%term

Phishing Attacks Often Target Small Businesses - Here's What to Watch for

Jul 29, 2021 By Martina Dove In Tripwire

Scammers target businesses with phishing emails all the time, pretending to be legitimate customers or vendors asking for payment. While any company can be vulnerable to this type of attack, small- to medium-size companies are particularly vulnerable because it is easier for a scammer to do a bit of research online and identify the right people to impersonate or send a phishing email to.

Read Post

Tripwire

Read more about Phishing Attacks Often Target Small Businesses - Here's What to Watch for

Encrypted Traffic Collection

Jul 29, 2021 By Corelight In Corelight

Working with encrypted traffic is a common task in the SOC and one that many people think network monitoring solutions can't do anything about. The reality, however, is a bit less cut and dry than you might think. Corelight with Zeek can parse details about the certificate handshake and the SSL connection itself. See the cipher and elliptic curve in use, which are great for detecting vulnerabilities like CurveBall. Learn more about Corelight's Encrypted Traffic collection in this brief two minute video.

View Video

Corelight

Read more about Encrypted Traffic Collection

JFrog detects malicious PyPI packages stealing credit cards and injecting code

Jul 29, 2021 By Andrey Polkovnichenko, Omer Kaspi and Shachar Menashe In JFrog

Software package repositories are becoming a popular target for supply chain attacks. Recently, there has been news about malware attacks on popular repositories like npm, PyPI, and RubyGems. Developers are blindly trusting repositories and installing packages from these sources, assuming they are secure.

Read Post

JFrog

Read more about JFrog detects malicious PyPI packages stealing credit cards and injecting code

C2 Command and Control Collection

Jul 29, 2021 By Corelight In Corelight

View Video

Corelight

Read more about C2 Command and Control Collection

Egnyte and Splunk Integration: You Can't See if You Don't Look

Jul 28, 2021 By David Buster In Egnyte

Security Information and Event Management (SIEM) technology provides visibility across an organization's information security systems by collecting and correlating events from logs across many different sources. Security analysts use tools like a SIEM to go “threat hunting”. By correlating disparate events across systems, they can often detect Indicators of Compromise (IoC’s) that may otherwise go unnoticed on individual systems.

Read Post

Egnyte

Read more about Egnyte and Splunk Integration: You Can't See if You Don't Look

The Future Federal SOC Will Be Data-Driven

Jul 28, 2021 By John Allison In Devo

The executive order on cybersecurity President Biden issued in May doesn’t radically change federal cybersecurity practices for now, but it lays the groundwork for significant changes in the future. The EO directs multiple federal agencies to develop new policies and processes to safeguard federal networks, and also to improve the overall cybersecurity posture of all Americans.

Read Post

Devo

Read more about The Future Federal SOC Will Be Data-Driven

Insider Threat Prevention: 5 Steps To Improving Defensive Posture By The End Of 2021

Jul 28, 2021 By Haley Ashley In Teramind

As businesses emerge from a pandemic year, cybersecurity concerns are necessarily top of mind . Companies face expansive cybersecurity threats on many fronts, prompting 75 percent of business leaders to view cybersecurity as integral to their organization’s COVID-19 recovery. They undoubtedly face an uphill battle. Surging ransomware attacks and increasingly deceptive phishing scams are attracting national attention, while more than 500,000 cybersecurity jobs remain unfilled in the US alone.

Read Post

Teramind

Read more about Insider Threat Prevention: 5 Steps To Improving Defensive Posture By The End Of 2021

Accelerate SecOps with a Single Source of Network Truth

Jul 28, 2021 By Corelight In Corelight

Network evidence is vital for defense, but collecting it can be overly complicated and result in incomplete data that is difficult to use. By transforming VPC and on-premises traffic into Zeek logs and Suricata alerts, you can accelerate threat hunting and incident response workflows in security analytics tools like Chronicle and VirusTotal.

View Video

Corelight

Read more about Accelerate SecOps with a Single Source of Network Truth

Kubernetes Quick Hits: Use SecurityContext to drop unnecessary Linux Capabilities

Jul 28, 2021 By Snyk In Snyk

In this episode of our Kubernetes Quick Hits video series, Eric Smalling–Sr. Developer Advocate at Synk– talks about Linux Capabilities and why you probably can run with none of them enabled. Linux Capabilities is item number six from our recently published cheatsheet, 10 Kubernetes Security Context settings you should understand, check it out and start securing your Kubernetes application deployments today!

View Video

Snyk

Read more about Kubernetes Quick Hits: Use SecurityContext to drop unnecessary Linux Capabilities

5 critical aspects of Attack Surface Management (ASM)

Jul 28, 2021 By Irfan Shakeel In AT&T Cybersecurity

Modern technologies and work flexibilities, such as cloud computing, work-from-anywhere, remote employees connecting to the internal network, and so on, enhance the organizations' operation and provide ease of management. Consequently, they impact the organizations' security controls and introduce additional attack surfaces or opportunities for intruders to attack. This situation demands security analysts to adopt modern attack surface management techniques and technologies.

Read Post