Without a doubt, digital transformation accelerated amid the pandemic and made it possible for employees to work remotely. However, it also intensified the threat landscape created by malicious attackers who jumped on the first opportunity to attack the more vulnerable home networks. As remote working becomes the new norm, it is paramount to have an agile infrastructure and team for security. Companies need to manage and orchestrate appropriate remediation activities carefully.

Open source helps developers build faster. But who’s making sure these open source dependencies (sometimes years out of development) stay secure? In a recent npm security research activity, Snyk uncovered a total of 8 npm packages which matched a specific malicious code vector of attack. This specific attack vector of the malicious packages included packages which had pre/post install scripts, which allowed them to run arbitrary commands when installed.

In this article, we are going to explore the process of ingesting logs into your data lake, and the value of importing your firewall logs into Coralogix. To understand the value of the firewall logs, we must first understand what data is being exported. A typical layer 3 firewall will export the source IP address, destination IP address, ports and the action for example allow or deny. A layer 7 firewall will add more metadata to the logs including application, user, location, and more.

GitHub is a code versioning tool, which means that it preserves a full history of searchable code changes. Sensitive data can proliferate in these code changes and is not always easily discoverable. Credentials & secrets that are hard-coded in GitHub repositories pose risk if repos are leaked or accessed via social engineering attacks, as they can provide access to infrastructure, databases, and third-party APIs. Likewise, sensitive data like customer PII can end up in code repos.

The success of a Secure Access Service Edge (SASE) architecture depends on how well networking and security teams, and the products and services they manage, converge into a shared set of priorities tied to business objectives. Unfortunately, new research from Censuswide confirms this network-security team collaboration is still strained—if not downright combative—at a majority of enterprises.

The Atlassian suite makes remote collaboration easy and efficient for distributed teams. Confluence, one of Atlassian’s best known and widely used apps, is a flexible and customizable wiki solution that can host almost anything for a company. From software documentation and process docs to hosting meeting notes and project plans, the possibilities for what your team can do in Confluence are endless.

It’s often said that cybersecurity is hard. Anyone who has ever worked their way through the SANS Critical Controls, PCI-DSS or even something deceptively minimalist as the OWASP Top 10 knows that success in achieving these security initiatives requires time-consuming, diligent and often a multi-team effort.

Writing a web application that supports securely logging into a website and managing your credentials is a surprisingly difficult task. You have to develop a way to manage sessions, understand how browsers store state (cookies), learn a cryptographically safe password storing technique (like bcrypt), all the while making sure you mitigate common web security vulnerabilities like XSS and CSRF.

For the last 25 years, SC Media’s SC Awards program recognizes the people, products and companies forging the cybersecurity industry’s future and advancing the cause of safe and secure commerce and communications. I’m pleased to share that Lookout Mobile Endpoint Security has achieved yet another leadership milestone by being named SC Awards’ Best Mobile Security Solution of 2021.