934, among two other high severity vulnerabilities impacting the MOVEit Transfer web application. These vulnerabilities were responsibly disclosed to Progress Software by researchers at HackerOne and Trend Micro’s Zero Day Initiative.

Deception technology is a cybersecurity strategy that utilizes decoys to gather information about current threats and attack methodologies used by cybercriminals. The premise of this approach is to offer some sort of bait in your network, such as a fake database that looks like a legitimate one, that attackers will find too enticing to pass up.

Sysmon is a component of Microsoft’s Sysinternals Suite, a comprehensive set of tools for monitoring, managing and troubleshooting Windows operating systems. Version 13 of Sysmon introduced monitoring for two advanced malware tactics: process hollowing and herpaderping. This article explains what these tactics are, why they are so dangerous and how you can now detect them using Sysmon.

8Base ransomware activity spikes, China-linked Volt Typhoon APT uses novel tradecraft to gain initial access to target networks, and North Korean hacker group Andariel strikes with new EarlyRat malware.

Whether you are new to the world of IT or an experienced developer, you may have heard of the debugging concept of the 'programmer's rubber duck’. For the uninitiated, the basic concept is that by speaking to an inanimate object (e.g., a rubber duck) and explaining one’s code or the problem you are facing as if you were teaching it, you can solve whatever roadblock you’ve hit.

In this blog post, I will be talking about audit and compliance and how to implement it with Calico. Most IT organizations are asked to meet some standard of compliance, whether internal or industry-specific. However organizations are not always provided with the guidance to implement it. Furthermore, when guidance has been provided, it is usually applicable to a more traditional and static environment and doesn’t address the dynamic nature of Kubernetes.

In recent years, ChromeOS device usage among businesses has seen a significant uptick, particularly in its adoption across verticals, from schools to large enterprises. According to recent IDC research, 16% of North American organizations have ChromeOS devices1 and the percentage is only expected to increase. The success of ChromeOS devices like Chromebooks can be attributed to built-in security, simple management and premium performance.

Scanning containers’ images is not enough, pinpointing the CVEs that impact your security posture is key. Public images are a key component of the cloud-native ecosystem. Also known as container images, they are pre-built and publicly available software packages that contain all the necessary dependencies and configurations for an application to run in a containerized environment.