December 2020

netwrix

2020: IT Security Lessons to Learn

The year 2020 reshaped business processes and accelerated changes in the way we work, communicate and live. The shift to remote work put a lot of strain on business processes, IT departments and security teams, and cybercriminals used panic and chaos to exploit the situation. Here, we analyze the experiences of the past year and explore the most important challenges we should be prepared for in 2021, as well as share some comments from IT security pros.

netskope

How Netskope Can Help with Your 10 Critical Security Project - Nos. 3-4

The annual list of top security projects from Gartner provides key insights on where security leaders should focus their limited time and resources to be the most effective at protecting their data, users, and infrastructure. Netskope provides value for each of the top 10 recommended security projects for this year and next, including many critical capabilities. This blog series will highlight each Gartner recommendation and how Netskope specifically can help.

upguard

Why Should I Be Worried About BlueKeep (CVE-2019-0708)

The BlueKeep RDP vulnerability (CVE-2019-0708) is a remote code execution flaw that affects approximately one million systems (as at 29 May 2019) running older versions of Microsoft operating systems. Attention shifted to BlueKeep about two weeks ago, during Microsoft's May 2019 Patch Tuesday. Microsoft released patches but their warning that the vulnerability is wormable drew the attention of security researchers who have uncovered more concerning findings about this emerging threat.

detectify

Top 10 Most Critical CVEs Added in 2020

Our global community of hand-picked Detectify Crowdsource ethical hackers are the reason we are able to automate security research so quickly to protect web applications from attack. This past year, we received a record 1300+ submissions from the community including over 180 zero-day vulnerabilities! Every module and security test we build from these hacker-submitted vulnerabilities helps us make the internet more secure.

Appknox Year in Review 2020

Every year has defining moments, but no one could’ve expected the world-changing and paradigm-shifting developments that have taken up over the course of this year. That Include combating COVID-19, Global Warming, WFH, waves of social unrest and many more. At Appknox we have had several defining moments. We have seen substantial growth in terms of revenue, customers, region of operations and many more.
Convene

Design an Effective Board Performance Evaluation

A regular board performance evaluation helps the board improve and execute better governance. Periodic performance evaluations are necessary to pinpoint pain areas that should be looked into to increase the board’s effectiveness and an organization’s compliance purposes. Here is a list of things to consider when designing an effective board performance evaluation.

tripwire

A Review of Ransomware in 2020

As if dealing with COVID-19 were not enough, 2020 turned out to be a banner year for another troublesome strain of virus— ransomware. Malicious actors grew more sophisticated, daring and brutal. They also hit a number of high-profile targets. For those of you who didn’t keep up with all of the developments in the ransomware space, we’ve broken down some of the most important events and trends of the year here.

tripwire

Hacking Christmas Gifts: Remote Control Cars

If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward their possible security implications.

upguard

Tripwire vs OSSEC

Effective cybersecurity is no longer relegated to deep-pocketed enterprises—a myriad of open source solutions can offer adequate protection to the most cash-strapped of organizations. That said, there are some capabilities free just won't get you, but how critical are they in the grand scheme of cyber resilience and are they worth the price tag? Tripwire and OSSEC are two popular solutions on opposite sides of this spectrum; let's see how they stack up.

upguard

Tripwire vs RedSeal

To survive in today's cyber threat landscape, enterprises increasingly rely on layered defenses to smooth out attack surfaces. A variety of tools are available to cover all parts of the security continuum: security information and event management (SIEM), security configuration management (SCM), vulnerability detection, and more. Tripwire and RedSeal are two platforms that cover different, but equally important, aspects of enterprise security—let's see how they stack up in this comparison.

upguard

AlienVault vs QRadar

It's not uncommon for organizations to encounter hundreds of security incidents on a daily basis—from the trivial poking and prodding of script kiddies to nefarious activities that constitute the inner workings of advanced persistent threats (APTs). Transforming this volume of data into actionable information is impossible without the assistance of security intelligence, specifically, the analytic capabilities of security information and event management (SIEM) tools.

upguard

System Center Operations Manager (SCOM) vs Nagios

For today’s busy sysadmin, systems health and performance monitoring tools like Microsoft’s SCOM (Systems Center Operations Manager) and the open-source Nagios are invaluable. They enable at-a-glance monitoring of large numbers of servers throughout a network, which is doubly critical in case of a widely geographically dispersed network setup such as in a WAN or MAN. Though they broadly achieve the same goals, SCOM and Nagios come at it from quite different directions.

sysdig

5 Best practices for ensuring secure container images

Most modern organizations understand that the earlier you integrate security into the development process, the more secure the applications will be in production. For containerized workloads, securing the container image throughout the application life cycle is a critical part of security, but many organizations don’t even follow basic best practices for ensuring secure container images.

tripwire

Don't Let Your Stored Procedures Lack Integrity

As a security analyst, engineer, or CISO, there are so many aspects of the field that require immediate attention that one cannot possibly know everything. Some of the common areas of security knowledge include topics such as where to place a firewall, configuration and patch management, physical and logical security, and legal and regulatory concerns.

tripwire

Privacy in 2020 and What to Expect for the Year Ahead

2020 was dominated by news of the pandemic and anchored by reality that we all found ourselves in – entire families logging in remotely, trying to keep school and work feeling “normal.” While we tested the limits of what a home office could sustain, the privacy and security of a fully remote world was put front and center. In this piece, we take a look at a few privacy highlights that will likely impact your business and look ahead to see what’s in store for 2021.

netwrix

ROI: Expert Tips for Justifying Security Investments

Over the last few months, I’ve had a number of conversations about the need to justify security spending. This year has been tough for a lot of organizations, so IT budgets are generally not growing. Plus, the money already allocated often had to be re-prioritized to meet changing business needs. At the same time, executives and board members become painfully aware of today’s cyber risks and the cost of not paying attention.

ekran

Insider Threat Statistics for 2020: Facts and Figures

Insiders remain one of the key threats to corporate cybersecurity. But insider threats are changing: they’re becoming more frequent, trickier to detect, more damaging, and, ultimately, more costly. Industry statistics and reports on insider threats help us detect those trends and upgrade our security to combat them.

synopsys

DevSecOps: The good, the bad, and the ugly

DevSecOps offers benefits—but it also has its challenges. Learn why companies are making the shift and why it’s not always easy. DevSecOps is the practice of integrating security into every stage of the DevOps pipeline. It unites development activities, operations support, and security checks, and coordinates the teams involved in the software development life cycle (SDLC). The synergy between the teams is helped by automation.

detectify

Detectify security updates for December 28

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

anlyz

Top 7 Cybersecurity Threats to Watch Out For in 2021

2020 is coming to a close and technology has evolved rapidly to make way for changing market conditions. Cloud computing, Artificial Intelligence (AI), automation, and the Internet of Things (IoT) are evolving technologies that create unparalleled opportunities for companies to unlock new value. When technology advances, so does the landscape of cyber threats that companies have to navigate.

anlyz

Key Benefits Of A SOAR Solution For MSSPS

An increasing number of organizations have partnered with Managed Security Service Providers due to the large range of threats facing organizations (MSSP). MSSPs support organizations efficiently by not only identifying external risks but also aiding them in the response to incidents. They also, however, battle a major problem: falling victim to the same shortcoming and bigger risks. They must ensure that consumers are met with Service Level Agreements (SLAs).

idcentral

What data categories are essential for an effective marketing strategy?

With the changing calendar year, we also observe digital maturity among people. A change in their buying pattern, increased use of digital services for financial transaction, change in consumption pattern of social media content was anticipated and it happened. As a result, customers expectation from their digital experiences have increased significantly. They expect the brands to envision their necessities and customize their experiences.

teramind

Top 5 Insider Threat Detection and Prevention Software of 2021

Dealing with insider threats requires a different strategy from other security challenges because of their very nature. Insiders have a significant advantage. They are aware of the organization’s policies, procedures, technology and vulnerabilities. They often have access to important systems, business IP and sensitive data. As such, they can cause a business the most damage compared to external attackers such as hackers.

Convene

How to Convince Association Board Members to Adopt Board Portal

Switching to new technology solutions is always challenging, especially when convincing people such as association board members to adopt the change. But with the right mindset, the transition can be effortless. When the software effectively patches the gaps in workflows, you can make things run much easier. Making a case for the implementation is just a matter of discussion that is supplemented with facts. Many business types and organizations can benefit equally from using board portal software.

manageengine

Protect your organization against Adrozek

Adrozek is a malicious browser modifier that, when installed on users’ machines, infects them with adware. This particular strain of malware has been making rounds since May 2020; according to Microsoft, it was at its peak in August, when as many as 30,000 computers were affected per day. Although classified as adware, Adrozek is also designed to collect information extracted from browsers by modifying browser settings and extensions.

netwrix

Data Security: What Happened in 2020, Continues in 2021

The year 2020 has been a time of unprecedented change. This year’s events continue to alter the course of cybersecurity, making it even more important to ensure that we better prepare ourselves for what’s to come. In this blog post, we review the key data security trends of 2020 and share several predictions about how they will affect enterprises and cybersecurity leaders in 2021. The global pandemic reinforced the exceptional value of cloud computing to the world economy.

appknox

Appknox Year in Review 2020

The year 2020 began with so many promises for team Appknox. We had just ended 2020 on a high note with substantial growth in revenue, customer acquisition and regional expansion. As we looked forward charged up to blaze past 2020, the world was shocked and humbled with the sudden COVID-19 pandemic. Just like all other companies globally, Appknox was faced with tremendous pressure to act, think and evolve quickly.

tripwire

Hacking Christmas Gifts: Artie Drawing Robot

If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward their possible security implications.

nightfall

CISO Insider S1E2 - "You have unlimited questions left" with Ty Sbano, Part 2

At Nightfall, we believe in the power of learning from those who have done it before. That’s why we created CISO Insider — a podcast interview series that features CISOs and security executives with a broad set of backgrounds, from hyper-growth startups to established enterprises. Through these interviews, we’ll learn how industry experts overcame obstacles, navigated their infosec careers, and created an impact in their organizations.

netskope

How Netskope Can Help with Your 10 Critical Security Projects - Nos. 1-2

The annual list of top security projects from Gartner provides key insights on where security leaders should focus their limited time and resources to be the most effective at protecting their data, users, and infrastructure. Netskope provides value for each of the top 10 recommended security projects for this year and next, including many critical capabilities. This blog series will highlight each Gartner recommendation and how Netskope specifically can help.

