%term

Fix now: Vulnerabilities targeting the FireEye Breach

Dec 15, 2020 By Simon Roe In Outpost 24

On Tuesday 8th December in an unprecedented move leading cybersecurity provider FireEye admitted they had been breached and several of their red team tools and scripts had been stolen. In this blog we look at the list of vulnerabilities in these tools and how to protect your organization.

Read Post

Outpost 24

Read more about Fix now: Vulnerabilities targeting the FireEye Breach

State of Software Security v11: The Most Common Security Flaws in Apps

Dec 15, 2020 By Hope Goslin In Veracode

For our annual State of Software Security report, we always look at the most common types of security flaws found in applications. It’s important to look at the various types of flaws present in applications so that application security (AppSec) teams can make decisions about how to address and fix flaws. For example, high-severity flaws, like those listed in OWASP Top 10 or SANS 25, or highly prevalent flaws can be detrimental to an application.

Read Post

Veracode

Read more about State of Software Security v11: The Most Common Security Flaws in Apps

Netskope Threat Coverage: SUNBURST & FireEye Red Team (Offensive Security) Tools

Dec 15, 2020 By Dagmawi Mulugeta In Netskope

On Dec 8, 2020, the cybersecurity company FireEye reported that there had been a cyber attack on their systems. As part of this attack, their inventory of Red Team tools was stolen. These tools could potentially be used by a threat actor against unsuspecting victims. On Dec 13, 2020, after further investigation of this attack, FireEye reported that the initial vector came through SolarWinds, an upstream vendor, as a malicious trojanized update of SolarWinds’ Orion IT platform.

Read Post

Netskope

Read more about Netskope Threat Coverage: SUNBURST & FireEye Red Team (Offensive Security) Tools

Why Third-Party Risk on Google Drive Should Be a #1 Concern

Dec 15, 2020 By Nightfall In Nightfall

Sharing Google Workspace files with clients and partners feels like a normal part of doing business – especially as so many companies move to remote work. However, each time you share a file with someone outside of your organization, you increase what’s known as third-party risk. Third-party risk can open your business up to all types of internet security breaches, including IP theft, phishing attacks, malware, and data exfiltration.

Read Post

Nightfall

Read more about Why Third-Party Risk on Google Drive Should Be a #1 Concern

Astra Security Suite: One-stop solution to malware & hackers

Dec 15, 2020 By Astra In Astra

Overview of the Astra Security Suite.

View Video

Astra

Read more about Astra Security Suite: One-stop solution to malware & hackers

Tips for Writing & Enforcing Your Company's Policies - Business Tips | CurrentWare

Dec 15, 2020 By CurrentWare In CurrentWare

When running a business, your policies need to be clear, concise, and consistently enforced. In this video CurrentWare’s marketing coordinator Dale Strickland shares with you the best practices for writing and enforcing company policies. This video will be using an Acceptable Use Policy as an example but you can apply these tips to any other policy you have.

View Video

CurrentWare

Read more about Tips for Writing & Enforcing Your Company's Policies - Business Tips | CurrentWare

Meeting your data security responsibilities with GDPR penetration testing

Dec 15, 2020 By The Redscan Team In Redscan

In this article, we outline how conducting regular GDPR pen tests can help to mitigate the risks of data breaches. Since it came into effect in 2018, the GDPR has helped to improve the way that organisations operating across the EU and UK collect, handle, process and store personal data. The GDPR covers all aspects of data protection, including the requirement for organisations that handle personal data to improve information security and governance.

Read Post

Redscan

Read more about Meeting your data security responsibilities with GDPR penetration testing

Enabling Secure Kubernetes Multi-Tenancy with Calico Enterprise

Dec 15, 2020 By Tigera In Tigera

When you have different teams interacting with a Kubernetes cluster you need to think about the security, privacy, and observability challenges associated with multi-tenancy: How to provide each team with access to the specific resources they need, in a way that allows the team to be agile, without risking impacting other teams? In this session, we’ll explore the Kubernetes multi tenancy concepts and design patterns needed for successful enablement of multi-tenancy within your Kubernetes clusters using key capabilities of Calico Enterprise.

View Video

Tigera

Read more about Enabling Secure Kubernetes Multi-Tenancy with Calico Enterprise

Do you need to protect your sensitive CAD files when collaborating with third-party vendors?

Dec 15, 2020 By Secude In SECUDE

Cyberattacks are becoming a regular feature in the global market. The scale and variety of these attacks have grown considerably. The recent pandemic has spiked such attacks and many Covid-19 scams ranging from social media posts, smishing (small message phishing), phishing, ransomware, have skyrocketed this year.

Read Post

SECUDE

Read more about Do you need to protect your sensitive CAD files when collaborating with third-party vendors?

SUNBURST Backdoor: What to look for in your logs now - Interview with an incident responder

Dec 15, 2020 By Lennart Koopmann In Graylog

Yesterday, FireEye published a report about a global intrusion campaign that utilized a backdoor planted in SolarWinds Orion. Attackers gained access to the download servers of Orion. They managed to infect signed installers downloaded by Orion users who had all reason to believe that the packages are safe and had not been tampered with. With this information out in the world, teams are scrambling to investigate if their environments are affected by this breach.

Read Post