Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In an incident response investigation, CrowdStrike analysts use multiple data points to parse the facts of who, what, when and how. As part of that fact-finding mission, analysts investigating Windows systems leverage the Microsoft Protection Log (MPLog), a forensic artifact on Windows operating systems that offers a wealth of data to support forensic investigations. MPLog has proven to be beneficial in identifying process execution and file access on systems.

This weekly cybersecurity news overview provides a brief recap of the most important and interesting stories that dominated headlines in the past seven days.

At SnykCon 2021, there were a number of insightful talks from companies that were able to build successful AppSec programs. As the Lead Platform Architect at Lunar and a Cloud Native Computing Foundation (CNCF) ambassador, Kasper Nissen’s presentation was no exception. In this post, we’ll recap Nissen’s talk about how his security team at Lunar was able to shift security left while building a cloud native bank.

The SSH agent (ssh-agent) is an SSH key manager that stores the SSH key in a process memory so that users can log into SSH servers without having to type the key’s passphrase every time they authenticate with the server. In addition to the key management feature, SSH agent supports agent forwarding, which helps to authenticate with servers that sit behind a bastion or jump server.

A reverse Proxy server processes all traffic between end-users and a web server. To achieve this, this type of proxy server is situated at a network's edge as an additional endpoint where it receives all initial HTTP connection requests before they're sent to the origin server (where all website data is stored). Reverse proxies can be regarded as the security guard of your network, ensuring all connection requests are legitimate and securely established.

The threat landscape is expanding and security professionals are barely keeping up. On a daily basis, CISOs and cybersecurity staff need to contend with new malware variants, data breach attempts, ransomware attacks, zero-day exploits - all while ensuring uninterrupted dedication to vendor risk mitigation efforts. With so many cyber threats testing your cyber resilience at once, where should you focus your cybersecurity efforts?

Elastic Security engineers have documented a less tedious way to find network beaconing from Cobalt Strike. In their full analysis (), Elastic Security team researchers Andrew Pease, Derek Ditch, and Daniel Stepanic walk users through the Elastic fleet policy, how to collect the beacon, beacon configuration, how to analyze its activity, and how you can set it up in your organization’s environment.

Kubescape is now available on the Visual Studio extension marketplace. Visual Studio code extensions are add-ons that allow developers to customize and enhance their experience in Visual Studio by adding new features or integrating 3rd party tools. An extension can range in all levels of complexity, but its main purpose is to increase developers’ productivity and cater to their workflow.