What is a WAF? (Web Application Firewall)
This piece was originally published on Fortra’s AlertLogic.com Blog.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Explaining the PCI DSS Evolution & Transition Phase
The boon of online business and credit card transactions in the early 90s and 2000s resulted in an increasing trend of online payment fraud. Since then, securing business and online card transactions has been a growing concern for all business and payment card companies. The increasing cases of high-profile data breaches and losses from online fraud emphasized the need for urgent measures and a standardized approach to address the issue.
Active Directory Nested Groups
Active Directory (AD) security groups enable administrators to grant access to IT resources, both within a domain and across domains. However, groups can be members of other groups. This group nesting has profound implications for security, so it’s vital to understand nesting and how to nest groups correctly. This article explains how group nesting works and the best practices to follow.
Australia's Growing Focus on Critical Infrastructure Cybersecurity in 2023
In recent years, several major cyberattacks targeted critical infrastructure in Australia, including a major telecommunication company, which suffered a devastating data breach in September 2022. Soon after this cyberattack, Australia’s biggest health insurer also faced a ransomware attack in October 2022 that caused systems to go down. Customers could not access services through the company’s website or app.
Hello CISO - Episode 12: Security Training That's Actually Useful
In this final episode of Hello CISO, Troy’s talking training: how to generate enthusiasm for training initiatives, why that’s so critical for success, and some practical tips to tailor your training to your learners and maximize retention. Hello CISO is a collaboration between Troy Hunt and the people who build the world's most trusted enterprise password manager.
The Threat Hunting Guide: Everything To Know About Hunting Cyber Threats
Threat hunting has become an increasingly important aspect of cybersecurity, as organizations strive to identify and mitigate security incidents that automated systems may have missed. Yes, the definition of threat hunting can vary, and it generally involves a combination of manual and machine-assisted processes driven by human curiosity and pattern recognition.
The 9 Cybersecurity Questions Every C-Suite Needs to Ask
As cyber threats continue to evolve and the attack surface continues to expand, the risk of a breach becomes a matter of if not when. With migration to the cloud accelerating along with a shift to hybrid work and a surge of new IoT devices at play in every industry, it’s time for organizations to shift the way they view cybersecurity. It is no longer enough to play defense, hoping you can thwart an attack and contain the damage when it comes.
Lessons from OpenSSL vulnerabilities part 2: Finding and fixing supply chain vulnerabilities
This supply chain series centers on the lessons learned from OpenSSL and what you need to consider when enhancing your supply chain security. While this series will focus on OpenSSL and relevant libraries, we'll also consider vulnerabilities across the board. In the first installment, we covered everything you need to know about where to look for vulnerable libraries.
CS Brown Bag 4 25 Observability
Brown Bag Session focused on security delivered by Pawel Dukat - April 25, 2023.
Are you worried about the security of your software supply chain?
GitGuardian Honeytoken has got you covered. You can deploy honeytokens at scale, monitor for unauthorized use, and detect intrusions in your supply chain before they can cause any damage to your assets. Honeytokens are unique, decoy credentials that can be placed across your software delivery pipeline, giving you the ability to track unauthorized access attempts in real time. They allow you to monitor when, where, and how attackers are trying to access your assets. This way, you can take proactive measures to prevent attacks before they happen.