%term

What Makes Telecommunication Companies Such a Fertile Ground for Attack?

Apr 19, 2022 By Jeannine Balsiger In Tripwire

Telecommunication is the first, and most robust network ever invented. This may seem like a brazen and bold statement, but when examined closely, it is not the stuff of fantasy. Prior to the invention and development of the internet, what other way could a person pick up a device, and “dial” a few numbers and end up seamlessly connected to someone across the vast expanse of a countryside?

Read Post

Tripwire

Read more about What Makes Telecommunication Companies Such a Fertile Ground for Attack?

Explore Corelight evidence in Humio Community Edition

Apr 19, 2022 By Ed Smith In Corelight

Now available: A free and easy way to learn about Humio and Corelight. As part of our alliance partnership with CrowdStrike and Humio, Corelight is excited to announce a new collaboration that allows our customers and the community to experience the value of evidence.

Read Post

Corelight

Read more about Explore Corelight evidence in Humio Community Edition

Eliminate noise and prioritize the vulnerabilities that really matter with Risk Spotlight

Apr 19, 2022 By Daniella Pontes In Sysdig

Is your team drowning in container vulnerability noise? Are you spending a lot of time figuring out where to focus resources on and still missing dangerous vulnerabilities? Know that you are not alone. Container environments revolutionized app development by enabling unprecedented velocity, but not without a price. The use of readily available container images of third-party and open-source code enabled much faster cycles, but also facilitated the introduction of vulnerabilities in the application.

Read Post

Sysdig

Read more about Eliminate noise and prioritize the vulnerabilities that really matter with Risk Spotlight

Modernizing SAST rules maintenance to catch vulnerabilities faster

Apr 19, 2022 By Frank Fischer In Snyk

Snyk Code separates itself from the majority of static code analysis tools by generating and maintaining rule sets for its users — helping them combat common and newly discovered threats. A recent Hub article described a new Javascript vulnerability called prototype pollution, which allows attackers to modify, or “pollute”, a Javascript object prototype and execute a variety of malicious actions.

Read Post

Snyk

Read more about Modernizing SAST rules maintenance to catch vulnerabilities faster

Are vulnerability scores misleading you? Understanding CVSS severity and using them effectively

Apr 19, 2022 By Miguel Hernández In Sysdig

Vulnerabilities are everywhere. Vetting, mitigating, and remediating them at scale is exhausting for security practitioners. Let’s keep in mind that no organization has the capacity to find and fix all vulnerabilities. The key is to understand what a vulnerability is, interpret the meanings of the CVSS score, and prioritize and effectively use resources within constrained time limits or delivery windows. Since 2016, new vulnerabilities reported each year have nearly tripled.

Read Post

Sysdig

Read more about Are vulnerability scores misleading you? Understanding CVSS severity and using them effectively

What We Can Learn From SolarWinds Security Breach

Apr 18, 2022 By SecurityScorecard In SecurityScorecard

65% of cyber attacks today happen due to the negligence of a third party. SolarWinds security breach is a good example of that. In this case, hackers used a method known as a supply chain attack to insert malicious code into their Orion System. From there, they managed to crack into the SolarWinds network and put malware into the environment. SolarWinds did a great job following up on this. They made significant improvements and are currently rated as a B by SecurityScorecard.

View Video

SecurityScorecard

Read more about What We Can Learn From SolarWinds Security Breach

eyeSight Switch API

Apr 18, 2022 By Forescout In Forescout

Introduced in eyeSight release 8.4, the "Switch API" provides the ability to automate changes to an enterprise switching infrastructure.

View Video

Forescout

Read more about eyeSight Switch API

What is Incident Response?

Apr 18, 2022 By SecurityScorecard In SecurityScorecard

Creating an incident response plan is mission-critical for modern organizations. As threat actors continuously evolve their attack methodologies, organizations need the people, processes, and technologies that allow them to rapidly respond to a security incident. According to research, attacks have increased by 15% since 2019.

Read Post

SecurityScorecard

Read more about What is Incident Response?

What Is Cryptojacking and How Can You Defend Against It?

Apr 18, 2022 By Arctic Wolf In Arctic Wolf

It should come as no surprise that as cryptocurrencies become more popular and edge towards the mainstream, the mining of these digital currencies—which uses computing power to solve complex math problem— has given rise to a new form of cyber attack: cryptojacking. Cryptojacking may sound like a way to steal someone's cryptocurrency assets, but it's a less obvious form of theft.

Read Post

Arctic Wolf

Read more about What Is Cryptojacking and How Can You Defend Against It?

The Linux process and session model as part of security alerting and monitoring

Apr 18, 2022 By Mike Sample In Elastic

The Linux process model, available within Elastic, allows users to write very targeted alerting rules and gain deeper insight into exactly what is happening on their Linux servers and desktops. In this blog, we will provide background on the Linux process model, a key aspect of how Linux workloads are represented.

Read Post