%term

Catching A Wave, Standing Up on My Surfboard: How Cloud Threat Exchange Saves My SOC From Drowning (For Now)

Mar 31, 2022 By Jason Barnes In Netskope

We have built a Security Operations Center at Netskope in short order. Facing the vast expanse of the Security Operations ocean, I grabbed my board with my team and focused on doing a few things really well. We documented workflows, expanded our visibility, and tuned monitoring systems. We paddled out from shore, braving the shark-infested waters of the threat landscape.

Read Post

Netskope

Read more about Catching A Wave, Standing Up on My Surfboard: How Cloud Threat Exchange Saves My SOC From Drowning (For Now)

CIS Critical Security Controls: Unpacking the Significant Changes in the Latest Version

Mar 31, 2022 By Tyler Desjardins In Arctic Wolf

“May you live in interesting times.” Cybersecurity professionals live this phrase every day. From supply-chain attacks, pervasive exposure from zero-day vulnerabilities, or the dramatic rise in ransomware, we undoubtedly live—and work—in interesting times.

Read Post

Arctic Wolf

Read more about CIS Critical Security Controls: Unpacking the Significant Changes in the Latest Version

Out of Band (OOB) Data Exfiltration via DNS

Mar 31, 2022 By Tyler Reguly In Tripwire

Last week, I attended the NotSoSecure Advanced Web Hacking training. While there were plenty of interesting topics taught, one that caught my attention was Out-of-Band (OOB) Data Exfiltration using DNS. Back in 2018, NotSoSecure published an Out of Band Exploitation (OOB) CheatSheet. In that document, they cover methods by which you can exfiltrate data. One of these uses files written to disk and multiple DNS queries to send large chunks of data.

Read Post

Tripwire

Read more about Out of Band (OOB) Data Exfiltration via DNS

Cloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365

Mar 31, 2022 By Christopher Romano - Vaishnav Murthy In CrowdStrike

As many organizations move to the cloud, CrowdStrike has noticed a significant increase in both opportunistic and targeted attacks against cloud resources, with a large number of these attacks targeting organizations’ Microsoft 365 (M365) infrastructure, often specifically around their business email service, or Exchange Online.

Read Post

CrowdStrike

Read more about Cloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365

Building Your Security Analytics Use Cases

Mar 31, 2022 By Graylog Security Team In Graylog

It’s time again for another meeting with senior leadership. You know that they will ask you the hard questions, like “how do you know that your detection and response times are ‘good enough’?” You think you’re doing a good job securing the organization. You haven’t had a security incident yet. At the same time, you also know that you have no way to prove your approach to security is working. You’re reading your threat intelligence feeds.

Read Post

Graylog

Read more about Building Your Security Analytics Use Cases

Improve Your Web Applications and Your Client-side Security

Mar 31, 2022 By Feroot

Learn how to protect your client-side web applications and the customer data you collect via your websites. Gain a deep understanding of how to stop skimming breaches by closing gaps in your web application firewalls, content security policies, penetration testing, security testing, and vulnerability scanning coverage. Explore the basics of client-side security and learn how businesses can protect themselves and their customers with automated tools, monitoring, and controls to stop threats, all while safeguarding customer data.

Get White Paper

Feroot

Security

Read more about Improve Your Web Applications and Your Client-side Security

The Ultimate Guide to Client-Side Security Executive Summary

Mar 31, 2022 By Feroot

In a world in which commerce, business, and information are driven almost exclusively by the internet, protecting both consumers and data is critical.

Get EBook

Feroot

Read more about The Ultimate Guide to Client-Side Security Executive Summary

AT&T Cybersecurity earns four Cybersecurity Excellence Awards

Mar 30, 2022 By Jill Sanders In AT&T Cybersecurity

The AT&T Cybersecurity team’s unwavering focus on managing risk while maximizing customer experience earns high marks from security experts and customers alike. The team garnered some well-earned official recognition of the quality of flexible services they run with the announcement that AT&T won the highest distinction Gold Award in four different service categories of the 2022 Cybersecurity Excellence Awards.

Read Post

AT&T Cybersecurity

Read more about AT&T Cybersecurity earns four Cybersecurity Excellence Awards

Fraud Prevention Strategy: Finding Weak Links in the Payment Transaction Cycle

Mar 30, 2022 By Stephen Lazenby In INETCO

This blog is a part of our new series 5 Strategies for Building Resilience to Financial Crimes and Cyber Attacks in 2022. In the last few years, we have all observed an increase in the sophistication of cyber-enabled attacks and financial crimes. This coincided with intensified focus on digital banking by financial institutions and increased volumes of online transactions.

Read Post

INETCO

Read more about Fraud Prevention Strategy: Finding Weak Links in the Payment Transaction Cycle

10 Cybersecurity Spring Cleaning Tips

Mar 30, 2022 By Corey Nachreiner In WatchGuard

Spring is a good time to do some cleaning; put away winter clothes and ski gear, open windows and let spring breezes clear out the dust that gathered through the winter. But it’s also a good time for IT and cybersecurity teams to “spring clean” their security postures as well. Below we share 10 quick and easy ways to “clean up” your cybersecurity practices and adapt to the security threats we face daily.

Read Post