%term

Vulnerability Management - Intro to Torq Webinar

Mar 31, 2022 By Torq In Torq

As recent vulnerabilities like log4j have shown, having a standardized approach to identifying vulnerabilities and applying patches is essential to organizations looking to keep their systems safe from exploits. Whether it's preventative maintenance or responding to new 0-days, a continuous vulnerability management program ensures that security teams can rapidly identify risks and work cross-functionally to deploy patches and verify successful remediation.

View Video

Torq

Read more about Vulnerability Management - Intro to Torq Webinar

Veracode Product Update

Mar 31, 2022 By Veracode In Veracode

This episode of Veracode Insiders features Elisa Velarde, Senior Product Marketing Manager, here at Veracode. Tune in for an update on a new product enhancement that allows your security team to find log4shell at runtime.

View Video

Veracode

Read more about Veracode Product Update

What is Zero Standing Privilege (ZSP)?

Mar 31, 2022 By Sakshyam Shah In Teleport

Zero standing privilege (ZSP) is an applied zero trust security strategy for privileged access management (PAM). The term zero standing privilege was coined by an analyst at Gartner. In practice, it implies no users should be pre-assigned with administrative account privileges. Zero-trust security forbids authorization based on static predefined trust boundaries.

Read Post

Teleport

Read more about What is Zero Standing Privilege (ZSP)?

When it Comes to Tax Season, There is no Safe Haven From Phishing Attacks

Mar 31, 2022 By Steve Banda In Lookout

In this world, nothing is certain except death and taxes. The latter of which malicious actors capitalize on seasonally with phishing attacks. From consumers to corporate finance and human resources (HR) departments, these social engineering attacks have become so pervasive that the IRS issued an annual advisory as a warning to businesses and consumers.

Read Post

Lookout

Read more about When it Comes to Tax Season, There is no Safe Haven From Phishing Attacks

Banner Grabbing Tools And Techniques Explained

Mar 31, 2022 By Editor In Cyphere

As we all know, whenever it comes to penetration testing, the first thing which comes to mind is reconnaissance. Banner grabbing is used in the initial phase of reconnaissance to get an idea about the target system or application.

Read Post

Cyphere

Read more about Banner Grabbing Tools And Techniques Explained

A Day In The Life of an Energy Company CISO - Mel Migriño

Mar 31, 2022 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about A Day In The Life of an Energy Company CISO - Mel Migriño

SpringShell (Spring4Shell) Zero-Day Vulnerability CVE-2022-22965 : All You Need To Know

Mar 31, 2022 By Shachar Menashe In JFrog

On March 29th, the cyberkendra security blog posted a sensational post about a Log4Shell-equivalent zero-day vulnerability in Spring Framework, but without any solid details about the vulnerability itself.

Read Post

JFrog

Read more about SpringShell (Spring4Shell) Zero-Day Vulnerability CVE-2022-22965 : All You Need To Know

Out of Band (OOB) Data Exfiltration via DNS

Mar 31, 2022 By Tyler Reguly In Tripwire

Last week, I attended the NotSoSecure Advanced Web Hacking training. While there were plenty of interesting topics taught, one that caught my attention was Out-of-Band (OOB) Data Exfiltration using DNS. Back in 2018, NotSoSecure published an Out of Band Exploitation (OOB) CheatSheet. In that document, they cover methods by which you can exfiltrate data. One of these uses files written to disk and multiple DNS queries to send large chunks of data.

Read Post

Tripwire

Read more about Out of Band (OOB) Data Exfiltration via DNS

Spring4Shell: The zero-day RCE in the Spring Framework explained

Mar 31, 2022 By Brian Vermeer In Snyk

On March 30, 2022, a critical remote code execution (RCE) vulnerability was found in the Spring Framework. More specifically, it is part of the spring-beans package, a transitive dependency in both spring-webmvc and spring-webflux. This vulnerability is another example of why securing the software supply chain is important to open source.

Read Post

Snyk

Read more about Spring4Shell: The zero-day RCE in the Spring Framework explained

RDS Clipboard Redirection: Should you allow it?

Mar 31, 2022 By John Gates In CalCom

In this article we will provide basic information regarding the Clipboard Redirection setting, which enables the copy past function in remote desktop. Once you have decided the setting’s desired value, be sure and test it to fully understand what will be its impact on your production. This is critical since you don’t want it to result in damage to production. Configuring RDS Clipboard Redirection settings is a fundamental step in the hardening project.

Read Post

CalCom

Read more about RDS Clipboard Redirection: Should you allow it?

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability Management - Intro to Torq Webinar

Veracode Product Update

What is Zero Standing Privilege (ZSP)?

When it Comes to Tax Season, There is no Safe Haven From Phishing Attacks

Banner Grabbing Tools And Techniques Explained

A Day In The Life of an Energy Company CISO - Mel Migriño

SpringShell (Spring4Shell) Zero-Day Vulnerability CVE-2022-22965 : All You Need To Know

Out of Band (OOB) Data Exfiltration via DNS

Spring4Shell: The zero-day RCE in the Spring Framework explained

RDS Clipboard Redirection: Should you allow it?

Monthly Archive

Follow Us