Technology

Ransomware: A Cloudy Forecast

Apr 27, 2022 By Lookout In Lookout

Ransomware remains high on the risk register for most enterprises, yet this threat has morphed into more targeted and insidious forms with multiple dimensions and points of coercion. As mobile working and cloud adoption became the norm, your data is now distributed, hard to monitor, and your organization’s operations are at risk. Identity is the new perimeter and the first place a modern ransomware crew will go to work. In this session, security professionals and enterprise leaders will learn.

View Video

Lookout

Read more about Ransomware: A Cloudy Forecast

Choosing Open Source Libraries

Apr 27, 2022 By Snyk In Snyk

In this quick video, Brian Clark talks through best practices when choosing open source libraries and shows how to accelerate your OSS evaluations. Chapters: Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Choosing Open Source Libraries

Rethinking Privileged Access Management for Cloud and Cloud-Native Environments

Apr 27, 2022 By Sakshyam Shah In Teleport

SSH was designed in 1995, LDAP was initially developed in 1993, and role-based access control was introduced in 1992. The concept of least privilege was introduced in 1975. With all of these existing technologies, when are modern privileged access management solutions necessary? This is a common question asked when we pitch the idea of modern privileged access management (PAM).

Read Post

Teleport

Read more about Rethinking Privileged Access Management for Cloud and Cloud-Native Environments

CrowdStrike Delivers Adversary-Focused, Platform Approach to CNAPP and Cloud Security

Apr 27, 2022 By Amol Kulkarni In CrowdStrike

Cloud-based services have revolutionized business processes and emerged as the backbone of the modern enterprise. According to analyst firm Gartner®, “more than 85% of organizations will embrace a cloud-first principle by 2025 and will not be able to fully execute on their digital strategies without the use of cloud-native architectures and technologies.”

Read Post

CrowdStrike

Read more about CrowdStrike Delivers Adversary-Focused, Platform Approach to CNAPP and Cloud Security

Root Detection Techniques

Apr 27, 2022 By Ajay Pandita In Appknox

Phone manufacturers and mobile network operators often implement stringent software restrictions for security reasons. However, these constraints can be circumvented by rooting your Android phone. Rooting is the process of gaining access to more administrative-level controls on an Android device. Despite its benefits, attackers often use rooting to target sensitive user and business data. According to security experts, 36 out of 1000 Android devices are rooted globally.

Read Post

Appknox

Read more about Root Detection Techniques

Generating fake security data with Python and faker-security

Apr 25, 2022 By Michael Aquilina In Snyk

Snyk recently open sourced our faker-security Python package to help anyone working with security data. In this blog post, we’ll briefly go over what this Python package is and how to use it. But first, we’ll get some context for how the factory_boy Python package can be used in combination with faker-security to improve your test-writing experience during development. Note: Some knowledge of Python is helpful for getting the most out of this post.

Read Post

Snyk

Read more about Generating fake security data with Python and faker-security

PGP Decryption Bypass in Flutter Application

Apr 25, 2022 By Vighnesh Raje In Appknox

During the assessment of one of the financial applications built upon the flutter framework, we came across that the application was using PGP encryption for encrypting the API requests. It is pretty common for financial applications to be implementing traffic encryption, with AES seen to be the preferred algorithm for encrypting traffic. There is plenty of research already available on decrypting AES encrypted traffic.

Read Post

Appknox

Read more about PGP Decryption Bypass in Flutter Application

6 API Security Best Practices for Web Apps

Apr 22, 2022 By Indusface In Indusface

Thinking about all the high-profile cyber threats that businesses face today can make you feel overwhelmed. The most devastating security breach incidents that made headlines, show the incidence of API abuse. Take Venmo, Panera, Equifax, WikiLeaks, and Uber’s hacks for example. With these incidents, it is clear that cybercriminals are becoming smarter, and many businesses are not focusing much on API security.

View Video

Indusface

API
Security

Read more about 6 API Security Best Practices for Web Apps

Demo: WatchGuard Automation Core API Framework

Apr 21, 2022 By WatchGuard In WatchGuard

Explore the automation of the RESTful API Framework in WatchGuard products to configure and manage security services.

View Video

WatchGuard

Read more about Demo: WatchGuard Automation Core API Framework

Software Supply Chain Security: The Basics and Four Critical Best Practices

Apr 21, 2022 By Adam Murray In Mend

Enterprise software projects increasingly depend on third-party and open source components. These components are created and maintained by individuals who are not employed by the organization developing the primary software, and who do not necessarily use the same security policies as the organization. This poses a security risk, because differences or inconsistencies between these policies can create overlooked areas of vulnerability that attackers seek to exploit.

Read Post