upguard

Agent vs Agentless Monitoring: Why We Chose Agentless

When we set out to create a cloud-based tool for configuration monitoring, we used the tools we knew and wrote UpGuard using JRuby. For our application, JRuby had many good qualities: getting started only required a one line install, the agent only needed to talk out on port 443, and it was platform agnostic. Using JRuby we demonstrated the value of system visibility, attracted our first cohort of customers, and raised the funds to expand UpGuard.

lookout

What SolarWinds teaches us about Zero Trust for mobile endpoints

On December 17, CISA released an alert about an advanced persistent threat (APT) that compromised a number of U.S. government agencies, U.S. technology and accounting companies, and at least one hospital and one university. The cyberattack was executed by injecting malware into a software update from network management software company SolarWinds, which has over 18,000 customers.

sysdig

Detect CVE-2020-8554 using Falco

CVE-2020-8554 is a vulnerability that particularly affects multi-tenant Kubernetes clusters. If a potential attacker can create or edit services and pods, then they may be able to intercept traffic from other pods or nodes in the cluster. An attacker that is able to create a ClusterIP service and set the spec.externalIPs field can intercept traffic to that IP. In addition, an attacker that can patch the status of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.

alienvault

'Tis the season for session hijacking - Here's how to stop it

The air is getting colder, leaves are falling from the trees, and people everywhere are settling in for the holiday season. Which means one thing - increased cybersecurity vulnerability. With more aspects of the winter holidays relegated to online platforms this year, people everywhere are more susceptible to cyberattacks. Luckily, there are plenty of simple steps you can take to protect yourself from digital threats and online scams.

tripwire

Card-Not-Present Fraud: 4 Security Considerations for Point of Sale Businesses

As the retail world’s center of gravity shifts to the cloud, payment card fraud has followed suit. According to Verizon’s retail vulnerabilities study, attacks against e-commerce applications are by far the leading cause of retail data breaches. This trend mirrors similar outcomes in other industries, like food service. A complimentary Verizon study finds remote attacks against food service operators on the rise, as well.

siemplify

Using SOAR Technology to Orchestrate Detection and Response to the SolarWinds Sunburst Attack

Cybersecurity vendor FireEye recently disclosed a sophisticated attack which led to the “unauthorized access of their red team tools.” A few days later, this attack was linked to a widespread and complex supply chain attack, referred to as “Sunburst,” targeting SolarWinds’ enterprise IT monitoring solution. As always, make sure to review and follow the recommendations and countermeasures from both SolarWinds and FireEye.

netwrix

Compliance Tools: Choosing the Right Solutions

Making sure your environment is compliant with regulatory requirements can be a challenge. No matter your company’s size or industry, ensuring you have the required security controls is never a set-it-and-forget-it process. With your IT environment, your user base and the threat landscape evolving all the time, you have to adjust constantly. Indeed, with so much to keep track of, even your best efforts at keeping your company compliant can fall short, unless you have help.

Web Application Security Testing Tools - SWAT Findings

The Secure Web Application Tactics (SWAT) by Outpost24 offers customers a combination of state-of-the-art scanning tools and security experts to provide the most accurate and reliable web application scanning solution available in the market. SWAT does not interfere with daily operations and delivers results with zero false-positives.

Web Application Security Testing Tools - SWAT Reporting

The Secure Web Application Tactics (SWAT) by Outpost24 offers customers a combination of state-of-the-art scanning tools and security experts to provide the most accurate and reliable web application scanning solution available in the market. SWAT does not interfere with daily operations and delivers results with zero false-positives.
redscan

The MITRE ATT&CK framework and scenario-based security testing

Statistics routinely collected and assessed as part of network and endpoint monitoring include events per second, alerts and false positives, with success often benchmarked by the time to detect, respond and recover. Incorporating scenario-based testing into the threat detection process allows organisations to obtain additional insight into the true effectiveness of detection and response controls and procedures by benchmarking performance against the attributes of specific types of attacks.

upguard

Vendor due diligence: Protect yourself from third-party breaches

The most dependable cybersecurity strategies involve assiduously monitoring for external attack vectors. But if this is the only dimension you are monitoring, your internal networks could be compromised while your back is turned. The threat of a cyberattack is not only on the external front, many data breaches occur through compromised vendors, even highly reputable ones. To prevent cyber criminals from accessing your sensitive data through breached vendors, read on.

forgerock

The Future of Identity: ForgeRock Shares 2021 Predictions

While 2020 has been a roller coaster of a year, there has been one note of certainty: digital transformation has accelerated at an unprecedented rate, and identity and access management (IAM) is a big part of that evolution. In anticipation of 2021, we asked four of our experts to share their perspectives on what you can expect in the new year.

forgerock

API Security in Action With the ForgeRock Identity Platform

To celebrate the launch of my book, API Security in Action, which was just published by Manning Publications, I've teamed up with my employer, ForgeRock, to demonstrate how some of the techniques in the book can be accomplished with less effort using the ForgeRock Identity Platform. API Security in Action discusses five primary security mechanisms you can use to strengthen your application programming interfaces (APIs) against common threats.

bearer

ISO 27001: Should You Expect it From Your API Vendors?

ISO 27001 is a way for companies to prove a certain standard of security to their customers. You may recognize ISO as the standards body that issues international standards and classifiers for all kinds of products and services, including date and time standards, country and currency codes, and structural systems—like the ones we’ll be discussing in this article.

bulletproof

Sunburst - what you need to know in order to detect and respond, in simple terms

The cyber attack unfolding in the US may turn out to be the most serious nation-state espionage campaign in history The Bulletproof SOC is actively monitoring the situation regarding SolarWinds and the Sunburst attack as with all new attacks. We do this to ensure we have a clear understanding of the potential threat to our customers and to build better innovative detection mechanisms, maintaining a prime position to support our customers as a true extension to their team.

cyberint

Trickbot Malware-as-a-service

First identified in late 2016, 'Trickbot' evolved from being a well-established banking trojan into a malware-as-a-service (MaaS) threat utilized by both cybercriminals and nation-state threat actors for predominantly financially motivated campaigns. Supporting modular components, Trickbot campaigns will differ based on the requirements of the MaaS 'customer' with many being used to steal personal and financial data as well as deploying ransomware threats, such as 'Conti' and 'Ryuk', to victims.

Octiga

Lessons to Learn from the Latest Business Email Compromise Scam and AZORult Stealer

Ever heard of AZORult? Sounds like some nerdy stuff. I am not gonna lie, it slightly is! It is a trojan that steals various data including login credentials, browser history, cookies, and more. The history of AZORult is well known by those in the cyber security industry. AZORult was initially discovered back in 2016. As the years passed, we saw some of its ongoing malicious attacks.

tripwire

Continue Clean-up of Compromised SolarWinds Software

Last week, the United States Cybersecurity & Infrastructure Security Agency (CISA) advised on initial steps to take in response to the SolarWinds software that was compromised by advanced persistent threat actors. While federal agencies were under a deadline to complete certain actions, this issue will require continued clean-up and longer-term efforts to mitigate the threat.

upguard

What is SOX compliance? 2020 requirements, controls and more

The Sarbanes-Oxley Act of 2002 (SOX) was passed by the United States Congress to protect the public from fraudulent or erroneous practices by corporations or other business entities. The legislation set new and expanded requirements for all U.S. public company boards, management, and public accounting firms with the goal to increase transparency in financial reporting and to require formalized systems for internal controls. In addition, penalties for fraudulent activity are much more severe.

forgerock

Answers to the SolarWinds Hack Date Back a Decade

So here’s the story. A nation-state attacks a technology company, leveraging a backdoor in a piece of software to infect computers. Then using the infected machines as jumping-off points to move laterally across what was previously thought to be a secure network, the threat actors take aim at targets of interest to the U.S. government. You may think I am talking about the SolarWinds hack.

bulletproof

Four things hackers don't want you to know

It’s something of a cliché to say that hackers are shady types, often lurking in the shadows. Usually this is just a metaphor, though if you take stock imagery at face value, you’d be forgiven for thinking they only ever appear at night whilst wearing a hoodie. Like most clichés however, this contrivance does have an element of truth in it. The fact is that hackers often work just as hard to keep themselves and their tactics hidden as they do to find vulnerabilities to exploit.

synopsys

Things to consider when choosing a software composition analysis tool

The rise of open source software is not without risks for today’s applications. Use a software composition analysis tool to mitigate these risks. Gartner, in its “Market Guide for Software Composition Analysis,” details the need to make software composition analysis (SCA) part of your application security testing tool suite. We discussed the what and why in a recent blog post; today let’s discuss the how.

detectify

How attackers exploit the WordPress Easy-WP-SMTP zero-day

On November 6th, 2019, Detectify added security tests for 50+ of the most popular WordPress plugins, including Easy-WP-SMTP. Although the zero-day affecting Easy-WP-SMTP (CVE-2020-35234) was recently patched, WordPress estimates that many of the 500,000+ active installs of the plugin remain unpatched. Detectify scans your applications for this vulnerability and alerts you if you are running a vulnerable version of WordPress and WordPress plugins.

veracode

Fixing CRLF Injection Logging Issues in Python

It can sometimes be a little challenging to figure out specifically how to address different vulnerability classes in Python. This article addresses one of the top finding categories found in Python, CWE 117 (also known as CRLF Injection), and shows how to use a custom log formatter to address the issue. We’ll use this project, which deactivates or deletes user accounts from the Veracode platform, to illustrate the functionality.

wandera

SolarWinds Hack: The implications for a Zero Trust approach to security

Last week the Cybersecurity Infrastructure and Security Agency (CISA), a division of the Department of Homeland Security, advised that there was an advanced persistent threat compromise of government agencies, critical infrastructure, and private sector organizations.

sqreen

Application security for GraphQL: how is it different?

GraphQL is one of the hottest topics in the API world right now. It provides an abstraction layer over more traditional HTTP communications, and has changed the way we build web applications by providing us with modern and easy-to-use tooling. As with the addition of any new technology, no matter its impact, it is important to ask whether it introduces or prevents security issues, and how to handle those.

teleport

How We Use Fuzzing Integrated by Ada Logics

This summer, Ada Logics integrated continuous fuzzing into Teleport to strengthen the security posture of the project. We’d like to thank Adam Korczynski from Ada Logics for initiating contact and doing the work. In this blog post, we will give a brief introduction to fuzzing and explain how to carry on the work moving forward. The motive for this work was to take the first steps in implementing fuzzing into Teleport’s development pipeline.

devo

Top Three Devo Cybersecurity Predictions for 2021

For any organization that felt prepared, with their operations well-planned as they headed into 2020, that feeling disappeared quickly. 2020 became the year of the unexpected, forcing organizations to adapt, repeatedly. Looking ahead to 2021, companies of all types and sizes are working to be as prepared, agile, and adaptable as possible. This is certainly true when it comes to building or restructuring an organization’s cybersecurity posture.

