One type of employee fraud is timecard fraud. No matter the size of your organization, having dedicated, hard-working employees is essential to your bottom line, reputation and business goals.
With the majority of people using smartphones these days, texting is all but a given when trying to communicate with your friends or family. But what about your doctor? A recent study determined that 96 percent of physicians use text messaging for coordinating patient care. This can raise eyebrows and red flags.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Another week in to 2019 and it’s just not getting better is it? Some more pretty big breaches and the worst; companies that should know better apparently missing the mark.
Time to look back on the top AlienVault blogs of 2018! Here we go...
For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
Server Side Request Forgery (SSRF) is a type of attack that can be carried out to compromise a server. The exploitation of a SSRF vulnerability enables attackers to send requests made by the web application, often targeting internal systems behind a firewall.
A recently disclosed vulnerability in Kubernetes dashboard (CVE-2018-18264) exposes secrets to unauthenticated users. In this blog post we’ll explore some key takeaways regarding monitoring privilege escalation on Kubernetes.
This week Reddit locked down some user accounts after detecting unusual activity on those accounts. The lockout occurred as a result of Reddit’s security team investigating attempts to log into users’ accounts through a credential stuffing attack. In a post published by Reddit, the company claims the issue stems from users’ use of simple passwords or the reuse of credentials across multiple website and services.
The first step to cybersecurity compliance lies in creating controls. Nearly every standard or regulation requires you to establish policies, procedures, and protocols. However, the adage holds: “actions speak louder than words.” Ensuring that everyone within the organization complies with policies and procedures can sometimes be a more formidable process than creating them.
Gartner just released their 2018 Magic Quadrant for Security Information and Event Management (SIEM), which we’re once again excited to be part of!
