%term

Unconstrained Delegation

Dec 2, 2022 By Joe Dibley In Netwrix

Unconstrained delegation represents a serious cybersecurity risk. By taking steps to abuse the Active Directory delegation controls applied to user and computer objects in an AD environment, an attacker can move laterally and even gain control of the domain. This blog post explores this area of attack (unconstrained delegation) and offers security teams and administrators effective strategies for mitigating this security risk.

Read Post

Netwrix

Read more about Unconstrained Delegation

9 Things to Consider When Choosing an SCA Tool

Dec 2, 2022 By Guest Expert In GitGuardian

Software composition analysis is an essential part of application security. Here are the important factors to consider when selecting an SCA scanner to be sure it is well-suited to your needs.

Read Post

GitGuardian

Read more about 9 Things to Consider When Choosing an SCA Tool

7 Factors To Consider For Selecting The Best Code Signing Certificate Provider

Dec 2, 2022 By SignMyCode In SignMyCode

Every wise software developer and publishing firm knows the importance of a code signing certificate for their executables, codes, and scripts. For the uninitiated, code signing helps give your software a mark of genuine and trusted publisher for users to download and install. Moreover, it safeguards your executables with a digital signature and alerts users if they are altered or modified after signing.

Read Post

SignMyCode

Read more about 7 Factors To Consider For Selecting The Best Code Signing Certificate Provider

Quick Tips for Email Security

Dec 2, 2022 By Nathan Caldwell In Arctic Wolf

Email is embedded into the everyday lives of U.S. adults. For starters, the average person receives over 100 emails a day. To sort through all of that, workers spend an average of five hours a day checking their email. With this communication tool demanding so much of our attention, it’s no wonder cybercriminals use it as a preferred method for carrying out major attacks.

Read Post

Arctic Wolf

Read more about Quick Tips for Email Security

Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies

Dec 2, 2022 By Tim Parisi In CrowdStrike

CrowdStrike Services reviews a recent, extremely persistent intrusion campaign targeting telecommunications and business process outsourcing (BPO) companies and outlines how organizations can defend and secure their environments.

Read Post

CrowdStrike

Read more about Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies

Say Hello to SpiderLabs: Trustwave Security Testing

Dec 2, 2022 By Trustwave In Trustwave

Trustwave SpiderLabs is among the most well-respected teams in the cybersecurity industry, having gained a reputation for conducting cutting-edge research, plying the foggy corners of the darkweb for information, and detecting and hunting down threats. What is less well known is how Trustwave’s SpiderLabs’ various teams’ function and then pull together to create the formidable force that is the backbone of all Trustwave’s offerings.

Read Post

Trustwave

Read more about Say Hello to SpiderLabs: Trustwave Security Testing

5 Consumer Data Protection Tips For Your SaaS Business

Dec 2, 2022 By Internxt Contributor In Internxt

SaaS (Software as a Service) companies cannot function without certain consumer data. For starters, you’ll need the customers’ names and email addresses for your marketing and sales operations. And as leads turn into customers, you may also need their payment details. Now, as your company collects more consumer data, it also becomes a target for data breaches. Remember the March 2022 HubSpot security incident?

Read Post

Internxt

Read more about 5 Consumer Data Protection Tips For Your SaaS Business

Cybersecurity Is the Most Prevalent ESG Issue We're Not Talking About

Dec 2, 2022 By Anna Sarnek, Senior Director, Risk Solutions In SecurityScorecard

While the focus on Environmental, Social, and Governance (ESG) issues has gained traction in recent years, both within boardrooms and investment spaces, the focus on carbon credits and workforce diversity has diverted the existential crisis that companies face from cybersecurity. Just as carbon is the byproduct of the third industrial revolution, cybersecurity is the byproduct of the fourth industrial revolution that we continue to live through.

Read Post

SecurityScorecard

Read more about Cybersecurity Is the Most Prevalent ESG Issue We're Not Talking About

ISO 27002 puts Threat Intelligence center stage

Dec 2, 2022 By Outpost 24 In Outpost 24

The updated ISO 27002 adds 11 new controls spanning a range of security services, including the addition of threat intelligence control 5.7. The ISO 27000 series is an industry standard that has long defined and dictated base-level requirements for organizations’ information security management systems (ISMS). Through more than a dozen standards, the framework helps organizations demonstrate management commitment to their ISMS as they regularly review and improve their systems and procedures.

Read Post

Outpost 24

Read more about ISO 27002 puts Threat Intelligence center stage

[Webinar] Taming Secrets Sprawl with Doppler and GitGuardian

Dec 2, 2022 By GitGuardian In GitGuardian

With every hardcoded secret, the software supply chain attack surface grows larger, opening more avenues for the resourceful attacker. Remember Codecov? It all started with a hardcoded secret, ultimately leading to the downstream poisoning of 20,000+ CI pipelines and the exfiltration of more secrets than attackers could ever dream of. It’s time for us, developers and security pros, to take a hard look at our hardcoded secrets – or else, we accept living with the risks and consequences of secrets sprawl.

View Video