Top Challenges in Implementing SIEM Solutions

Security Information and Event Management (SIEM) systems are the modern guardian angels of cybersecurity, offering robust threat detection, efficient incident response, and compliance tranquility. However, beneath the surface of these promising advantages lie intricate challenges. In this blog post, we delve deep into SIEM implementation challenges. But before diving in, let's first understand what SIEM entails.

The growth of APIs attracts Cybercrime: How to prepare against cyber attacks

Application Programming Interfaces (APIs) have profoundly transformed the internet's fabric. In the pre-API era, digital interactions were limited by siloed systems functioning in isolation. APIs dismantled these barriers by introducing a universal language that diverse applications could comprehend. This linguistic bridge facilitated an unprecedented level of interconnectivity between software entities.

OAuth security gaps at Grammarly (now remediated)

This short video explains how Salt Labs researchers identified several critical security flaws on the popular site - Grammarly. The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user. All issues were reported to Grammarly and have been resolved with no evidence of these flaws being actively exploited in the wild. In the research, they also found similar vulnerabilities in Vidio.com and Bukalapak.com.

Oh-Auth - Abusing OAuth to take over millions of accounts

OAuth (Open Authorization) is one of the fastest adopted technologies in the AppSec domain. From its first introduction in 2006, as an attempt to introduce a standard authorization protocol, it has become one of the most popular protocols for both user authorization and authentication, and it’s being used by almost every major web service and website today. One of the reasons for its huge popularity is its ease of implementation.

How To Protect Your Financial Accounts Online

You can protect your financial accounts online by using strong passwords, updating your software, avoiding suspicious links and attachments, reducing your digital footprint and turning on financial alerts. Protecting your financial information is important to prevent identity theft and credit card fraud from happening to you. Identity theft can be emotionally draining and leave you financially bankrupt.

Five Reasons Why Legacy Data Loss Prevention Tools Fail to Deliver

Like so many legacy technologies, legacy data loss prevention (DLP) tools fail to deliver the protection today’s organizations need. Implementation challenges, visibility gaps and inconsistent policies negatively impact customers and make data breaches far too easy for adversaries. With U.S. data breach costs averaging a staggering $4.45 million last year, organizations need a way to better secure their data as cloud adoption accelerates and IT environments evolve.

Enforcing Least Privilege Mitigates Identity Provider Takeover Attacks

Single Sign-On (SSO) solutions are designed to provide seamless access to important resources for employers and contractors at millions of organizations worldwide. By enabling only one point of access for all the applications a user needs to perform their job, SSO has become ubiquitous for enterprises to streamline operations.

Add to Your AppSec Arsenal with Mend.io's Integration with Secure Code Warrior

We’re delighted to announce that Mend.io has launched a new integration with Secure Code Warrior®, a platform that provides secure coding training and tools that help shift developer focus from vulnerability reaction to prevention.

Understanding PCI DSS v4.0

The Payment Card Industry Data Security Standard (PCI DSS) are commonly followed by organizations that handle credit card transactions to ensure the security of cardholder data. Since standards and requirements can change over time, it’s essential to refer to the most recent version of the PCI DSS v4.0 standard for the most up-to-date information. PCI DSS v4.0 was updated in April 2022. The description of the updated change from PCI DSS v3.2.1 to PCI DSS v4.0 states.