Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Let's be honest – nobody likes security questionnaires. To vendors, they're irritating workflow interruptions, always seeming to arrive at the most inconvenient times. To businesses, they mark the first stage of a long, drawn-out process where vendors need to be continuously pestered to complete them. In this post, we outline three proven strategies for streamlining the security questionnaire process to eliminate stress for both the businesses that send them and the vendors receiving them.

Vendor security questionnaires accurately evaluate a third-party supplier’s attack surface, but only if they’re utilized intelligently. The quality, and therefore, accuracy, of questionnaires rapidly deteriorates when they become excessively lengthy, one-size-fits-all templates bloated with jargon. In this post, we suggest x actions for improving the accuracy of your security questionnaires and the overall efficiency of your security questionnaire process.

Social media is designed of course to connect, but legitimate modes of doing so can be abused. One such case of abuse that’s currently running involves Linktree, a kind of meta-medium for social media users with many accounts. If you’re unfamiliar with Linktree, which, we stress, is a legitimate service, here’s how the company describes what it will let you do.

A FBI bulletin highlights a new twist in the sextortion game: companies claiming to assist with addressing sextortion who use deceptive social engineering tactics to coerce victims into paying huge fees.

Security teams today need to analyze vast amounts of data from various sources, including endpoints, cloud, applications, and user activity, just to mention a few. At the same time, adversary activity is also on the rise and the threat landscape is becoming more and more complex every day. Further exacerbating the situation, security teams are strapped for resources and unable to analyze the enormous amounts of data and security alerts they receive in real time.

This blog post covers creating, storing, and using secrets in Kubernetes, encryption, RBAC, and auditing. It introduces Kubernetes External Secrets and best practices to enhance security. Let's dive in!

Twitter’s recent decision to turn off SMS two-factor authentication (2FA) for non-Twitter Blue users created a stir. While media and tech pundits questioned the company’s motives, many users complained of losing a universal security measure behind a paywall.

Since the inception of the internet and the World Wide Web (WWW), HTML has been a fundamental part of digital communication, enabling document exchange services between various devices on the network. Developed by Tim Berners-Lee, the father of the WWW, in 1993, the markup language is still used to display documents on web browsers today.

The Splunk Threat Research Team (STRT) continues to analyze and produce content related to the ongoing geopolitical conflict in eastern Europe where new variances of destructive payloads are being released, targeting government and civilian infrastructure. The sole purpose of these destructive payloads is to decimate infrastructure; there is no ransom or alternative presented, and they need to be addressed as soon as they are detected.