%term

Brace yourself - ISO27001 changes are coming

Nov 2, 2022 By Tripwire Guest Authors In Tripwire

If you’re not aware already, then be prepared for change, because a new version of ISO27001 was published in October 2022! It’s all very exciting! The last change to the standard was in 2017. The changes made back then were fundamentally cosmetic, with a few minor tweaks to wording. The changes barely caused a ripple and, even today, organisations are still certified to ISO27001:2013, meaning that no fundamental changes to the standard have taken place for around ten years.

Read Post

Tripwire

Read more about Brace yourself - ISO27001 changes are coming

Network Detection and Incident Response with Open Source Tools

Nov 2, 2022 By Corelight In Corelight

When conducting incident response, EDR and firewall technologies can only show you so much. The breadth of network traffic provides an unrivalled source of evidence and visibility. Open-source security technologies such as Zeek, Suricata, and Elastic can deliver powerful network detection and response capabilities, furthermore the global communities behind these tools can also serve as a force multiplier for security teams, often accelerating response times to zero-day exploits via community-driven intel sharing.

View Video

Corelight

Read more about Network Detection and Incident Response with Open Source Tools

WatchGuard recognized at the 2022 TrustRadius Best Software List

Nov 2, 2022 By The Editor In WatchGuard

We’re thrilled to share that WatchGuard has been recognized in the 2022 TrustRadius Best Software List! The first-ever TrustRadius Best Software List celebrates products that support the evolution of self-serve buyers by sourcing and using customer reviews. To make the list, products must have 40+ reviews from the past year and have maintained a trScore of 7.5 or higher. These characteristics demonstrate a commitment to transparency, improvement, and user insights.

Read Post

WatchGuard

Read more about WatchGuard recognized at the 2022 TrustRadius Best Software List

GigaOm recognizes WatchGuard as a market leader in endpoint detection and response

Nov 2, 2022 By The Editor In WatchGuard

The WatchGuard team is thrilled to share that technology analyst firm GigaOm recently recognized WatchGuard as a market leader in endpoint detection and response (EDR).

Read Post

WatchGuard

Read more about GigaOm recognizes WatchGuard as a market leader in endpoint detection and response

CVE-2022-3602 and CVE-2022-3786 - OpenSSL 3.0.X Critical Vulnerabilities

Nov 2, 2022 By Adrian Korn In Arctic Wolf

On October 25, 2022, the OpenSSL project announced the existence of a critical vulnerability in the OpenSSL library affecting OpenSSL versions 3.0.0 and above, as well as any application with an embedded, impacted OpenSSL library. This announcement did not include any details on what this vulnerability is or how it can be exploited. On November 1, 2022, a cryptographic library used for encrypting communications in a wide variety of applications on the internet.

Read Post

Arctic Wolf

Read more about CVE-2022-3602 and CVE-2022-3786 - OpenSSL 3.0.X Critical Vulnerabilities

Ruby on Rails Docker for local development environment

Nov 2, 2022 By Mikhail Tereschenko In Snyk

Hi there Ruby developers! If you’ve been looking for an effective way to establish a Ruby on Rails Docker setup for your local development environment, then this post is for you. It’s a continuation of our previous article on how to install Ruby in a macOS for local development. Ruby developers frequently need to account for a database when building a Ruby on Rails project, as well as other development environment prerequisites.

Read Post

Snyk

Read more about Ruby on Rails Docker for local development environment

AT&T Cybersecurity Insights Report: Focus Energy and Utilities

Nov 2, 2022 By Theresa Lanowitz In AT&T Cybersecurity

As energy and utilities companies strive to use the edge to innovate new solutions for delivering more efficient and resilient services, cybersecurity risks to carrying out those business missions loom large. Ransomware attackers and other cybercriminals have increasingly found energy and utilities organizations a profitable target, lobbying high-profile attacks in the last few years that have threatened safety and uptime in the process.

Read Post

AT&T Cybersecurity

Read more about AT&T Cybersecurity Insights Report: Focus Energy and Utilities

Update: OpenSSL high severity vulnerabilities

Nov 2, 2022 By Vandana Verma In Snyk

OpenSSL has released two high severity vulnerabilities — CVE-2022-3602 and CVE-2022-3786 — related to buffer overrun. OpenSSL initially rated CVE-2022-3602 as critical, but upon further investigation, it was reduced to high severity.

Read Post

Snyk

Read more about Update: OpenSSL high severity vulnerabilities

Vulnerability vs. Threat vs. Risk vs... "Other"

Nov 2, 2022 By Shawn Taylor, Vice President, Threat Defense In Forescout

In cybersecurity, three key terms are vulnerability, threat and risk. Often they’re tossed around interchangeably, but they have a specific relationship to one another..

Read Post

Forescout

Read more about Vulnerability vs. Threat vs. Risk vs... "Other"

CVE-2022-3602 and CVE-2022-3786 - High-severity OpenSSL Vulnerabilities Finally Published

Nov 2, 2022 By Shachar Menashe In JFrog

On October 25th, The OpenSSL team announced that OpenSSL 3.0.7 will contain a fix for a critical severity vulnerability that affects OpenSSL 3.x. The full details about the vulnerability were held in an embargo until November 1st. Due to the rarity of an OpenSSL critical-severity issue and the overwhelming popularity of OpenSSL, social media was flooded with messages about this issue, expecting a “Log4Shell”-level event.

Read Post