With so many companies currently reducing their workforce, jobs scams have become a serious and widespread problem for those who are looking for work. Stories from people who came across these scams on LinkedIn talk about scammers asking for their IDs, possibly to commit identity fraud or theft.

For today’s remote workforce, security professionals need technical security awareness education distinct from the rest of the company’s “don’t click a phishing link” training. Security analysts know how to recognize phishing emails and set secure passwords. However, where does that leave them when it comes to security awareness?

One of the primary debugging tools for a cloud-native developer is the simple, humble log file. Some malfunctioning systems can be impossible to debug without them. FluentD is an open source log collector that provides unified log processing across multiple emitter systems, either on the same logical device or separate devices. For example, on a single k8s pod, logs are emitted from the pod itself, the container running in the pod and the microservice running in the container.

Last month, over the holidays, we witnessed multiple vendors experience security breaches of varying levels of severity. From LastPass and Okta to Slack and CircleCI, the news has been filled with headlines reporting on the aftermath of these incidents. We wanted to briefly cover these stories and discuss their implications for you in the current year.

For the past several years we’ve all been sold the benefits of moving to Zero Trust, and it’s worked. We’re sold. But what now? At this point, companies have decided to embark on a long and committed journey – Zero Trust (ZT) isn’t built in a day. Keeping a clear eye on the finish line is necessary to maintain enthusiasm and buy-in as ZT architecture is put into place, divisions are shuffled around, and resources are fortified.

Pretexting can occur anywhere at any time, so it’s important to understand what it is and ways you can protect employees from it. You can protect your organization from pretexting by not clicking on unsolicited links, not sharing personal information online and by educating employees on pretexting techniques. Read on to learn more about pretexting and the techniques used by cybercriminals to get victims to reveal sensitive information.

Responsible for supervising nearly $1Trillion of assets across 30 banks and financial institutions, SAMA plays a crucial role in ensuring economic and financial stability within the Kingdom of Saudi Arabia. The SAMA Cyber Security Framework and Threat Intelligence Principles are mandatory regulations for all member organisations regulated by the Saudi Arabian Monetary Authority (SAMA) operating within the Kingdom of Saudi Arabia.

KSMBD, as defined by the kernel documentation1, is a linux kernel server which implements SMB3 protocol in kernel space for sharing files over network. It was introduced in kernel version ‘v5.15-rc1’ so it’s still relatively new. Most distributions do not have KSMBD compiled into the kernel or enabled by default. Recently, another vulnerability (ZDI-22-16902) was discovered in KSMBD, which allowed for unauthenticated remote code execution in the kernel context.

The concept of Bring Your Own Device, or BYOD, has been adopted by organizations wanting to take advantage of the benefits. BYOD allows employees to use their personal devices to connect to their business networks and access work-related resources using smartphones, personal laptops, tablets and USB keys. But is a BYOD strategy good for security? Along with the benefits come increased BYOD security risks that require mitigation.

In the world of cybersecurity, the spotlight often shines on protecting applications, networks, and individual accounts. Application programming interfaces (APIs), on the other hand, present their own set of challenges to secure. APIs account for a significant portion of internet traffic and handle massive amounts of information from a wide variety of programs and applications; consequently, they make for an appealing target in the eyes of cybercriminals.