CloudCasa

Data Protection in the Age of Cloud Native Applications with CloudCasa - Part 3

In part 1 of this blog series on data protection for Kubernetes and cloud native applications, we addressed the need for Data Protection for Containerized Applications. Given that the leading Kubernetes distributions and managed cloud services do not include native capabilities for data protection and disaster recovery, service providers and enterprises need additional data management tools such as CloudCasa to provide these.

tripwire

The 10 Most Common Website Security Attacks (and How to Protect Yourself)

Every website on the Internet is somewhat vulnerable to security attacks. The threats range from human errors to sophisticated attacks by coordinated cyber criminals. According to the Data Breach Investigations Report by Verizon, the primary motivation for cyber attackers is financial. Whether you run an eCommerce project or a simple small business website, the risk of a potential attack is there.

logsentinel

The 2020 Must-Know Security Breach Statistics

Security breaches are becoming increasingly commonplace and dangerous. The World Economic Forum nominated cyber-attacks as one of the major threats to global stability for 2019. Not only money is at stake, as breaches have an appalling effect on organizations’ reputation, trustworthiness, and often prove to a business killer. Most important, however, is the data – our personal data that once stolen is available to cybercriminals to exploit.

stackrox

CKS Certification Study Guide: System Hardening in Kubernetes

This blog references tools to set up a Kubernetes version 1.19 cluster and review the CKS - Cluster Setup section. There is the ability to create a Kubernetes cluster from our GitHub repository using Terraform and Rancher Kubernetes Engine (RKE) in Google Cloud Platform (GCP) or Amazon Web Services (AWS). This cluster environment will help to simulate a real Kubernetes environment instead of a local cluster.

manageengine

IT security under attack: Why are group memberships so crucial?

Security groups either make or break your IT security. Group memberships are responsible for administrative access in your your network and define access to other privileged resources and data on your domain. Ever wondered how a simple misconfiguration of a group membership could lead to a security incident? This blog elaborates the most common misconfiguration or security loopholes that can cause damage to the sensitive data in your network.

netskope

Helpful Answers to Your SASE-est Questions

If you joined us for Netskope’s SASE Week, you’ll know that we covered quite a bit of ground with our talks and programming. For a relatively new concept, there’s still so much potential to explore and discuss that we could probably talk about it for much longer than just a week. Netskope customers, large and small, are seeing the cost and business benefits of moving to a cloud-native control point, with the security posture and risk management tools they need.

veriato

How Are Managers Remote Monitoring Computers for Remote Workers?

An unprecedented number of employees in the United States are currently working remotely for at least part of their workweek. This is partially due to the global pandemic, but the truth is that many employees were shifting to remote work even before the coronavirus crisis. Studies have shown that both employers and employees can benefit from remote work.

ioncube24

Weekly Cyber Security News 18/12/2020

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24 What an interesting week. I’m going to skip the issues over SolarWind breach and go for the usual non-sensationalist articles. The first, and one I so welcome along with many out there I’m sure is the final, and I mean final end of Flash. Yay.

lookout

Predictions 2021: We Now Live in a Truly Mobile-first World

Over the past decade, technology enthusiasts have dreamed about smartphones and tablets taking over various aspects of our lives. They have in many ways, but the shift has always been gradual. This all changed in 2020 when most of us were forced to stay home. From the way we work, go to school, interact with our healthcare providers, manage our finances, shop, and connect with friends and families – mobile is now at the center of our lives.

Lookout Discovers New Spyware Used by Sextortionists to Blackmail iOS and Android Users

Threat researchers Apurva Kumar and Justin Albrecht go through the Lookout threat research team’s latest discovery, Goontact. The malware, which we have named Goontact, targets users of illicit sites, typically offering escort services, and steals personal information from their mobile device. You can also follow the team’s work at twitter.com/lookoutthreats
tripwire

Could Universities' Use of Surveillance Software Be Putting Students at Risk?

Life for university students has changed massively during the coronavirus pandemic, as it has for all of us. While some in-person lectures and seminars are still taking place, there has been a big shift to remote learning. This has, perhaps understandably, led to concerns about how well students are engaging with this way of studying. Many universities have sought to address this by turning to remote monitoring tools to track students’ online activities.

Tripwire Retail Security 2020 Survey: Key Findings

As online sales surge, retail cybersecurity professionals are taking additional precautions to protect their organizations and their customers’ data. On top of this, the COVID-19 pandemic has driven even more consumers to turn to online shopping. Tripwire worked with Dimensional Research to better understand cybersecurity programs in the retail industry as they prepared for the holiday season.
reciprocity

ZenGRC Demonstrates Industry Leadership with 15 Consecutive Quarters of Recognition on G2 Winter 2020 Grid Report for GRC Platforms

SAN FRANCISCO – December 16, 2020 – Reciprocity, the company behind ZenGRC, the industry-leading information security risk and compliance solution, today announced ZenGRC has earned two badges on the G2 Winter 2020 Grid Report. This marks the 15th consecutive quarter ZenGRC has been recognized by G2 in its quarterly report. G2 is a peer-to-peer business solutions review website, leveraging customer feedback to rank the best business software and services.

nightfall

CISO Insider S1E1 - "Cybersecurity is a mindset" with Ty Sbano, Part 1

At Nightfall, we believe in the power of learning from those who have done it before. That’s why we created CISO Insider — a podcast interview series that features CISOs and security executives with a broad set of backgrounds, from hyper-growth startups to established enterprises. Through these interviews, we’ll learn how industry experts overcame obstacles, navigated their infosec careers, and created an impact in their organizations.

ekran

What Is an Insider Threat? Definition, Types, and Countermeasures

Every company has plenty of insiders: employees, business partners, third-party vendors. They all have a certain level of access to corporate infrastructure and business data: some have limited access to general information of low value, while others can easily access the most valuable and sensitive data. This access is what makes insiders one of the greatest threats to a company’s cybersecurity. And this is why it’s important to understand what an insider attack is.

cyberint

SolarWinds Supply Chain Attack

Following the attack on FireEye, the US Department of Homeland Security (DHS) has issued an Emergency Directive (ED) regarding a backdoor being exploited in SolarWinds Orion products, versions 2019.4 through 2020.2.1 (inclusive). Based on file signatures, FireEye considered this campaign to have started around March 2020, potentially affecting up to 18,000 organization worldwide.

cygilant

Compliance Requirements for Cybersecurity in 2021

Cybersecurity and compliance are often intertwined. IT/security teams working on 2021 plans should remember to consider any regulatory mandates that may affect their organization’s cybersecurity posture. To help give busy IT/security professionals get started, we’ve compiled some of the most common cybersecurity regulatory requirements expected to impact enterprises in 2021, along with links to resources to learn more about the laws.

detectify

View and tag findings on the new vulnerabilities page to fix them faster

Triage is just as important to security teams as it is to hospital workers. Now, you can prioritize and remediate web application vulnerabilities even faster with tags and findings in one view for Detectify Deep Scan and Asset Monitoring. For the past couple of months, one of Detectify’s product teams has been working relentlessly on improving how customers consume security vulnerability findings.

sqreen

Serverless security: how do you protect what you aren't able to see?

Serverless security is a fascinating topic. As more organizations move to distributed architectures and new ways of running their services, new security considerations arise. I spoke about this topic at APIdays Paris 2020 last week, and today, I wanted to recap some of what I covered. Let’s start with the basics: what exactly is serverless, and what does it change in the ways we create software?

styra

OPA the Easy Way featuring Styra DAS!

If you have used Open Policy Agent (OPA), you must have used OPA Playground to write and test out your Rego policies. I always wished for a feature where the policies in the playground can be directly applied in OPA. Basically, a control plane which allows policy authoring and enforcement easily. In KubeCon NA 2020, Styra (creators of OPA) launched a free edition of their Declarative Authorisation Service (DAS).

stackrox

'Screaming in the Cloud' - Eliminating Security Risks in Kubernetes

Chris Porter, Director of Solutions Engineering at StackRox recently joined Cloud Economist, Corey Quinn on ‘Screaming in the Cloud’ for a chat about eliminating security risks in Kubernetes. You can listen to the conversation in the podcast episode below, or you can read through the transcript that follows, condensed and modified for clarity.

splunk

Smoothing the Bumps of Onboarding Threat Indicators into Splunk Enterprise Security

This blog is part two of Splunk's Sunburst Backdoor response aimed at providing additional guidance to our customers (you can read part one, "Using Splunk to Detect Sunburst Backdoor," by Ryan Kovar). In this blog, we’ll cover how to ingest threat indicators to combat Sunburst Backdoor in Splunk Enterprise Security (ES).

cloudpassage

Halo Cloud Secure Now Supports Google Cloud Platform

CloudPassage Halo automates cloud security controls and compliance across servers, containers, and IaaS in any public, private, hybrid, and multi-cloud environment. Halo’s extensive automation capabilities streamline and accelerate workflows between InfoSec and DevOps. And by using Halo’s patented microagent technology, customers have secured workloads and containers deployed on Google Cloud Platform (GCP) for many years. And Now Halo Cloud Secure supports google cloud platform

teramind

Top 5 Employee Monitoring Software For 2021

Employee Monitoring is the process of tracking employee activities such as app use, internet browsing, email communications, file transfers etc. An employee monitoring solution allows a business to keep an eye on its users so that they cannot put the organization in harm’s way intentionally or accidentally by leaking sensitive data, sabotage, fraud, theft or other miscreants.

alienvault

2021 Cybersecurity in healthcare

Breaches and cyberattacks are on the rise in the healthcare industry. The recent acceleration of digital technology and connectivity within Healthcare has led to significant patient care delivery improvements, more effective population health management, and better patient outcomes. With this increased technology and connectivity, however, comes increased exposure to cyberattacks that can impact patient care delivery, safety, and privacy.

