Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The explosive growth of the Internet of Things (IoT) is changing the way we live, with over 27 billion connected devices by 2020, it’s no wonder that businesses are looking to IoT solutions to improve efficiency and drive innovation. However, with this increased connectivity comes a variety of new security threats that need to be addressed. In this article, we will discuss best practice guidelines for managing your IoT security.

What is a Trust Champion? A Trust Champion is the person who helps their organization measure and meet their internal compliance obligations. Their actions support revenue-generating activities, protect their organization from legal and contractual liabilities, and enable the organization to confidently and transparently showcase an intentional, robust, and differentiated culture of trust. Beth White – Founder & CEO – has been greatly involved with MeBeBot’s compliance procedure.

When choosing automated mobile app security testing tools, mobile app development companies have two options: open-source and commercialized tools. But which one should you go for? Or, to be more precise, which one’s cheaper? If you have these questions on your mind, you’ve come to the right place. This blog explicitly differentiates open-source mobile app security testing tools from commercialized ones based on different factors, including cost.

A company’s IT infrastructure and data are some of its most valuable assets today. Consequently, protecting them is an increasingly critical goal to stave off worst-case scenarios and preserve a business’s value. By the same token, robust cybersecurity can make a company more valuable. Many organizations understand the importance of cybersecurity as a defense but may overlook its role as an asset.

We just enhanced Styra Declarative Authorization Service (DAS) with a feature customers have been asking for: near-instant scanning of policy-as-code config files right in GitHub. …Oh, and as a bonus, it’s free, it’s available now and it only takes a couple minutes to see live in-action in your repos!

During a recent engagement, Trustwave SpiderLabs discovered an Indirect Object Reference (IDOR) vulnerability within Squiz Matrix CMS which would allow any low privileged user to change the contact details of any other user on a Squiz Matrix instance (including administrators). An attacker exploiting the vulnerability could change an administrator’s email address to an attacker-controlled email address after which the attacker could reset the administrator’s password.

“If a tree falls in a forest and no one is around to hear it, does it make a sound?” If an unmanaged device is infected with ransomware, will the security operations team receive an alert? Consider a contractor or employee who uses their personal laptop for work. If that device becomes infected with ransomware, not only does it pose a risk to the organization’s data and a risk to other devices within the organization, but the device is not centrally managed.