%term

Finding YAML Injection with Snyk Code

Feb 23, 2023 By Calum Hutton In Snyk

I conducted some research to try and identify YAML Injection issues in open-source projects using Snyk Code. Though the vulnerability itself is not a new one, the potential impact of YAML Injection is high, which made it a good candidate for research. This research led to the discovery of several issues in open-source projects written in Python, PHP and Ruby. This article focuses on the issue found in geokit-rails version 2.3.2, a plugin for Ruby on Rails

Read Post

Snyk

Read more about Finding YAML Injection with Snyk Code

What Is GLBA?

Feb 23, 2023 By Eleanor Bennett In logit.io

The purpose of this guide is to provide you with a thorough understanding of GLBA as well as tips for ensuring compliance with your organization.

Read Post

logit.io

Read more about What Is GLBA?

CI/CD and the Promise of Agile Transformation

Feb 23, 2023 By Adam Murray In Mend

Continuous integration/continuous delivery (CI/CD), promises to help deliver software faster and more reliably. It does this by pushing frequent updates and fixes regardless of size and using automation tools to help the process run smoothly. According to Gartner, CI/CD is the most common agile practice currently being adopted by organizations. So how does CI/CD work and why is it critical for DevOps teams?

Read Post

Mend

Read more about CI/CD and the Promise of Agile Transformation

Stories from the SOC - The case for human response actions

Feb 23, 2023 By Edwardo Rodriguez In AT&T Cybersecurity

As we move towards more automation, we should remember the risk of over-automating, or at least make a conscious decision to accept the risks. This is especially important in automating response actions, which left unchecked could wreak havoc with day-to-day business operations.

Read Post

AT&T Cybersecurity

Read more about Stories from the SOC - The case for human response actions

Hangin' with Haig: Conversations Beyond the Keyboard

Feb 23, 2023 By ThreatQuotient In ThreatQuotient

ThreatQuotient's Director of Alliances, Haig Colter, assumes the role of host in our series Hangin’ with Haig: Conversations Beyond the Keyboard. In our upcoming episode, we welcome Valéry Marchive. Co-founder of LeMagIT, Valéry has been its editor-in-chief since January 2020. A computer scientist by training, he specialised in cybersecurity and has developed an investigative approach to his journalistic practice, both in studying known cyberattacks and in understanding the dynamics of cybercrime. For several years, he has meticulously investigated cyber attacks with ransomware and their perpetrators.

View Video

ThreatQuotient

Read more about Hangin' with Haig: Conversations Beyond the Keyboard

Mitigate Cyber Risk From Email With the Falcon LogScale and Mimecast Integration

Feb 23, 2023 By LogScale Engineering In CrowdStrike

Email is the top initial attack vector, with phishing campaigns responsible for many damaging cyber attacks, including ransomware. Being able to search Mimecast email security logs in CrowdStrike Falcon® LogScale (formerly known as Humio), alongside other log sources such as endpoint, network and authentication data helps cybersecurity teams detect and respond to cyber attacks.

Read Post

CrowdStrike

Read more about Mitigate Cyber Risk From Email With the Falcon LogScale and Mimecast Integration

CrowdStrike Uncovers I2Pminer MacOS Mineware Variant

Feb 23, 2023 By Mitch Datka - Ron Bolger In CrowdStrike

CrowdStrike recently analyzed a macOS-targeted mineware campaign that utilized malicious application bundles to deliver open source XMRig cryptomining software and Invisible Internet Protocol (I2P) network tooling.

Read Post

CrowdStrike

Read more about CrowdStrike Uncovers I2Pminer MacOS Mineware Variant

LimaCharlie as a low-cost way to improve cyber resilience

Feb 23, 2023 By Christopher Luft In LimaCharlie

Organizations know that they need to become more cyber resilient, and are asking MSSPs and enterprise security teams to help. But in a time of economic uncertainty and shrinking budgets, the goal of cyber resilience is often at odds with what management is prepared to invest. The good news is that LimaCharlie can be used to help security professionals improve cyber resilience—with a level of control and at a cost efficiency unparalleled industrywide.

Read Post

LimaCharlie

Read more about LimaCharlie as a low-cost way to improve cyber resilience

FERPA Compliance Guide (Updated 2023)

Feb 23, 2023 By Kyle Chin In UpGuard

FERPA (the Family Educational Rights and Privacy Act) is a United States federal law protecting the privacy of student education records, more specifically governing access from public entities, such as employers, public schools, and foreign governments.

Read Post

UpGuard

Read more about FERPA Compliance Guide (Updated 2023)

The Future Of Security Operations Roadshow: Unifying & Scaling Our Security Alert System Using Tines

Feb 23, 2023 By Tines In Tines

Brex showcase how they leverage Tines' no-code automation platform to scale their security alert systems at The Future of Security Operations Roadshow: San Francisco 2023.

View Video