upguard

How to Select a Third-Party Risk Management Framework

For many businesses, global third-party vendors have become an important source of strategic advantage and business value. Yet outsourcing is not without its risks. As reliance on third-parties continues to grow, so does the number of headline stories of regulatory action and reputational damage that arise from third-party breaches or failure. Those driving organizations need to reconsider how they approach, identify and manage third-party risk.

upguard

How to Secure Apache Tomcat 8 in 15 Steps

Apache Tomcat is the leading Java application server by market share and the world's most widely used web application server overall. Currently at version 8, the popular web server has not been without its security flaws, perhaps most famously publicized in this incident of aircraft hacking by security researcher Chris Roberts earlier this year. However, hardening Tomcat's default configuration is just plain good security sense—even if you don't plan on using it on your plane's network.

synopsys

How to cyber security: Software security is everyone's responsibility

The burden of software security often falls solely on security teams, but to be successful, organizations need to make security a team effort. Remember group projects in school? Teachers love them because they have less grading to do; in a class of 25 students, they might only need to look at 5 projects. For team members, team projects can be difficult, usually when individual motivation levels don’t match up.

veracode

Defense in Depth: Why You Need DAST, SAST, SCA, and Pen Testing

When it comes to application security (AppSec), most experts recommend using Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) as “complementary” approaches for robust AppSec. However, these experts rarely specify how to run them in a complementary fashion.

wandera

Wandera wins Best Mobile Security Solution for the fourth time

Last week, Wandera was awarded Mobile Security Solution of the Year at the virtual ceremony for the Computing Security Awards. And this wasn’t the first time — 2020 marks the fourth year Wandera has been voted the winner for this category, maintaining our position as an industry leader. Wandera came out on top in the highly competitive Mobile Security category, with nominees including Zimperium, McAfee, MobileIron, Check Point and Lookout.

lookout

Lookout Discovers New Spyware Used by Sextortionists to Blackmail iOS and Android Users

The Lookout Threat Intelligence team has discovered a new mobile app threat targeting iOS and Android users in Chinese speaking countries, Korea and Japan. The spyware, which we have named Goontact, targets users of illicit sites, typically offering escort services, and steals personal information from their mobile device. The types of sites used to distribute these malicious apps and the information exfiltrated suggests that the ultimate goal is extortion or blackmail.

Introducing Teleport Cloud | Access Management SaaS | Servers - Clusters - Applications

Teleport Cloud allows you to secure access to your servers, Kubernetes clusters, and Web applications while leaving the operation of your Unified Access Plane to the experts at Teleport. You can still control access to your compute resources anywhere else in the cloud, plugin approval workflows, and use your choice of SSO identity provider. But now you can get your security deployed faster, and you have peace of mind knowing Teleport is continually patched, monitored, and maintained for you.
devo

Detection and Investigation Using Devo: SUNBURST IOC & Detection Queries

On December 8, 2020, cybersecurity company FireEye announced in a blog post that it had been attacked by what CEO Kevin Mandia described as a “highly sophisticated threat actor” that “targeted and accessed certain Red Team assessment tools that we use to test our customers’ security. These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers.”

inetco

Maximize Card Profitability and Sleigh Payment Fraud Attacks with Transaction Intelligence

It’s a busy season for card issuers, card networks and payment service providers. Transaction and purchase volumes are rising across mobile and online channels — with Black Friday and Cyber Monday e-commerce sales up 15% from last year. Despite this holiday season’s resilient e-commerce sales, organizations must continue to find ways to maximize transactions and card profitability in the face of reduced in-store purchase volumes, interest margins, fees and interchange revenues.

Wishes Do Come True: Fast Development, Secure Delivery

Organizations re-thinking their software delivery lifecycle are faced with a dilemma: how to speed up the pace of development necessary to surpass their competition, without sacrificing the security of the applications they’re delivering? CI/CD practices and tools have risen up to help meet this need, but fitting legacy applications and security tools into these modern pipelines exposes new gaps that risk slowing release velocity.
stackrox

CKS Certification Study Guide: Cluster Hardening

As we continue the study guide for the Certified Kubernetes Security Specialist (CKS) program, be sure to check out the information and content breakdown from our previous CKS posts. This blog references tools to set up a Kubernetes version 1.19 cluster and review the CKS - Cluster Setup section. There is the ability to create a Kubernetes cluster from our GitHub repository using Terraform and Rancher Kubernetes Engine (RKE) in Google Cloud Platform (GCP) or Amazon Web Services (AWS).

How to Enable Detection Rules via Elastic Security - Version 7.10

The detection engine brings automated threat detection to the Elastic Stack through the Security app in Kibana. As part of our belief in the power of open-source, Elastic Security has open sourced all our detection rules to work alongside the security community to stop threats at scale and arm every analyst. In this video, you’ll learn more about the detection engine and how to automate the protection of your data.
sumologic

Recommendations for monitoring SolarWinds supply chain attack with Sumo Logic Cloud SIEM

The global security community recently learned of a supply chain attack against SolarWinds via their Orion® Platform. In this blog we are providing recommendations for Sumo Logic customers to gain a deeper understanding of how to utilize available Indicators of Compromise (IOCs) within our Cloud SIEM offerings to determine your exposure to the attack. Additionally, we’re sharing targeted search recommendations from our Sumo Logic Special Operations (or SpecOps) threat hunting team.

manageengine

Securing a distributed workspace: A cybersecurity checklist for long-term remote work

One of the lasting changes brought about by the COVID-19 pandemic is that it forced organizations to rethink the concept of a workspace. As remote work became inevitable, IT teams had to enable the secure transition to remote work almost overnight. Opening up offices, on the contrary, will likely be executed in planned phases. A United States Department of State advisory recommends that workforces return to an office in three phases, with the employees most at risk coming in at a later stage.

alienvault

Why application-layer encryption is essential for securing confidential data

Your business is growing at a steady rate, and you have big plans for the future. Then, your organization gets hit by a cyberattack, causing a massive data breach. Suddenly, your company’s focus is shifted to sending out letters to angry customers informing them of the incident - which is required by law in most states - and devising strategies to deal with the backlash.

tripwire

Survey: 78% of Retailers Took Additional Security Precautions Ahead of the 2020 Holidays

Coronavirus 2019 (COVID-19) stopped many things in 2020. While in-store holiday shopping may be greatly reduced for some, there’s still a lot of shopping happening online. Near the end of November 2020, Statista revealed that holiday retail sales were expected to grow approximately 3.6% over the previous year. And Adobe Analytics reported that online sales would likely rise 33% to a record $189 billion.

tripwire

From a Single Pane of Glass, to Functional Dashboards to Manage Cyber Risk

For the longest time, or as far as I can remember, the holy grail of all networking platforms has been the need for a single pane of glass, that single source of all information that you would need to be most effective. So, what is a single pane of glass?

Secure Your Journey to the Cloud with Tripwire Configuration Manager

Tripwire can help you make your journey to the cloud more secure based on industry standards and best practices like the Center for Internet Security’s 20 CIS Controls. In this presentation, we highlight the cloud capabilities from Tripwire you might not already be aware of. See a guided demo of Tripwire Configuration Manager, and learn about common use cases around issues such as public vs private cloud storage security and multi-cloud compliance.
outpost 24

Fix now: Vulnerabilities targeting the FireEye Breach

On Tuesday 8th December in an unprecedented move leading cybersecurity provider FireEye admitted they had been breached and several of their red team tools and scripts had been stolen. In this blog we look at the list of vulnerabilities in these tools and how to protect your organization.

redscan

Meeting your data security responsibilities with GDPR penetration testing

In this article, we outline how conducting regular GDPR pen tests can help to mitigate the risks of data breaches. Since it came into effect in 2018, the GDPR has helped to improve the way that organisations operating across the EU and UK collect, handle, process and store personal data. The GDPR covers all aspects of data protection, including the requirement for organisations that handle personal data to improve information security and governance.

nightfall

Why Third-Party Risk on Google Drive Should Be a #1 Concern

Sharing Google Workspace files with clients and partners feels like a normal part of doing business – especially as so many companies move to remote work. However, each time you share a file with someone outside of your organization, you increase what’s known as third-party risk. Third-party risk can open your business up to all types of internet security breaches, including IP theft, phishing attacks, malware, and data exfiltration.

netskope

Netskope Threat Coverage: SUNBURST & FireEye Red Team (Offensive Security) Tools

On Dec 8, 2020, the cybersecurity company FireEye reported that there had been a cyber attack on their systems. As part of this attack, their inventory of Red Team tools was stolen. These tools could potentially be used by a threat actor against unsuspecting victims. On Dec 13, 2020, after further investigation of this attack, FireEye reported that the initial vector came through SolarWinds, an upstream vendor, as a malicious trojanized update of SolarWinds’ Orion IT platform.

cyphere

Brexit and Data Protection | UK GDPR Law

With recent legal developments taking into account data privacy, it shows the importance of protection of individuals personal information for businesses. The UK left the EU on 31st January 2020. The current transition period ends on 31st December 2020, DPA 2018 takes centre stage with all matters of data privacy. Let’s dive into the beef first and then related GDPR, DPA information including the basics and gdpr vs dpa.

veracode

State of Software Security v11: The Most Common Security Flaws in Apps

For our annual State of Software Security report, we always look at the most common types of security flaws found in applications. It’s important to look at the various types of flaws present in applications so that application security (AppSec) teams can make decisions about how to address and fix flaws. For example, high-severity flaws, like those listed in OWASP Top 10 or SANS 25, or highly prevalent flaws can be detrimental to an application.

logsentinel

Five Things We Can Learn From Solorigate/SUNBURST, a Sophisticated And Highly Evasive Cyber Attack

This week the US government as well as many enterprises were hit by a cyber attack, dubbed Solorigate, via the SUNBURST backdoor. Fireeye (also a victim of the attack) has done a great analysis of how the attack works, and we recommend reading it. But we’ll focus on a couple of takeaways instead of the precise details of how it worked. What we can learn from it in order to improve our cybersecurity posture.

styra

What is Styra Declarative Authorization Service?

