Application Security Technology Predictions 2022 with Chris Wysopal
Chris Wysopal, CTO and Co-founder of #Veracode shares his 2022 Application Security Technology Predictions with Community Manager, Javed Mohammed.
The Attack of the Chameleon Phishing Page
Recently, we encountered an interesting phishing webpage that caught our interest because it acts like a chameleon by changing and blending its color based on its environment. In addition, the site adapts its background page and logo depending on user input to trick its victims into giving away their email credentials. We see an email with the “initial” URLs in the example below: Figure 1. The raw phishing email showing the URLs, purporting to be a fax message that needs to be accessed.
1Password 8.6 for Windows
When we released 1Password 8 for Windows, it marked the start of the next chapter for 1Password. And though Santa may have come and gone in the weeks since, we’ve still got a bag full of shiny new toys for our Windows customers.
Mitigating CVE-2022-0811: Arbitrary code execution affecting CRI-O
A new vulnerability CVE-2022-0811, alias cr8escape, with CVSS 8.8 (HIGH) has been found in the CRI-O container engine by Crowdstrike. This vulnerability can lead to arbitrary code execution. The container engines affected are: Any containerized infrastructure that relies on these vulnerable container engines is affected as well, including Kubernetes and OpenShift (version 4.6 to 4.10).
20 Best Penetration Testing Tools
In recent times when data breaches and cyber attacks have become so common, being cyber resilient and prepared for the attack when it happens is the new norm.
What to Expect from a Managed Security Service (MSS)
Organisations are increasingly turning to managed security service (MSS) providers to outsource their cybersecurity. But what should you expect from an MSS? This video provides an overview of the benefits, features and services offered by MSS providers.#managedsecurity #MSS Cyphere is a UK-based cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.
What Are the Benefits of Investing in Cloud Storage Security?
As more and more businesses and individuals choose to store their data online, ensuring the safety of information is becoming exceptionally crucial. According to recent statistics from the Hosting Tribunal, over 95% of IT professionals use cloud storage. This number is expected to grow steadily.
How to Build Cyber Security Awareness Among Employees?
According to a PwC poll, the epidemic has increased the number of employees working from home to almost 70%. Remote working, however, has its own set of risks. Companies are vulnerable to a host of network attacks because of employee-owned devices, insecure connections, and inappropriate device usage. That is where cybersecurity awareness training for employees comes into the picture and plays a key role in preventing cyber attacks.
How to do password encryption in Java applications the right way!
There are multiple types of encryption and most ecosystems and languages come with many libraries to help you encrypt the data. The question nowadays is, what type of encryption should I pick for the problem. This article will focus on encrypting passwords for Java applications specifically. While we can apply the main principles to any ecosystem, we will explore examples and libraries in Java that are useful for your daily job.
Supporting Red Hat Enterprise Linux 8 (RHEL 8) June 2022
The widespread popularity of the containerized infrastructure backed by the advancement in technology, has made Linux the top priority as a host of the enterprise production environment. Red Hat Enterprise Linux default configuration settings which are more functionality-focused than being security-oriented, are often faced with the risk of infrastructure breaches.