DevSecOps is an impeccable methodology that combines development, operations (DevOps), and security practices in the Software Development Lifecycle (SDLC). In this methodology, security comes into play from the beginning and is a shared responsibility instead of an afterthought. However, with the ever-evolving digital landscape, and continuous use of third-party and open-source components, DevSecOps teams need to fortify this methodology to minimize the risk and make their software more resilient.

While there have been many intrusions, compromises, breaches, and incidents that have made news in the IT and InfoSec industries throughout 2022 and into this year, when events or threats like Storm-0558 gain coverage by mainstream media, we often get questions about Corelight’s ability to detect threats through our sensors, products & platform.

Brandjacking refers to the malicious act of using a brand’s identity to deceive or defraud customers. It usually involves impersonating a reputable brand to gain unauthorized access to sensitive information or exploit the trust associated with the brand. Attackers often leverage the reputation of well-known brands using social engineering techniques, phishing emails, fake websites, and malicious packages in open source repositories.

SD-WAN has enabled new technology opportunities for businesses. But not all organizations have adopted SD-WAN in the same manner or are having the same SD-WAN experience. As the market gravitates away from SD-WAN towards SASE, research and consulting firm EMA analyzed how businesses are managing this transition to SASE. In this blog post, we present the key findings from their report, titled “WAN Transformation with SD-WAN: Establishing a Mature Foundation for SASE Success”.

Researchers at Akamai describe a credential phishing campaign that’s been running since at least March 2022. Due to the volume of traffic to the phishing sites, the researchers estimate that the attackers are raking in up to $150,000 per year by selling the stolen credentials. “This ongoing research led to the discovery of multiple templated sites used as front-ends for the scam infrastructure that have been tied to more than 40,000 malicious routing domains,” the researchers write.

Implementing multi-factor authentication (MFA) is undoubtedly the best way to protect your company and its data. However, when it comes to identity management, both users and administrators tend to demand a balance between efficiency, convenience, and security, all at the same time. It is a difficult challenge, but one that can be met. This is mainly because users may see MFA as a barrier that creates friction during use that can slow down productivity.