Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On today's episode we cover a pair of alerts from the Cybersecurity Infrastructure and Security Agency (CISA), one detailing the tools, tactics and procedures from a prolific ransomware organization and another walking through a recent incident response engagement CISA completed with a federal agency. Before that though, we learn about what happens when you use a software component that hasn't received updates in 17 years.

In this video, we'll not only look at how to install and run Teleport 11 on a Linux Server, but also how to use Teleport to configure access to resources.

As the volume of threats continues to climb, your organization needs to focus on building a solid, proactive cybersecurity strategy. ManageEngine's solutions for identity and access management (IAM), security information and event management (SIEM), endpoint security, network security, and data security will help you proactively identify threats and drastically reduce your vulnerability to attacks.

Victor Marginean from Argus Cyber Security will speak about the importance of end-to-end security verification, including fuzzing on SW and real interfaces. He will present how this can be used as a pillar integrated as part of the CI/CD and how it can also be monitored from the Vehicle Security Operating Centers used by OEMs. Victor presented this talk at FuzzCon Europe - Automotive Edition 2022. Learn more about this and more talks at fuzzcon.eu.

In their talk, René Palige and Rosemary Joshy from Continental will share some insights on how they utilized fuzzing to improve overall software quality and how this can be integrated into existing verification and validation processes. They will further describe some of their experiences while applying coverage-guided fuzzing in ongoing automotive projects, what challenges they faced and how they overcame them.

In this talk, Andreas Weichslgartner from CARIAD will show how contemporary software engineering can help to write more secure code and detect vulnerabilities already during development. He will revisit historical vulnerabilities in the automotive space and take a look at common classes of bugs present in embedded software. Using these examples, he will show how modern programming language evolution and tooling can tackle and prevent these issues.

All organizations should have access to the skills needed to detect and contain threats. But typically, only the very largest enterprises can afford the millions in annual staff and infrastructure investments required to maintain a 24x7 Security Operations Center.

How do you secure your Docker containers against the latest vulnerabilities? What tools help your containers stay secure from the #Dockerfile through the runtime? Where is scanning most effective in the container lifecycle? We compiled a short list of security best practices to keep your #containers safe and answer these questions.

In this video, you will learn how to generate Veracode API credentials in the Veracode Platform and configure an API credentials file for storing your API credentials on Windows. Veracode API credentials consist of an ID and secret key. You use these credentials to access the Veracode APIs and Veracode integrations. API ID and key authentication provides improved security and session management for accessing the APIs.

Datadog Application Security Management allows you to quickly detect and remediate meaningful attacks targeting your application. This demo shows you how Application Security Management can help you identify at-risk services, block authenticated bad actors, and view code-level vulnerabilities to take action fast.