Weekly Cyber Security News 26/03/2021
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Wow, pretty much everything out in the clear. Oh boy.
What is Digital Risk?
Digital risk refers to all unexpected consequences that result from digital transformation and disrupt the achievement of business objectives. When a business scales, its attack surface expands, increasing its exposure to outside threats. This makes digital risk an unavoidable by-product of digital transformation. Fortunately, digital risk protection strategies have been developed to mitigate digital risk so that organizations can continue confidently scaling their operations.
What is Digital Risk Protection (DRP)? You could be exposed.
Digital risk protection (DRP) is the practice of protecting organizations from cyber threats during digital transformation. Rather than reacting to cyber threats after they're discovered, cybersecurity strategies must shift to a proactive approach to protection. This is the key to supporting ecosystem expansion while mitigating risk.
RFD 14 Demo - Per-session MFA
This video is a demo of our per-session MFA coming in Teleport 6.1 https://github.com/gravitational/teleport/blob/master/rfd/0014-session-2FA.md#rfd-14---per-session-mfa
Cloud SIEM: Modernize Security Operations and your Cyber Defense
Scott Crawford, Research Director of Information Security at 451 Research, a part of S&P Global Market Intelligence, joined by Greg Market, Vice President and General Manager of Security at Sumo Logic, discuss the increased adoption of cloud as a deployment model for SIEM. Cloud SIEM and various forms of deployment has become a significant factor for enterprises according to survey-based research at 451 Research.
SSRF Attack Examples and Mitigations
Server-Side Request Forgery (SSRF) is an attack that can be used to make your application issue arbitrary HTTP requests. SSRF is used by attackers to proxy requests from services exposed on the internet to un-exposed internal endpoints. SSRF is a hacker reverse proxy. These arbitrary requests often target internal network endpoints to perform anything from reconnaissance to complete account takeover.
How To: Build and Maintain a DevSecOps Culture
DevSecOps is the process of integrating secure development best practices and methodologies into development and deployment processes. Reliant on the fast development and delivery of agile software, businesses cannot afford to miss a step when it comes to keeping pace with the competition. However, when the next security breach is a matter of ‘when’ not ‘if,’ organizations are also ill-fated if they fail to ensure that their DevOps processes are just as secure as they are speedy.
Top 3 AppSec Challenges to the Financial Industry
The financial industry’s digital transformation is highly reliant on applications, just like the rest of the software development ecosystem. This requires everyone involved to invest in application security management as part of the effort to protect their data and systems.
Average ransomware payouts shoot up 171% to over $300,000
Organisations hit by ransomware attacks are finding themselves paying out more than ever before, according to a new report from Palo Alto Networks. The Unit 42 threat intelligence team at Palo Alto Networks teamed up with the incident response team at Crypsis to produce their latest threat report which looks at the latest trends in ransomware, and compares payment trends to previous years.
Styra DAS Free Expands to Include Custom Systems
As part of Styra’s vision for unified authorization, we founded the Open Policy Agent project (OPA) to make policy-based control of the cloud-native stack accessible to everyone. OPA has now grown to become the de facto standard for authorization across the stack, leading to a large part of the community looking for ways to manage the OPA policy-as-code lifecycle.