Meet the hacker europa, a white hat hacker on the Detectify Crowdsource platform. He is based in Italy with a great passion for infosec and relatively new to the bug bounty scene, but seasoned in infosec. We asked him about the kind of bugs he likes to find, why he joined Crowdsource and how persistence helped him turn a duplicate finding into a bug with 8 different bypasses.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Looks like 2019 starts as busy as the previous year ended, breaches and failures all around. Let’s start with a pretty dumb but not uncommon issue – someone entering the wrong email address. How bad can that go?

Developed by Lockheed Martin, the Cyber Kill Chain® (CKC) framework is part of the Intelligence Driven Defense® model for the identification and prevention of cyber intrusions activity. The model identifies what adversaries must complete in order to achieve their objective.

We are pleased to announce the release of the ionCube24 app for iOS and Android! With it, you can access ionCube24 wherever you are and monitor your site for performance and security issues. This is a big step forward for ionCube24 giving you ease of access for monitoring your website wherever you are. With notifications and in-app management options you can be aware of issues immediately and act fast. Take a look below to see what the ionCube24 app can do.

In this latest SnapSecChat video series, our CSO, George Gerchow, talks about the imperative for building the next-gen security operations center (SOC) of the future. Why? Because today’s IT landscape is becoming increasingly complex and cloud-based.

With 2018 in the rear-view mirror, the information security industry is now fully invested in 2019. The new year will no doubt present its fair share of challenging digital security threats. But so too will the year enable infosec professionals to discuss shared difficulties at conferences and summits.

There’s nothing more impactful than a proactive cybersecurity strategy. What’s your preferred scenario: the one where you’re reeling from a lethal data breach with thousands of customer profiles compromised, or, the one where your team identified and diffused a problem before it had time to wreak havoc?

Is your CSIRT team facing too many security alerts? Is your SOC has various security products that are jumbled together? Are you worried about setting the sensitivity of each product? How a severity level should be assigned to each imminent incident? These questions are hard to answer by today’s security professionals. However, security orchestration plays a crucial role in helping experts to address these questions.

While automated tools often enable your compliance management system (CMS), the CMS is less a technology and more a corporate compliance program. A compliance management system looks like a series of policies, procedures, and processes governing all compliance efforts. However, as more companies embed technology across the enterprise and more compliance requirements focus on cybersecurity, information security integrates across the CMS.

Workplace investigations can be extremely tense and have high stakes. While every investigation will look a little different based on the nature of the company, HR team and incident, it’s important to have a clearly defined plan for investigating reports filed by employees. Here’s a step-by-step guide to conducting a timely, impartial and thorough workplace investigation.