From credential theft to network vulnerability exploitation and ransomware incidents on highly secure organizations, the year 2020 has been surprisingly rough on IT security. In the wake of the COVID-19 pandemic, companies around the world are reporting more cyberattacks than ever before, and although the techniques used or the method of attack may be new, the vectors of attack over the years remain unchanged.
It’s no secret: the number of security vulnerabilities organizations must contend with is overwhelming. According to a 2019 Risk Based Security report, there were 22,316 newly-discovered vulnerabilities last year. One Patch Tuesday disclosed a record number of 327 vulnerabilities in a single day. Just keeping up is becoming a monumental task. But knowing where and how your organization may be vulnerable is critical to maintaining a healthy security posture.
These vulnerabilities were observed to be critical in October 2020. Cyberint's Research Team recommends to patch and take the necessary steps immediately.
You’ve purchased a software composition analysis solution, and you’re excited to start scanning. Before you do, read our top tips for getting started with WhiteSource. Following some basic guidelines ensures your implementation gets off on the right foot.
Veracode’s Chris Wysopal and Chris Eng joined Enterprise Strategy Group (ESG) Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast, Graham Cluley, at Black Hat USA to unveil the findings from a new ESG research report, Modern Application Development Security.
The 2020 Devo SOC Performance ReportTM presents security professionals’ responses to a variety of survey questions related to people, processes, and technologies within their security operations center (SOC). One of the more interesting topics in the report is the role security automation technologies can play in improving SOC performance and alleviating analyst stress caused by overwork and performing repetitive, mind-numbing tasks, which can lead to analyst burnout.
As recent global health events have changed the world, the cybersecurity landscape has changed along with it. Almost all organizations — large or small — have seen their attack surface grow. For those unfamiliar with the term, an attack surface represents the sum total of all the ways in which a bad actor can exploit an endpoint or network to retrieve data. Every endpoint that connects to or communicates with the network is part of the network attack surface.
The Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security recently announced that activity in LokiBot, a form of aggressive malware, has increased dramatically over the last two months. The activity increase was discovered by an automated intrusion detection system referred to as EINSTEIN, which the Department of Homeland Security uses for collecting and analyzing security information across numerous government agencies.
25 minutes. That’s how long it took to bring high severity security vulnerabilities to Detectify Asset Monitoring customers from the moment they were discovered. On a more technical side, our Security Researchers, led by Tom Hudson, implemented a high priority vulnerability test to detect an Arbitrary File Read in VMware vCenter, and released it into production in this record time.
In this blog post we’ll cover how to set up an SSH jump server. We’ll cover two open source projects. Both of these servers are easy to install and configure, are free and open-source, and are single-binary Linux daemons. An SSH jump server is a regular Linux server, accessible from the Internet, which is used as a gateway to access other Linux machines on a private network using the SSH protocol.
