IONIX Wins Best Attack Surface Management (ASM) Solution in the 2023 Cybersecurity Excellence Awards Program
IONIX Reveals and Reduces the Expanding Attack Surface and its Digital Supply Chains.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
The Cross-Tenant Power Platform Connectors Vulnerability - Are You Safe Now?
Last week, on March 31st, NetSPI researchers announced that they found a cross-tenant Azure vulnerability in the Microsoft Power Platform connectors infrastructure, which allowed them to then access “at least 1,300 secrets/certificates in 180+ vaults”. In this article, we set out to analyze the root cause behind this vulnerability, explain its impact, and provide our own recommendations for Power Platform users and administrators.
Threat Detection and Response: 5 Log Management Best Practices
In a world where attackers can move fast, security teams need to move faster. According to SANS research from 2022, adversaries can perform intrusion actions within a five-hour window. While analysts need the Millennium Falcon of security technologies that enable threat detection and response in under twelve parsecs, increasingly complex IT environments make the 1-10-60 Framework feel unachievable.
The 443 Episode 237 - Operation Cookie Monster
This week on the podcast, we discuss another cybercrime marketplace takedown dubbed Operation Cookie Monster. After that, we discuss Microsoft's attempts to limit the distribution of a popular hacking toolkit. Finally, we discuss a recent analysis by Dr. Ken Tindell of Canis Automotive Labs around how criminals were able to steal his friend's Toyota Rav4. You can view Dr. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.
Baselining and Beyond: What's New in OT Security Add-On v2.2
Today, we are happy to announce that version 2.2 of the OT Security Add-On for Splunk is now available on Splunkbase. This update adds capabilities based on industry best practices and customer feedback and is designed to help companies mature in their OT security journey.
CISO Matters: How to Win Security Allies and Influence the Business
The rumors are true: it can get lonely at the top. As a CISO, I have many teams below me, a board of directors to keep happy and an organization to protect. This is nothing new, and at this stage of my career, I’ve become familiar with the many challenges — and even greater rewards — that go hand in hand with leading. Of course, it helps that I’ve been managing from the jump.
Vulnerability Types: 5 Types of Vulnerabilities You Need To Know
A vulnerability is any flaw or weakness within the technology system that cybercriminals can exploit to gain unauthorized access to a network, information assets and software applications. For any organization today, there are plenty of vulnerabilities. Knowing where and how vulnerabilities can exist, you can start to get ahead of them. So, let’s look at the 5 most important types of vulnerabilities.
The ISO/IEC 27001 Standard for InfoSec: Meaning, Importance & Requirements
ISO/IEC 27001 is the international standard on information security. It was established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to stipulate the framework for implementing Information Security Management Systems (ISMS) in an organized and risk-effective way. For this article, we’ll mostly refer to ISO 27001, but know that we’re referring to both ISO/IEC 27001. Got it? Let’s begin!
FedRAMP Compliance: What It Is, Why It Matters & Tips for Achieving It
Data security is a major concern for almost everyone. From organizations to individuals, most of us who use or supply cloud-based services want to ensure that our information stays confidential and accessible. However, these concerns are amplified to national security when government data is the subject. That’s why the U.S.government has a stringent set of security requirements known as FedRAMP®. All cloud vendors that provide services to federal agencies must comply with these standards.
Analyzing Impala Stealer - Payload of the first NuGet attack campaign
In this blog post, we’ll provide a detailed analysis of a malicious payload we’ve dubbed “Impala Stealer”, a custom crypto stealer which was used as the payload for the NuGet malicious packages campaign we’ve exposed in our previous post. The sophisticated campaign targeted.NET developers via NuGet malicious packages, and the JFrog Security team was able to detect and report it as part of our regular activity of exposing supply chain attacks.