Coffee Talk with SURGe: 2023-10-31 SEC SolarWinds Complaint, Biden's Executive Order on AI

Grab a cup of coffee and join Mick Baccio, Ryan Kovar, and Audra Streetman for a spooky Halloween edition of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan also competed in a charity challenge benefitting World Central Kitchen to share the lessons learned from Cybersecurity Awareness Month.

Dmitriy Sokolovskiy: How SecOps teams can measure and communicate their ROI to senior leadership

In this episode of The Future of Security Operations podcast, Thomas interviews industry veteran Dmitriy Sokolovskiy. Dmitriy is a founding member of (ISC)2 Eastern Massachusetts Chapter, and has over 25 years of experience in the security industry, having led teams at Putnam Investments, CyberArk, and, most recently, Avid. He’s a mentor and advisor to several successful startups and sits on the advisory board of companies like Audience 1st.

NoEscape Ransomware, AvosLocker Ransomware, Retch Ransomware, S-H-O Ransomware and More: Hacker's Playbook Threat Coverage Round-up: October 31st, 2023

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including NoEscape ransomware, AvosLocker ransomware, and Retch ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

Apono - Okta Integration: Requesting temporary access to Okta groups

ICYMI: In the last video demo of @Okta + Apono, we showed you how to integrate your Okta resources with Apono through SCIM. (It’s super simple!) Once the integration is done, Okta users or group members can easily request temporary access to different cloud resources using our just-in-time capability. That includes temporary access to Okta group membership If you're managing your developer-on-duty, customer data access, or any other use case with Okta groups, you don’t want to miss out on this one.

The Comprehensive Web Application Security Checklist [with15 Best Practices]

Over 75% of all cybercrimes primarily target web applications and their vulnerabilities. Attackers focus on exploiting weaknesses such as design flaws, vulnerabilities in APIs, open-source code, third-party widget issues, and access control problems. A recent study predicts that all this cybercrime will cost a massive $5.2 trillion by 2024 across all industries. How do you protect your web application from all the risks out there? Here is a go-to web app security checklist to get started.

The Art of Team Building: Blueprints from the Black Hat NOC

It has been a distinct honor to be a part of the Corelight team that helped defend this year’s Black Hat events. I started the event season in the Network Operations Center (NOC) at Black Hat Asia, and then capped it off at Black Hat in Las Vegas. In this blog I’ll share my experience and learnings from participating in both NOCs.

Random but Memorable - Episode 11.7: Halloween Bug Hunting Tricks with Katie Paxton-Fear

How does it feel to find your first bug? What makes a good bug hunter? We get into all that and more with bug bounty hunter and face by the InsiderPhD YouTube channel, Katie Paxton-Fear. We also unpack the recent 23andMe data leak in Watchtower Weekly and share some fun and festive family-themed 1Password tricks in Did You Know?! 👨‍👩‍👧‍👦🎄 🏰 Watchtower Weekly 🎙 Guest Interview – Katie Paxton-Fear.

Build organizational resiliency with Microsoft's Chief Security Advisor

Major incidents like cyber attacks, terrorism, and pandemics are likely in the making right now but it doesn’t mean they’re inevitable. Learning from past incidents, asking the hard ‘what ifs’, and helping businesses build organizational resilience is always top of mind for security leader Sarah Armstrong-Smith.

Cybercriminal Group Octo Tempest and Its Menacing Phishbait

Microsoft is tracking a cybercriminal group called “Octo Tempest” that uses threats of violence as part of its social engineering and data theft extortion campaigns. “Octo Tempest is a financially motivated collective of native English-speaking threat actors known for launching wide-ranging campaigns that prominently feature adversary-in-the-middle (AiTM) techniques, social engineering, and SIM swapping capabilities,” the researchers write.