WatchGuard’s Product Security Incident Response Team (PSIRT) has launched our public PSIRT page to provide a consolidated resource where network administrators can find advisories and information about security vulnerabilities in WatchGuard products, as well as WatchGuard’s investigations into industry-wide security issues that may impact our products or services.

How important is a company name, really? Turns out that it is pretty important, especially if the name you currently have does not represent what the company has become, or where it is going. Our name is what defines the vision, spirit, and ethos of who we are and what we are trying to accomplish—the strategy, technology, and culture all rolled into one. It needs to be crisp, memorable, and legally acquirable. Guess what? It is harder than it looks…

The way we work has drastically changed since the start of the pandemic. With more companies adopting remote and hybrid work models, there has been a 600% increase in cybercrime and 65% of organizations have seen a measurable increase in attempted cyberattacks, which is particularly problematic since 78% say remote workers are harder to secure.

When defining security policies, it is critical to know who the user is and what their privileges should be based on their role, and whether the device itself or the state of the device at the time of connection is in a known good state.

An adversary’s ability to live off the land — relying on the operating system’s built-in tooling and user-installed legitimate software rather than tooling that must be brought in — may allow them to navigate through a victim organization’s network relatively undetected. CrowdStrike Falcon OverWatch™ threat hunters are acutely aware of adversaries’ love of these living off the land binaries (LOLBins) and build their hunts accordingly.

During SnykWeek Boston, Simon Maple (Field CTO, Snyk) led a panel discussion about developer adoption of application security. The panelists included: Want the TL;DR? Here are some of our favorite takeaways: Read on to dive deeper into these illuminating insights around organizing security teams, setting security goals, empowering developers, improving compliance, and much more.

At every UpGuard Summit, we announce the latest exciting developments to the UpGuard platform. Here’s a summary of some of the new and upcoming product releases announced during the May, 2022 event.

Whether you’re a startup, an e-commerce company, or a large corporation, as long as you handle credit card transactions, you need to be aware of and comply with the Payment Card Industry Data Security Standard (PCI DSS). As online commerce and online payment technology continue to grow, they need to be accompanied by new rules and regulations to make sure that both the business and the customers are safe and secure.

This month, Microsoft announced a vulnerability in NFS. The exploit lies in how an attacker can force a victim NFS server to request an address from the attacker’s fake NFS server. The address returned will overflow memory on the victim NFS server and cause a crash. Through Microsoft’s MAPP program, Corelight Labs reviewed a proof-of-concept exploit for this vulnerability and wrote a Zeek®-based detection for it. You can find a PCAP of this exploit in our GitHub repository.