Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

It’s well known that there’s a pervasive cybersecurity skills shortage. The problem has multiple ramifications. Current cybersecurity teams often deal with consistently heavy workloads and don’t have time to deal with all issues appropriately. The skills shortage also means people who need cybersecurity talent may find it takes much longer than expected to find qualified candidates. Most people agree there’s no single way to address the issue and no fast fix.

Earlier this month, the United Nations (U.N.) released its latest Global Assessment Report on Disaster Risk Reduction (GAR2022). For those of us who assess risk for a living, it is a sobering read.

Ethical hacking is a field within cybersecurity where security experts assume the role of an unauthorized user and attempt to gain access to a private network or computer. These exercises aim to help targets identify any security vulnerabilities that could be exploited in a real cyberattack. Cybersecurity professionals utilize non-invasive methods, such as risk assessments, audits, and security questionnaires, to discover security risks.

Trustwave Managed Detection and Response (MDR) is one of the most important cybersecurity offerings available in the market today, it’s also the reason why Trustwave is rolling out two new levels of service that will enable Trustwave and our business partners fortify the security posture of any business, regardless of size.

In a certificate-based authentication, a user or machine proves their identity to the servers and networks with a certificate that is digitally signed by a certificate authority, a trusted centralized entity responsible for issuing and managing certificates. Many popular servers support certificate-based authentication, but people often opt-in for a password or key-based authentication to avoid certificate management overhead.

Running penetration tests of a mature web application is always a great challenge. Systems are usually well hardened, and scanners fall short of flagging anything interesting, requiring an experienced security engineer to identify vulnerabilities using advanced exploitation methods. On the other side, some applications are going for their first release ever or release after a major code change.

The supply chain for organizations has become increasingly susceptible to unplanned cybersecurity interruptions that negatively impact revenue, inventory, and consumer confidence. As a result, there has been an increasing focus on understanding how critical services are delivered, the reliance on third parties and fourth parties, and key risk controls that can be implemented to mitigate the risk of cyber security incidents.

Grooming techniques used in various frauds are getting more common and more elaborate. Fraudsters are coming up with narratives that involve complicated lies and may have different stages, depending on the type of fraud. Often, different actors are brought into the story. These actors also lie to the victim, in order to support the narrative. The purpose of expanding the fraud in this way is to groom the victim to dismiss their doubts or concerns and comply with requests.

Two packages of well-known origin were found exfiltrating Windows SAM and SYSTEM files, apparently as part of internal security research rather than a targeted dependency confusion attack. On June 6th, 2022, the Mend research team used Supply Chain Defender to detect and flag two malicious packages from the same author that contained identical code. We alerted npm and the packages were removed within three hours of publication.

Rubrik was built on a foundation of Zero Trust architecture. The National Institute of Standards and Technology (NIST) is a United States federal agency that works with organizations of all sizes to help them implement cybersecurity best practices.