Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Dark Reading is a great site to follow if you want to keep up with the latest IT security news and trends. You’ll find plenty of articles on topics like ransomware, supply chain security and insider threats. But one type of security challenge that wasn’t previously covered in a lot of detail on Dark Reading – or on most IT media sites, for that matter – was the risk associated with “citizen development,” an increasingly popular practice within enterprises.

Today, for enterprises and even SMB companies, IT is a sprawling but interconnected universe of applications, devices, and services all running in tandem to maintain the lifeblood of these organizations—data. Navigating the complexities of this arrangement is not just a challenge for security teams (something which Nightfall customers have attested to, before adopting our platform), it’s a genuine challenge for anyone who must manage and use information.

The standard shipping container is the unsung hero of the modern world! More on that later…

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Quite a weird bunch this week. First is a sub domain of a well known brand being taken over to host a scam. Luckily didn’t get away with a huge amount, but even so something to watch for with other brands.

Maybe I’m a bit late to the game on this one, but I recently discovered PwnFox and it has quickly one of my favorite tools yet. So, what is PwnFox? To put it simply, it’s a BurpPro extension that works with Firefox. It accomplishes two things. First, it helps containerize up to eight (yes, that’s right… eight!) different sessions within one browser and secondly, it organizes all your proxied traffic in Burp BY COLOR! I’ll dive a bit more into #2 in a second.

Nowadays, there is a wide range of solutions on the market that claim to safeguard the security of corporate computers and networks. Benefits such as protection against sophisticated malware attacks, good performance when running processes, usability or quality technical support should be the norm, but this is not always the case.

This week BlackHat Asia 2022 took place in hybrid mode. It’s one of the most important events within the #infosec community, where security experts show how far they can go. In this edition, the trend of talks and tools focused on improving the security of Kubernetes, Cloud Security or Supply Chain, either from the perspective of the blue team or the red team.

The transaction details and monetization patterns of modern eCrime reveal critical insights for organizations defending against ransomware attacks. Cybercrime has evolved over the past several years from simple “spray and pray” attacks to a sophisticated criminal ecosystem centered around highly effective monetization techniques that enable adversaries to maximize success and profitability.

This blog is part two of a series about identity-aware access for Amazon RDS. In Part I, we covered how to use OSS Teleport to access Amazon RDS instances running in private subnets. In Part II, we will guide you through the steps to configure single sign-On (SSO) for Amazon RDS with Okta, SAML and Teleport.