The Importance of NDR Detection-in-Depth

Detection engineering has evolved into an art, contributing to the success rates of endpoint and network detection and response tooling capabilities. Used to effectively counter the increasing complexity of today’s cyber threat actors, high-fidelity detections can help an organization discover threats earlier, neutralizing them before further damage can occur.

Securing Our World

October is Cybersecurity Awareness Month, a dedicated month for the public and private sectors to work together to raise awareness about the importance of cybersecurity. And this year’s theme, “Secure Our World,” couldn’t be more timely. With the growing number of cyberattacks worldwide, it’s becoming increasingly apparent that critical infrastructure is at risk.

New from SEC: Cybersecurity Final Rule on Reporting Hits Third Party Risk

In one of the most important cybersecurity regulatory developments in recent memory, the U.S. Securities and Exchange Commission (SEC) recently adopted new cybersecurity requirements for publicly traded companies, creating new obligations for reporting “material” cybersecurity incidents and requiring more detailed disclosure of cybersecurity risk management, expertise, and governance. Companies are required to disclose risks in their annual reports beginning on December 15, 2023.

Find and fix HTTP/2 rapid reset zero-day vulnerability CVE-2023-44487

Researchers and vendors have conducted an investigation into volumetric DDoS attacks in the wild between August – October 2023 that has resulted in the discovery of a novel “rapid reset” technique that leverages stream multiplexing, a feature of the widely-adopted HTTP/2 protocol. Disclosed today, the HTTP/2 rapid reset vulnerability is being tracked as CVE-2023-44487 and has been designated a High severity vulnerability with a CVSS score of 7.5 (out of 10).

Industry Trends and the Importance of Unified Identity Security

Enterprise attack surfaces continue to evolve through cloud-based infrastructure, the proliferation of connected devices, and reliance on third-party solutions. New vulnerabilities are emerging every day from security gaps in the software supply chain to use of AI and cybercriminals are being proactive in exploiting them. Comprehensive Identity Security is a critical element to containing these new risks but maintaining best practices for a robust IAM strategy using multiple security tools has never been more challenging. This session will address how to reduce human error, avoid gaps and overlaps of your different IAM tools, and bring your security strategy in-line with the challenges of today and tomorrow's cyber threats.

Web Application Security: 5 Security Tips for Software Engineers

As a software engineer in a cloud-native world, you’re the first line of defense in web application security. Armed with a few best practices that have a huge impact, securing both the code you create and the code you compile can be simple. Here are five tips that make your role easier in protecting data with secure development.

Slaying the many headed hydra of data privacy and protection

With data traveling the world through borderless networks data privacy and protection laws have never been as important as they are today. Over 120 global jurisdictions now have data privacy and protection laws. California to China are implementing legislation that mirrors Europe’s GDPR, while the EU has turned its attention to a new EU Data Act as well as regulating the use of AI. Where once organizations were always ahead of regulators, now they struggle to keep up with compliance requirements across multiple jurisdictions. In this session, we will discuss the current state of compliance regulations, what’s coming next and how you can stay ahead.

What is a Zero-Day (0-Day)?

In the world of cybersecurity, zero-day vulnerabilities, zero-day attacks, and zero-day exploits keep many CISOs up at night. These terms, often shrouded in mystery and intrigue, denote a significant risk to digital systems and the sensitive data they hold. Understanding the intricacies of zero-day vulnerabilities and the exploits that leverage them is crucial for individuals, organizations, and governments seeking to fortify their defenses against cyber threats.

Phishing and Curling: Vulnerabilities, not Winter Sports

In this week's episode, Bill and Robin dive into the dangers of EvilProxy, as well as discuss a hot new vulnerability in the curl framework (CVE-2023-38545) Should you be concerned about this CVE? How can you tell if personal parameters are being sent to threat actors? and how can you help mitigate against these security challenges? Learn all this and more on the latest episode of The Ring of Defense!