Whether you’re a developer or an IT professional (or a bit of both!), enforcing and managing authorization policies for the new containerized world is a whole different ball game than it was before. There’s the complex nature of modern applications — composed of multiple microservices, housed in containers — and then there’s the dynamic nature of platforms like Kubernetes, running those applications.

egnyte

Better Together: Egnyte's Construction Integrations

Construction, like any industry, relies on software throughout all phases of a project. From inception to completion, a plethora of programs come into play to facilitate each task at hand. The unfortunate part of having so many applications working side by side is that they treat the data the same way – side by side, in their own silos. Very often, data produced by these applications moves and morphs into the next phase – a bid becoming the basis for a contract, for example.

elastic

Elastic Security provides free and open protections for SUNBURST

On December 13, SolarWinds released a security advisory regarding a successful supply-chain attack on the Orion management platform. The attack affects Orion versions 2019.4 HF 5 through 2020.2.1, software products released between March and June of 2020. Likewise, on December 13, FireEye released information about a global campaign involving SolarWinds supply-chain compromise that affected some versions of Orion software.

Secure Your Cloud Transformation with Continuous Intelligence

CrowdStrike and Sumo Logic work together to identify security threats and defend against IOCs in a hybrid environment. Customers gain knowledge on adversaries which may be targeting their assets and organisation via strategic, operational and technical reporting and alerts. During this session, we’ll hear from Australian private health provider, NIB, on how Sumo Logic and CrowdStrike have worked together to help NIB secure its digital transformation and cloud environment.
alienvault

How secured are touchless solutions?

Touchless solutions have risen to the forefront this year because of the latest pandemic that has reshaped the way we work and live. When social distance policies were placed in motion, borders closed, establishments paused operations, and businesses moved online operating amid lockdown. Touchless technologies had to be put in place almost everywhere to preserve human touch. It has ceased to be just an option since it is now a necessity in the new normal.

siemplify

Sitdown with a SOC Star: 11 Questions With Haylee Mills of Charles Schwab

She signs off her emails with “keep it surreal” just above a colorful signature that describes her as a “network security person” but also a “data disciple,” “community cultivator,” “eccentric educator” and (we’ll explain later) “ex-animator.” Oh, and at the very footer of her emails, she offers a small-fonted but not-so-subtle dig at her email carrier of choice: “hey Google, The Man, state-sponsored APT, darknet skulki

synopsys

How to build a serial port fuzzer with Defensics SDK

Defensics SDK makes fuzz testing possible for custom protocols. Learn how to create a custom injector using the Defensics SDK API. Fuzz testing is never a bad idea. If you aren’t testing your implementation with malformed or unexpected inputs, someone else may be able to exploit a weakness simply from running the system. And fuzz testing (or fuzzing) is not only about finding potential security issues—it can also increase the overall robustness of the system.

detectify

Detectify security updates for December 14

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

logsentinel

LogSentinel's 2020 Year in Review

The events of 2020 brought us unprecedented challenges that no one was prepared for, changing the way we live, work, and communicate, impacting the global economy, all geographic regions, and every single industry. In such a downturn cybercrime flourishes, especially when organizations move most of their operations and processes online.

idcentral

Round up 2020: Regulatory changes in Digital Verification industry

We have witnessed major shifts in identity and verification industry as, post March 2020 a sudden explosion of people going digital was observed. It opened gates for vulnerability and opportunity for fraudsters. In April 2020, with a surge in work from home scenario- accelerated the process of administering remote systems and adequately protect them.

egnyte

Buyer's Guide for GxP-Compliant Document Management

According to the FDA, 30 percent of clinical trials are flagged for data-integrity violations (i.e. missing source data and corrupted audit trails). The patchwork of evolving regulations, as well as relying on non-compliant consumer-grade technology to handle data collection and storage, are often hurdles in getting your raw data into a format that is submission-ready.

Octiga

Dealing with False Positive Breaches in Universal Audit Log Search in Office 365

Modern cyber security threats have today mutated into a new class that is immune to detection and prevention solutions offered by the security industry. We are looking at this new generation of hackers that master zero-day exploits, credential thefts, fake identities, and developing stealthy malware. These threats have kept the security personnel on their toes, figuring out what the next attack would look like. One of these challenges includes identifying false positive and false negative alerts.

splunk

Using Splunk to Detect Sunburst Backdoor

TL;DR: This blog contains some immediate guidance on using Splunk Core and Splunk Enterprise Security to protect (and detect activity on) your network from the Sunburst Backdoor malware delivered via SolarWinds Orion software. Splunk’s threat research team will release more guidance in the coming week. Also please note that you may see some malicious network activity but it may not mean your network is compromised. As always review carefully.

tripwire

Cloud Security: Messy Blobs and Leaky Buckets

Moving to the cloud means a lot more than just moving your servers and applications to the cloud; it’s also about the data – and data always has a target on it. A lot of IT departments are finding that it’s easier to meet the “five nines” (99.999%) of uptime and availability by going outside their organization and letting AWS, Microsoft, or Google handle the infrastructure and personnel needed to meet those requirements.

tripwire

8 Key Insights from the 2020 (ISC)2 Cybersecurity Workforce Study

2020 has been a very interesting year for the global workforce, with the vast majority of organizations having to rapidly transition to a remote workforce with little to no prior notice thanks to the COVID-19 pandemic. The 2020 (ISC)2 Cybersecurity Workforce Study looks at the effect of this transition to remote work and how organizations have fared. It also analyzes the impact of the pandemic and the resultant transition to remote work on cybersecurity professionals.

Featured Post

Create your Business Data Retention Policy

With the growing amount of data collected by various industries and organizations, it makes sense for business owners to want to create and enforce a robust data retention policy. Data retention policy allows organizations to manage the way they handle personal information. This includes tracking how long a set of data must be kept and how to delete the data when it's no longer needed.
manageengine

How a mobile device management solution can help with securing devices in the digital workspace

The past decade has witnessed many organizations adapting to a digital workspace, replacing the traditional physical offices setups with virtual workplaces encompassing all the technologies that employees require to get their work done. Because of the pandemic, even companies that were once against the concept of a distributed workforce have now been forced to embrace remote work. Though a digital workspace offers a more flexible user experience for employees, it comes with its own set of challenges.

tripwire

3 Mobile App Security Recommendations for National App Day

On December 11, 2017, Platinum Edge Media and its founder CJ Thompson created National App Day as a way to celebrate how apps have inspired us and changed our culture. The Registrar at National Day Calendar went on to proclaim National App Day to be observed annually. We can’t truly appreciate the impact that apps have on our lives without an idea of how to use these programs securely.

redscan

Redscan a winner at the Computing Security Awards 2020

ThreatDetect™, our Managed Detection and Response (MDR) service, was voted SME Security Solution of the Year – an accolade we also received in 2019. In a virtual ceremony on 10th December, we were also runners up in the Pen Testing Solution of the Year and Remote Monitoring Solution of the Year categories.

netskope

A New Vision for Secure Web Gateways

In the recently released 2020 Gartner Magic Quadrant for Secure Web Gateways (SWG) report, Netskope was recognized as a visionary, entering a decades-old legacy security solution area first defined by proxy cache appliances. Times have changed since human rating labs, regional web filtering lists, the use of ICAP for threat and data protection of files, web object caching, bandwidth management, and scripting policies to filter out undesired web objects.

The Rise of Scalper Bots: An Analysis of the PS5 Launch

Scalper bots, also referred to as sneaker bots, thrive on supply and demand. These malicious bots target merchandise that is in high demand or limited supply and snap it up faster than any human user can, before selling it on for a tidy profit. During our panel discussion, we’ll be delving into the scalper bot challenge facing brands, retailers and customers.
veracode

How Password Hashing Algorithms Work and Why You Never Ever Write Your Own

Are you fascinated with cryptography? You're not alone: a lot of engineers are. Occasionally, some of them decide to go as far as to write their own custom cryptographic hash functions and use them in real-world applications. While understandably enticing, doing so breaks the number 1 rule of the security community: don't write your own crypto. How do hashing algorithms work and what's special about password hashing? What does it take for an algorithm to get ready for widespread production use?

Build and Upload Files to Scan Using Veracode Static for Visual Studio

In this video, you will learn how to prepare a build of your application using Veracode Static for Visual Studio and upload the build to a new or existing application profile in your Veracode portfolio. Veracode Static for Visual Studio integrates with Visual Studio and assists you with compiling and uploading applications for scanning. It also provides quick information about potential security flaws in your applications, enabling remediation directly within your IDE.
sumologic

Automatic correlation of FireEye red team tool countermeasure detections

Sumo Logic has reviewed the announced breach on December 8, 2020 by FireEye and their subsequent public release of over 300 countermeasure rules. We are continuing to analyze the available information and would like to share this update to all existing and prospective customers interested in how our Sumo Logic services can assist with this development.

Featured Post

12 Hybrid Cloud Security Threats That You Can Fix

When it comes to having a safe and secure multiple-cloud architecture, you'll need a hybrid cloud security mindset, which focuses on securing data wherever it may be. When done correctly, a hybrid cloud (private and public) can help make your company more productive while saving money. However, a secure hybrid cloud requires a well-thought-out plan, and plenty of focus on encryption and data access control. With that said, here are 12 of the most tedious security threats in hybrid cloud security that you can actually fix.
alienvault

What is Security Orchestration Automation and Response?

With the face of cyberthreats in a constant state of flux, it’s nearly impossible for IT and Security teams to manually secure their countless systems, applications, services, and devices, as well as respond to potential and active cyberattacks that manage to flourish despite best efforts.

alienvault

How have digital transactions become safer?

With the emergence of cryptocurrencies and massive online marketplaces, keeping your financial information private is a bigger concern than ever. In addition to these new and developing areas, in-person purchasing with debit and credit cards continues to grow. From debit transactions to cryptocurrency, millions of transactions are made daily, and it is cybersecurity experts’ jobs to keep us safe.

tripwire

Goodbye to Flash - if you're still running it, uninstall Flash Player now

It’s time to say a final “Goodbye” to Flash. (Or should that be “Good riddance”?) With earlier this week seeing the final scheduled release of Flash Player, Adobe has confirmed that it will no longer be supporting the software after December 31 2020, and will actively block Flash content from running inside Flash Player from January 12 2021.

Outpost24 Webinar: Mastering container security in modern day DevOps

Join our webinar as our cloud security expert examines the security challenges that come with container adoption and unpack the key steps required to integrate and automate container assessment into the DevOps cycle to help developers build and deploy cloud native apps at speed whilst keeping one eye on security.

