Our previous blog post on authorization security covered the seven most common authorization vulnerabilities. This post will discuss 11 authorization best practices that help avoid vulnerabilities and defeat specific attack vectors.
At the Rubrik Data Security Spotlight, we introduced Rubrik Cloud Vault, our fully managed, secure, and isolated cloud vault service built on Microsoft Azure. Rubrik Cloud Vault enables customers to build a comprehensive and multi-layered data protection strategy to be cyber resilient.
The dark web is a part of the internet that is not indexed by search engines and is only accessible through specific browsers. It has become a haven for all sorts of illegal activities and people who want to remain anonymous, including hackers. Often, the hackers use the dark web to sell steal passwords, compromising the security of employees and companies.
In March 2021, Netflix users logging into shared accounts reported seeing a message on the service telling them, “If you don’t live with the owner of this account, you need your own account to keep watching.” At the time, the affected users had to input a multifactor authentication (MFA) code sent via SMS or email to regain access.
A few days ago, Snyk reported on a new type of threat vector in the open source community: protestware. The advisory was about a transitive vulnerability — peacenotwar — in node-ipc that impacted the supply chain of a great deal of developers. Snyk uses various intel threat feeds and algorithms to monitor chatter on potential threats to open source, and we believe this may just be the tip of a protestware iceberg.
Just a few years ago, security orchestration, automation and response (SOAR) was the new buzzword associated with security modernization. Today, however, SOAR platforms are increasingly assuming a legacy look and feel. Although SOARs still have their place in a modern SecOps strategy, the key to driving SecOps forward today is no-code security automation.
