We just recently unveiled the industry’s first mobile endpoint detection and response (EDR) solution. This is an industry game changer as we are providing the same tools the Lookout security researchers use to hunt for novel threats to our customers to investigate cyberattacks. If you want to learn more about how we did it, I strongly encourage you to read our Chief Strategy Officer Aaron Cockerill’s blog on the announcement.
First identified as active in November 2012, 'njRAT', also known as 'Bladabindi' or 'Njw0rm', is a well established and prevalent remote access trojan (RAT) threat that was initially created by a cybercriminal threat group known as 'Sparclyheason' and used to target victims located in the Middle East. Undoubtedly following the source code leak, reportedly in May 2013, njRAT has become widely available on the cybercriminal underground with numerous variants being released over the years.
Every organization is adopting the cloud, but there are some companies that are reaping a larger number of benefits from cloud transformation than others. Making an effort to adopt the cloud is simply not enough to realize the benefits. The organization that prepares for efficiently managing risk will be able to capture a larger percentage of the benefits than one that has not.
Nightfall Data Loss Prevention (DLP) is now available as a CircleCI orb. CircleCI orbs are reusable snippets of code that help automate repeated processes, speed up project setup, and make it easy to integrate with third-party tools. With the Nightfall DLP orb, you can scan for sensitive items and prevent developers from accidentally committing sensitive information. We’re excited to announce our launch with CircleCI and share what you can do with the Nightfall DLP orb.
Each year we anticipate new research from James Kettle at the annual Black Hat USA event and he’s become known for his web cache research. This year he announced Web Cache Entanglement – new techniques to exploit web cache poisoning. We’ve previously covered his work concerning web cache poisoning and HTTP request smuggling which is intriguing for any software engineer to know about. This article will briefly highlight the main points about Web Cache Entanglement.
With recent global health events resulting in a surprise shift to an either completely remote or hybrid remote workforce for many organizations, the need to leverage mobile devices as work endpoints has grown significantly. This has created challenges for IT in maintaining both the ability to manage a wide range of devices, as well as securing them in a way that achieves corporate security objectives and governance.
We asked Samy Denno, the Head of our SOC, to give us an insight into managing a busy security operation and tell us what it takes to start out as an analyst.
When AT&T Incident Response Consultants first engage a client during a ransomware incident, the situation is often very chaotic. The client's ability to conduct business has stopped; critical services are not online, and its reputation is being damaged. Usually, this is the first time a client has suffered an outage of such magnitude. Employees may wrongly fear that a previous action is a direct cause of the incident and the resulting consequences.
While auditing the Kubernetes source code, I recently discovered an issue (CVE-2020-8566) in Kubernetes that may cause sensitive data leakage. You would be affected by CVE-2020-8566 if you created a Kubernetes cluster using ceph cluster as storage class, with logging level set to four or above in kube-controller-manager. In that case, your ceph user credentials will be leaked in the cloud-controller-manager‘s log.