Outpost24 webinar - Protecting Cezanne HR's cloud web application with continuous assessment

Cyberattacks like payroll scams and recruitment fraud are finding their way into organizations via HR which makes protecting your employee data just as important as customer data. Find out how Cezanne HR secure their SaaS application with continuous assessment to help their customers protect employee data. The Cezanne HR SaaS application is used by over 650 organizations across the globe to simplify human resource management. But when it comes to sensitive employee data, customers demand proof of security and need to know that their data is in safe hands. In this webinar John Hixon, R&D Director at Cezanne HR, will share in-depth insights into how he leverages manual pen testing and dynamic application security testing throughout the Software Development Lifecycle (SDLC) to uncover hidden risks in the application and protect their customer data. Join our host Simon Roe, Application Security Product Manager, and John as they discuss the importance of data protection in HR, and how this hybrid continuous assessment approach has helped them secure their business critical apps and maintain ISO certification standards at scale.
synopsys

Fuzzing Bitcoin with the Defensics SDK, part 2: Fuzz the Bitcoin protocol

In part two of this series, learn how to create a data model for the Bitcoin network protocol and use the Defensics SDK to perform fuzzing on bitcoind. In the previous article, you saw how to set up a test bed for bitcoind. We created two containers, fleur and viktor, and set up communication between the two bitcoind instances. In this article, learn how to create a data model for the Bitcoin network protocol, and then use this model in the Defensics® SDK to perform fuzzing on bitcoind.

cyphere

Top 6 Healthcare Cyber Security Threats and Best Practices (2021)

Security threats in healthcare relate to safety of the clinical and administrative information systems of hospitals and healthcare service providers. Increasing cyber attacks on healthcare organisations in the last few years have been faster than the improvements in healthcare cybersecurity practices. In this article, we discuss the cyber security threats and vulnerabilities of hospitals and healthcare providers, followed by best security practices aimed at improving security posture.

detectify

Carolin Solskär answers Detectify Crowdsource FAQs

In the summertime, I shared my thoughts on how Detectify Crowdsource is not your average bug bounty program. Through this, we got some questions from the security community which I’m going to do my best to answer in this follow-up: Finding bugs is fun, but then comes the reporting part which may not be your favorite depending on how much you enjoy admin work.

WhiteSource

What You Need To Know About Application Security Testing Orchestration

As the security threat landscape continues to evolve, choosing the best application security testing tools is just the first challenge for organizations investing in AppSec. Next, organizations need to figure out how to best orchestrate the application security testing technologies they are using in order to get the most out of them without losing valuable time. That’s where application security testing orchestration comes in.

nnt

Belden Discloses Data Breach Impacting Employee, Business Information

Specialty networking solutions provider, Belden, owners of specialist cyber security vendor Tripwire, recently disclosed a data breach resulting in the theft of employee and business information. Belden said in a press release that the security incident took place after hackers gained access to a “limited number” of its file servers. The intrusion was spotted after IT personnel detected unusual activity on some of its servers.

sqreen

How to use frameworks to implement your Security Paved Road

I recently sat down with Sr. Research Lead at Synopsys and framework specialist, Ksenia Peguero, on Episode 2 of the AppSec Builders Podcast. In the episode, “Framework Security with Ksenia Peguero: Paved Road Foundation”, we discussed how to upgrade your security through your frameworks using the Paved Road foundation. In this post, I wanted to share some learnings from that discussion.

teleport

Unify Access to Cloud - Iterating on Identity-Based Management

The maturation of software development has been driven by the increasing segmentation of functions into their own portable environments. Infrastructure is splintered into dozens of computing resources, physical servers, containers, databases, Kubernetes pods, dashboards, etc. Such compartmentalization has made it incredibly simple for developers to enter their desired environments with minimal disruption to other working parts.

egnyte

Connected Folders Explained - and the Top-5 Reasons Users Need Them

Egnyte has always supported the ability to sync an online folder to a user’s desktop. Among other benefits, doing this provides increased performance when working with large files and allows anywhere access to files when offline. A connected folder works in reverse. It’s a folder within a user’s existing file structure that is automatically synced to the Egnyte Cloud.

sysdig

Preventing malicious use of Weave Scope

Intezer and Microsoft reported on Sept. 9 that TeamTNT hackers are deploying Weave Scope in compromised systems as an auxiliary tool in their intrusions. Weave Scope is a legitimate and powerful tool to manage server infrastructure that, once deployed, makes it easy to control all resources. In this article, we will describe how this tool can be used maliciously, and how to add specific checks in your security set up to look for it.

See and Secure containers on AWS Fargate

Tune into our #LinkedInLive event on December 9 from 11:30am-12pm PST and join Sysdig and Amazon Web Services (AWS) experts, Pawan Shankar and Eric Carter, to learn how to scan #AWS #Fargate containers in under 4 minutes with Sysdig Secure. Join this live discussion to learn how Sysdig Secure closes the visibility and security gap by providing the first automated #Fargate inline scanning.
tripwire

12 Essential Tips for Keeping Your Email Safe

Hey, did you get that sketchy email? You know, the one from that malicious hacker trying to fool us into clicking on some malware? Boy, these criminals are relentless. Wait, what? You clicked on it? Uh-oh. A hypothetical scenario, but one that plays out every day in organizations across the globe — a very real scenario that provides a good reason to take a deep dive into the topic of email security. Here are some more good reasons.

siemplify

A Very Groovy SOCstock 2020 Recap: The Security Operations Profession's Biggest Event

In a year full of uncertainty, SOCstock 2020 delivered – and if you missed it, it’s not too late to relive the magic. Dubbed the “grooviest event ever for security operations professionals,” SOCstock was originally conceived in March, shortly after quarantine restrictions began worldwide and a new reality set in.

veriato

Securing your businesses beyond the office perimeter

For most businesses, the corporate boundaries have expanded over time. The traditional office has now morphed into a hub-and-spoke model with an increasing number of employees working remotely. This shift to remote work isn't new. Between 2005 and 2018, there was a 173% rise in the US remote workforce. The trend spiked in 2020 when 88% of organizations worldwide encouraged remote work to flatten the pandemic's spread.

zeronorth

Under the Hood of Simon Data's World-Class Application Security Program

Are you curious how CISOs with major data platforms handle their application security testing programs? So are we, which is why ZeroNorth asked Robert Wood, CISO from Simon Data to join us for a webinar discussing how he and his teams have leveraged automation, open source scanning tools and orchestration to build a world-class (and fully scalable) application security testing program.

veracode

Is Your Language of Choice a Major Flaw Offender?

In volume 11 of our annual State of Software Security (SOSS) report, we uncovered some valuable nuggets of information about how you, the innovative developers of our world, can craft more secure code. For example, did you know that scanning via API improves the time to remediate 50 percent of security flaws by about 17 days, or that C++ and PHP languages have an alarmingly high number of severe security flaws and need greater attention?

logsentinel

Is SIEM Suitable For My Organization?

Many people, when reviewing their security strategy, ask the question “is SIEM suitable for my organization”, or simply “is SIEM right for me?” And for a long time, the answer was “no unless you are a large multinational”. The price, the complexity and the hard-to-get value made SIEM a category suitable only for the big corporations with large security teams and budgets.

lookout

Are you sure about the safety of that QR code?

As businesses try to create a contactless experience amid the coronavirus pandemic, many have turned to QR codes. We’re seeing a lot of restaurants using them to display their menus on smartphones and on receipts for a contactless pay option. Within popular apps like Snapchat and WhatsApp, QR codes are an integral part of the user experience. Users can use codes to sign into their account, exchange contact information and make money transfer.

stackrox

CVE-2020-8554: Man in the Middle Vulnerability in Kubernetes - Top Recommendations

This week, the Kubernetes Product Security Committee disclosed a new security issue (CVE-2020-8554) that affects every version of Kubernetes. It is medium severity and no patch is available. Kubernetes administrators are advised to (1) limit certain cluster permissions as well as (2) restrict and manually audit external IP usage within clusters. It is also recommended that multi-tenant cluster scenarios be reconsidered where possible and appropriate.

egnyte

Behind the Scenes with a CISO - What it Takes to Get More Sleep and Avoid Security Threats

Jason Ozin is the Group Information Security Officer at PIB, a fast-growing group of insurance advisory businesses in the UK, and Egnyte customer. Ozin is responsible for information security, cybersecurity, data governance, and compliance. PIB Group has grown rapidly since launching in 2015, building its team from 12 employees to over 1,400 today, through a combination of acquisitions and organic growth.

splunk

The Value of Operationalizing MITRE ATT&CK According to Splunk With Guest Speaker From IDC

The global pandemic has fueled a rapid digital transformation — and led to permanent shifts in cybersecurity. In a recent joint webinar with Bryan McAninch, senior solutions engineer at Splunk, and guest speaker Chris Kissel from IDC, "Sp(e)lunking Security with MITRE ATT&CK® featuring IDC Research," they shared seven overarching trends in cybersecurity for 2021. One notable, but foundational, trend mentioned was the need to understand risk.

elastic

Elastic on Elastic: How InfoSec deploys infrastructure and stays up-to-date with ECK

This post is part of a blog series highlighting how we embrace the solutions and features of the Elastic Stack to support our business and drive customer success. The Elastic InfoSec Security Engineering team is responsible for deploying and managing InfoSec's infrastructure and tools. At Elastic, speed, scale, and relevance is our DNA and leveraging the power of the Elastic Stack is the heart of InfoSec.

Data Privacy & Data Security Recommendations for COVID-19

The COVID-19 pandemic caught a lot of businesses off-guard as "normal" working practices changed as many had to facilitate remote working. However, data privacy and security regulations, haven't changed, which makes it essential for any organization to ensure their processes are up-to-dated and communicated to staff. This guide looks at data security and data privacy, suggesting best practices for how businesses can secure data, as well as advice on how to follow data privacy rules during this difficult time.

Calligo launches world's first managed service to make machine learning accessible to any business

Fully managed machine learning service handles entire management, cleanliness and governance of data, avoids costs associated with data science recruitment, and delivers more accurate insights twice as fast as AWS and Google.
manageengine

IT security under attack: A typical day in the life of an IT admin or security analyst

The job of IT admins and IT security analysts are, without a doubt, some of the most important jobs in any company. When things are running smoothly, it is easy for everyone to forget they exist. However, the moment things go askew, everyone points fingers at them. IT security professionals are expected to know everything. Most of them are self-taught and have learned on-the-job. Over time, experience has turned them into battle-hardened soldiers.

alienvault

Just released! AT&T Cybersecurity Insights Report: 5G and the Journey to the Edge

We are certainly in unique times, with COVID driving digital transformation at an unprecedented pace, remote work appearing to be long term, and the specter of new threats looming over security professionals as they strategized how to protect a rapidly changing business and tech landscape. To use perhaps one too many cliches: it is the best of times, it is the worst of times, the times are a changin’, and a change will do you good. No really, it will.

outpost 24

The Year of the Pandemic and 2021 Cybersecurity Predictions

2020 will always be remembered as the year our lives changed dramatically due to the Coivd-19 pandemic. Here our panel of security experts look back at the lessons learned in the past 12 months and share their predictions for the key security challenges organizations will face in 2021.

nightfall

3 Critical Lessons from 2020's Largest GitHub Leaks

2020 has been a very challenging year for teams and organizations across the world. This has been especially true for security teams, who’ve been responsible for managing the technological risks associated with their organization’s response to the pandemic. With security teams focused on mitigating the seismic impacts that the pandemic has had on their organization’s infrastructure, some of the security problems that emerged before the pandemic have been overlooked.

netskope

Tighten Up Your Strategy: Evaluating the Leakiness of a Cloud App

We at Netskope Threat Labs have published a series of blogs detailing the misconfigurations in cloud apps causing data exposure. Misconfiguration and sensitive data exposure have been listed as predominant top 10 OWASP security risks for years, and are now also the predominant cause of cloud data breaches.

upguard

What is Access Control?

Access control is a security technique that regulates who or what can view, use or access a place or other resources. It is a fundamental concept in physical security and information security designed to minimize risk. At a high level, access control is about restricting access to a resource. Any access control system, whether physical or logical, has five main components: Access control can be split into two groups designed to improve physical security or cybersecurity:

bearer

SOC Reports and Why Your API Vendors Should Have Them

Your business relies on third-party APIs to operate. Sometimes they enhance your capabilities, and other times they bridge the gap between your business and where your customers are through integrations. Either way, the intermingling of data and services between your business and these third-party vendors can put your business at risk. When it comes to ensuring these providers are handling data securely, SOC 2 has become one of the most common security frameworks for tech companies.

synopsys

Six key findings from the 'DevSecOps Practices and Open Source Management in 2020' report

This week Synopsys released the “DevSecOps Practices and Open Source Management in 2020” report, findings from a survey of 1,500 IT professionals working in cyber security, software development, software engineering, and web development. The report explores the strategies that organizations around the world are using to address open source vulnerability management, as well as the problem of outdated or abandoned open source components in commercial code.

detectify

Top tips for better security awareness on the job from Detectify Security Champions

Security is not compliance. This is something that the security champions at Detectify can agree on and each employee practices security everyday to help keep our customers and business secure. You’ve probably never met a more engaged group about security training than us at Detectify! We are passionate about our industry and maybe even gain a few new security nerds every few months as we go.

veracode

Government and Education Have the Highest Percentage of Apps With Security Flaws

It’s been a stressful year, to say the least, for the government and education sector. Government organizations were challenged with pivoting their operations to a digital model while schools were forced to decide between hybrid or remote learning programs for their students. The rise of digital operations has made application security (AppSec) more important than ever.

logsentinel

LogSentinel Honeypot: Malicious Actors Don't Wait

There’s an unwritten rule that every machine that becomes visible on the internet is under attack in under 5 seconds. We recently deployed our LogSentinel SIEM honeypot with one of our customers and that rule proved correct – immediately malicious requests from all over the world started pouring in, on almost all the protocols that we support – SSH, RDP, SMB, HTTP, and they haven’t stopped since.

sqreen

Scaling security in a high growth company: our journey at Sqreen

Five years after founding Sqreen, many things have tremendously changed. One of them is our approach to security. It’s often said that security is a journey without end. That it’s about continuous improvement and iteration as your company and applications change. At Sqreen, we are scaling rapidly, and as a security-minded CTO in a security company, I wanted to share how we’re scaling security during this time of growth.

devo

What the Convergence of Security and Operations Means for Your Organization

These are incredibly exciting times at Devo, as we continue to help customers solve their ever-growing security and analytics challenges. Our market momentum is continuing, as Devo was recently recognized with a CISO Choice award as the best SIEM solution, earned a place on the 2020 Deloitte Technology Fast 500, and was named a Leader in The Forrester Wave™: Artificial Intelligence For IT Operations, Q4 2020.

Octiga

How to Choose a Credible Cloud Security Software Vendor

There is no shortage of IT cloud software services out there for businesses to choose from. Regardless of their business needs you can be sure there will be a myriad of solutions. Instead of a few grand does-it-all services, IT has become a swarm of inter-playing, inter-operating, and interconnecting services. It’s no surprise that services like zapier and IFTTT are thriving in this ecosystem where they can become the glue and automate the gap between them. The future is surely bright.

Vulnerability Management with ManageEngine Vulnerability Manager Plus

Vulnerability management is the cyclical process of identifying, evaluating, treating, and reporting on threats and vulnerabilities across your network endpoints. In this video, we take an in-depth look at the exhaustive threat and vulnerability management features of ManageEngine Vulnerability Manager Plus.
elastic

Testing your Okta visibility and detection with Dorothy and Elastic Security

When approached by stakeholders in their organization, few security teams can confidently demonstrate that logging and alerting capabilities are working as expected. Organizations have become more distributed and reliant on cloud offerings for use cases such as identity and access management, user productivity, and file storage. Meanwhile, adversaries have extended their operational capabilities in cloud environments.

sumologic

Building your modern cloud SIEM

SIEM has traditionally earned itself a bad reputation as an unwieldy and unmanageable tool that really never lived up to its promises. In my presentation during Illuminate, I talked about what Sumo Logic is doing to modernize log analytics and SIEM as a whole. Today, we see that despite how overall technology is accelerating, security always seems to lag behind. In Sumo Logic, we address this head-on.

manageengine

Why VPNs on mobile devices are a crucial part of securing access to corporate data

Securing access to business resources has always been of high priority for admins and IT teams. In the wake of the pandemic, workforces are more distributed than ever before, and 76 percent of global office workers state that they would like to work from home even when the pandemic is over.

alienvault

Could electric vehicles present a Cybersecurity risk to the grid?

With many countries now participating in the Paris Agreement to address climate change, coupled with the rising popularity of electric vehicles, it is expected that 125 million electric cars will be on the road worldwide by 2030. But these cars, although beneficial to the environment, come with cybersecurity risks. According to experts, security concerns should be addressed before a massive rollout of electric vehicles take place.

tripwire

4 Things a Good Vulnerability Management Policy Should Include

Organizations face an ever-evolving threat landscape. With this in mind, it is imperative that organizations keep an up-to-date vulnerability management policy for remediating and controlling security vulnerabilities that may lead to a breach. A good vulnerability management policy should contain the following.

synopsys

Gazing into the crystal ball: A look at 2021 software security predictions

Experts share their 2021 software security predictions about DevSecOps adoption, the risks of social engineering and ransomware, cloud adoption, and more. Anybody who made predictions a year ago about 2020 could be forgiven for feeling a bit like the TV weather forecaster who got a note from an angry viewer telling him, “I just shoveled six inches of ‘partly cloudy’ off my driveway.”

ioncube24

What is the best way to protect my PHP code?

The simple answer is to use a compiled code tool and implement as many security features as possible, but sometimes time can be a factor and other matters take precedence so less time goes into security. If your code is valuable then you really should spend time adding more layers of code protection (obfuscation, script licensing, encryption) and there is one feature in particular which sets ionCube apart from other tools, offers advanced protection for your PHP code and is fairly quick to setup.

veracode

Nature vs. Nurture Tip 2: Scan Frequently and Consistently

In our first blog in this series, Nature vs. Nurture Tip 1: Using SAST With DAST, we discussed how this year’s State of Software Security (SOSS) report looked at how both “nature” and “nurture” contribute to the time it takes to close out a security flaw. We found that the “nature” of applications – like size or age – can have a negative effect on how long it takes to remediate a security flaw.

styra

2021 Predictions: The Year that Cloud-Native Transforms the IT Core

Continued Kubernetes adoption, unified authorization, DevSecOps redefined, open source dominance and more key changes for the enterprise Amid a year of unprecedented global change, it may seem incautious at best to make confident predictions about the future of cloud-native business. However, there are strong indications of the trends that 2021 will hold — precisely because they are predicated on significant enterprise change.

tripwire

Key OT Cybersecurity Challenges: Availability, Integrity and Confidentiality

Organisations are still underestimating the risks created by insufficiently secured operational technology (OT). One current example comes from Germany. According to a report by heise.de, external security testers consider it “likely” that a successful serious cyberattack against the publicly owned water company Berliner Wasserbetriebe could lead to a complete failure of the German capital’s waste water management.

tripwire

Thoughts from the NCSC 2020 Annual Review

The National Cyber Security Centre (NCSC) released its annual review of 2020. If you are unfamiliar with the NCSC, part of their mission is that they are “dedicated to making the United Kingdom the safest place in the world to live and work online.” This is a lofty goal, and since the first report, issued in 2016, the NCSC remains steadfast in its vision. This year’s report, which spans the period from September 2019 through August 2020, contains many interesting insights.

armo

ARMO Announces Nitro Enclave support - making it DevOps ready out of the box

Enabling enclaves-based security is key for enterprise cloud adoption General availability of Nitro Enclaves, recently announced by AWS, is Amazon’s way of delivering confidential computing to its customers. Following similar announcements by Microsoft Azure and Google Cloud, AWS announcement further confirms growing demand for additional runtime protection of customer’s data and other intellectual properties.

veriato

How Software Can Help With A Digital Workforce Transformation

A growing number of businesses are allowing their employees to work remotely for at least part of their work week. Right now, it’s estimated that 42% of workers in the U.S. are working from home. Even though working from home is becoming more common, many companies have still not taken the necessary steps to complete their digital workforce transformation. The key to successfully shifting to remote work is keeping tabs on your team with the help of employee monitoring software.

egnyte

Get internet-level search to find your business content with Egnyte and BA Insight

Have you ever looked for a file but didn’t remember which application it was stored in? Did you perhaps wish the application had the same search capabilities as Google? As internet search continues to evolve and provide a better user experience, business leaders are mired with complaints because their knowledge workers search “store-by-store” and can’t find what they are looking for inside their organization’s file share or cloud-content repositories.

manageengine

Adopting a BYOD policy amid the COVID-19 era

In the midst of the COVID-19 pandemic, even companies that had said no to BYOD have come to terms with it, as a fair share of remote work would not even be possible without such a policy. Pandemic or no pandemic, on-the-go data access has always enabled employees to get work done quickly and efficiently. It guarantees better communication with colleagues, improves customer service, and device familiarity brings employee satisfaction and increased productivity.

alienvault

Two cybersecurity hygiene actions to improve your digital life in 2021

It is that time of year again where we start planning resolutions for the coming year. A good start is putting cybersecurity on the top of the list whether you are a business or individual. According to a University of Maryland study, Hackers attack every 39 seconds, on average 2,244 times a day. It may be even higher now that more of us are working remotely because of Covid19 and the attack surface has greatly expanded in numbers and vulnerability.

netskope

Building Proficiencies to Discuss Security with the Board

Today, cybersecurity, risk, and data protection are issues that are on upper management’s radar. Seeking to minimize the potential for business disruption, board members are getting more involved with the organization’s security program. Recent surveys indicate that 65% of companies are recruiting board members who are knowledgeable about security issues.

cyphere

Facts About Computer Viruses & Malware (including 6 Virus Myths)

Our article provides an overview of the most common forms of computer viruses along with some punches of computer fun facts, history & interesting facts about computer viruses and other types of malware. A few weeks ago, we also published cyber security glossary, simplifying geeky terms for general readers.

detectify

Detectify checks for critical Oracle WebLogic Server RCEs (CVE-2020-14882, CVE-2020-14750)

On October 29th, Detectify released a security test to detect a critical Oracle WebLogic Server RCE – CVE-2020-14882. Again in November, Oracle released an out-of-band security patch to fix a related RCE for Oracle Fusion Middleware. These vulnerabilities are currently being exploited by multiple botnets in the wild. Detectify scans your application for both of these vulnerabilities and will alert you if you are running a vulnerable version of Oracle WebLogic Server.

veracode

CI/CD With Veracode Docker Images

On November 19, Veracode published new, official Docker images for use in continuous integration pipelines. The images, which provide access to Pipeline Scan, Policy (or Sandbox) scans, and the ability to access Veracode APIs via the Java API Wrapper or via HTTPie with the Veracode API Signing tool, make it easy to include the current version of Veracode tools in your automation workflow.

WhiteSource

Kubernetes Security Best Practices

Kubernetes is an open source orchestration platform for containerized workflows. It is the best way to manage – or orchestrate – large clusters of containers at scale. Kubernetes, sometimes abbreviated as K8s, helps you efficiently manage clusters of hosts running Linux containers. In the age of containers, Kubernetes has become a popular open source project and key building block for modern tech infrastructure.

Misconfiguration: Lessons Learned from the #1 Cause of Breaches in the Cloud

Did you know that 80% of companies have suffered a cloud-related breach caused by misconfiguration according to research by IDC? Watch our latest webinar on-demand to learn about the most common configuration mistakes which have led to major data breaches; and why continuous monitoring via Security Configuration Management (SCM) tools are critical to help prevent and quickly identify a breach. Watch now to learn.

Lookout for Small Business: Secure Your Growing Business with Enterprise-grade Security

Regardless of how many employees you have, your growing business faces the same threats as larger organizations. And you depend on engaging your customers on a personal level to stand out in the crowd. So to preserve that relationship, you need a mobile security solution that protects your data and their privacy.
teleport

The Pitfalls of Language Runtimes and Multi-tenant Services

Modern languages like Python, NodeJS, and Go make it easy to handle concurrent requests for multiple customers at the same time by using threads or goroutines. Such services seem very cost effective because one process can handle hundreds or thousands of tenants. However, this efficiency comes at a hidden, steep price. When language runtime scheduling breaks down, one tenant can cause an outage for everyone.

devo

The Third Critical Step to Building the Modern SOC

The new Devo eBook, Building the Modern SOC, presents four evolutionary steps for creating a highly automated and efficient security operations center (SOC) that empowers analysts. This is the third in a series of posts highlighting the most important elements of the four steps. Previous posts covered Step 1, establishing a foundation of centralized, scalable visibility, and Step 2, extracting intelligent insights from your data.

splunk

Something Else To Be Thankful For: Splunk Security Essentials 3.2.2

Well, it’s been a while since you read a blog dedicated to the latest release – okay, the latest several releases – of Splunk Security Essentials (SSE). We have been busy behind the scenes, however, so let’s catch you up on SSE’s latest features, which include the new version of our content API, and externally with updates from MITRE and the release of ATT&CK v7.2 (with Sub-Techniques) and ATT&CK v8.

Building your modern SIEM, Unique security requirements for cloud and modern technologies

Digital transformation has changed the attack surface, and organizations are generating more data than ever before. What does this mean from a security standpoint? Attend this session and hear more about what makes a modern SaaS SIEM solution and why it’s critical for detecting threats across your hybrid and multi-cloud infrastructures. Finally, we’ll explore what tomorrow’s SIEM might look like.
sysdig

Your team is running containers, but are they secure?

Organizations are modernizing IT infrastructure, restructuring teams, and accelerating application delivery with containers and Kubernetes. As with any technology, organizations are at various places within their journey. However, according to Gartner, more than 75% of global organizations will be running containerized apps in production by 2022. Chances are your team is using containers for some applications.

alienvault

How to secure a Kubernetes cluster

More and more organizations are adopting Kubernetes, but they’re encountering security challenges along the way. In the fall 2020 edition of its “State of Container and Kubernetes Security” report, for instance, StackRox found that nearly 91% of surveyed organizations had adopted Kubernetes, with a majority (75%) of participants revealing that they had deployed the container orchestration platform into their production environments.

tripwire

How to Protect Your Business From Multi-Platform Malware Systems

The Lazarus Group (also known as Guardians of Peace or Whois) is a notorious cybercrime gang made up of unknown individuals. According to the United States Federal Bureau of Investigations, the group is a North Korean “state-sponsored hacking organization.” However, some believe that their connections to North Korea might be a false flag intending to hide their true origins.

siemplify

SOCstock 2020: Tackle the Human Side of Incident Response with SOAR and Threat Intelligence

It’s easy to overlook the human elements behind cyber threats and cyberattacks. We tend to focus our time analyzing the technical mechanics behind executed attacks, their vulnerabilities and exploits, and their potential mitigation techniques. While all important factors, they don’t account for the people behind the threat. This ultimately leaves you exposed and without crucial context to aid us as you allocate security resources and evaluate assets likely to be targeted.

ekran

7 Third-Party Security Risk Management Best Practices

Cooperation is the key to success. Working with third parties helps businesses increase their productivity and efficiency, produce better products and services, employ highly qualified experts, and cut costs. But all these benefits come at the price of increased cybersecurity risks. Minor flaws in your third-party vendor’s security and privacy routines may turn into cybersecurity weaknesses for your company.

cyberint

IcedID Stealer Man-in-the-browser Banking Trojan

IcedID stealer (Also known as BokBot) was first discovered at the end of 2017, believed to be a resurgence of the NeverQuest banking Trojan. It is a modular banking trojan that uses man-in-the-browser (MitB) attacks to steal banking credentials, payment card information and other financial data. The stealer possesses relatively sophisticated functionality and capabilities such as web injects, a large remote access trojan (RAT) arsenal and a VNC module for remote control.

synopsys

Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network

This is the first part of a two-part advanced technical tutorial that describes how you can use the Defensics SDK to set up your own Bitcoin network. This is the first of two articles that describe how to use the Defensics® software development kit (SDK) to fuzz Bitcoin software. Specifically, you’ll learn how to model one of the Bitcoin network protocol messages and use the Defensics SDK to perform fuzzing on the bitcoind process.

Reviewing Findings in Veracode for VS Code

In this video, you will learn how to: Veracode IDE Scans find potential security issues in your code in seconds so that you can fix the findings directly in your IDE. Veracode for VS Code is an extension to Visual Studio Code, which performs an IDE Scan at the file level. It supports JavaScript, TypeScript, and C#. You can scan either a single file or all files in a selected Visual Studio folder.
rezilion

Resilient Delivery Demands Autonomous Security

Business demands fuel technology shifts The growing shift towards digital business models, accelerated by the pandemic, has revealed the need for increased business and technology alignment across every industry. Customers expect to be able to interact with companies anywhere, anytime, and demand highly responsive, customizable experiences. Gartner refers to organizations with the ability to meet these demands as intelligent, composable businesses1.

stackrox

OpenShift image security and cluster maintenance best practices

This is the last installment in our four-part OpenShift security blog series. Don’t forget to check out our previous blog posts in the series: Part 1 - OpenShift security best practices for designing clusters Part 2 - OpenShift networking and cluster access best practices Part 3 - OpenShift runtime security best practices Read this blog post to learn about security best practices when building container images in Red Hat OpenShift environments.

stackrox

How KubeLinter fits in the CNCF Ecosystem

There has been a significant shift in the Kubernetes community to security topics in the past year. According to the StackRox State of Container and Kubernetes Security Report, Fall 2020, human error causes most security incidents in Kubernetes, with misconfigurations contributing to roughly 67% of cases reported by survey respondents. At KubeCon and Cloud-Native Con North America, Kubernetes security topics made up the largest percentage of overall sessions this year.

egnyte

Fact vs. Fiction: Common Data Environment and Interoperability in Construction

A number of software packages offer data storage in the cloud. Convenient? Yes, however, the data resides in its own silo which can make it difficult to manage – from security with a clear audit history, to accessibility to making sure the latest content is available to project stakeholders. A true common data environment (CDE), keeps and protects all that content in a single, secure repository in the cloud with integrations to applications.

CISA's recommendations on how to recognize and avoid email scams

Just as remote work has grown at an unprecedented rate across the world, so too have the number of email scams. Email is now the most popular attack vectors among adversaries. We've prepared a guide to help you understand the anatomy of popular email-based scams, how they work, and what you can do to avoid them. Key insights from the e-book.
manageengine

How to secure your network from a Ryuk ransomware attack

Universal Health Services (UHS), a Fortune 500 company and healthcare services provider, has reportedly shut down systems at facilities throughout the United States after the Ryuk ransomware hit its network on September 27, according to an article on the Health IT Security website. What is Ryuk ransomware? Ryuk is a sophisticated ransomware threat that targets businesses, hospitals, and government institutions across the world.

alienvault

What is Vizom malware? Everything you need to know

Security researchers working with IBM Security recently uncovered a new malware code that is being used to attack online banking users in Brazil. Referred to as ‘Vizom’ by the team, the code utilizes remote overlay attacks to siphon sensitive financial data and make fraudulent transactions from victims bank accounts.