July 2021


Cloud Threats Memo: Learning From Recent Cloud Storage Misconfiguration Incidents

It’s time to update the list of security incidents caused by misconfiguration of cloud storage resources since the last couple of weeks have unfortunately been quite prolific. The shared responsibility model continues to be overlooked, or simply misunderstood by too many organizations, and as a consequence tons of sensitive data is leaked from the cloud on a daily basis, putting thousands of individuals (and dozens of municipalities) at risk of fraud, identity theft, and phishing campaigns.


Why bots are a growing problem for airline ticket sales

In the wake of the pandemic, airlines are fighting back against challenges from all directions this year. Many have banded together to protest government orders around banned routes, Covid testing and post-travel quarantine periods. International holiday-going in 2021 has become an unappealing prospect for many, due to the added expense and inconvenience imposed by Covid restrictions.


Website Security Checklist | How to secure your site in 2021?

Website security should be a concern for any business owner because attackers are becoming much more sophisticated and are always looking for ways to get into customer databases even without exploiting the victim directly. In this blog, we are sharing a website security checklist to help website owners improve their websites against the most common cyber attacks.


Fidelis Vulnerability and Trends Report - Q2 2021

At Fidelis Cybersecurity®, our Threat Research team continuously monitors the current threat landscape to provide coverage and vigilance on the most menacing vulnerabilities. Our Real-Time Vulnerability Alerting Engine harnesses public data and applies proprietary data analytics to cut through the noise and get real-time alerts for highly seismic cloud vulnerability exposures and misconfigurations—making vulnerability fatigue a thing of the past.


Are Hybrid AGMs Upholding Corporate Governance?

Before the COVID-19 pandemic, Annual General Meetings (AGMs) were typically held in a physical venue where shareholders could directly ask questions and vote for resolutions on site. The chairperson and directors of the company had to be on the ball and be prepared for questions to come their way once spotlighted. However, in the last year, when the pandemic struck the world, everyone was pushed into an era of digital transformation.

How to Spot C2 Traffic on Your Network

Attackers often hide their command and control (C2) activity using techniques like encryption, tunneling in noisy traffic like DNS, or domain generation algorithms to evade blacklists. Reliably spotting C2 traffic requires a comprehensive network security monitoring capability like open source Zeek that transforms packets into connection-linked protocol logs that let analysts make fast sense of traffic. Corelight’s commercial NDR solutions generate this Zeek network evidence and also provide dozens of proprietary C2 insights and detections.

A SANS 2021 Report Top New Attacks and Threat Report

In the SANS 2021 Top New Attacks and Threat Report, John Pescatore provides insight into the threats highlighted during the SANS panel discussion at the 2021 RSA Conference. This webcast will include practical advice from the paper, including insights from SANS instructors Ed Skoudis, Heather Mahalik, Johannes Ullrich, and Katie Nickels on the critical skills, processes and controls needed to protect their enterprises from these advanced attacks.

Dangerous games: the cyber security threats to the Olympics

In this blog post, we outline past and present threats to the Olympic Games and the steps that organisations can take to reduce the risks. With more than 11,000 athletes and 206 countries and states taking part, the delayed Tokyo 2020 Olympic Games are currently being watched around the world. This level of visibility makes the Games a target for those seeking to cause politically-motivated harm, enrich themselves, boost their profile or undermine the host nation on an international stage.


Defending against ransomware - The basics

Given the spate of recent ransomware attacks, the latest of which occurred shortly before Independence Day, this topic is likely at the top of mind for most organizations. Understanding the fundamentals of security, and the most common ways ransomware gets installed, is a must if a company hopes to truly lay the groundwork required to build and operationalize their security program.


Dip a toe into the importance of AML and compliance for Crypto exchanges

“Never let a crisis go to waste.” It’s an expression that we’ve all heard a lot over the course of the last year. It is a reminder by Winston Churchill that in bad times that big problems often beget opportunities to do things differently — and better — next time around. No other industry as much as crypto has lived up to this quote.


Phishing Attacks Often Target Small Businesses - Here's What to Watch for

Scammers target businesses with phishing emails all the time, pretending to be legitimate customers or vendors asking for payment. While any company can be vulnerable to this type of attack, small- to medium-size companies are particularly vulnerable because it is easier for a scammer to do a bit of research online and identify the right people to impersonate or send a phishing email to.


A Conversation with Mickey Perre, Devo Cybersecurity Strategist in ANZ

What is it about Devo that enticed you to join the company? If you look at my history, you’ll quickly realise I am passionate about two things: data and cybersecurity. One other passion that is not widely known is that I am a bit of a graph-processing fanatic. Solving problems in the modern security landscape isn’t just about collecting loads of data — which Devo does well — but how you can turn that data into actionable intelligence.


AppSec Decoded: New executive order changes dynamic of software security standards

In this episode of AppSec Decoded, we discuss the impact of the new executive order by the Biden administration on organizations working with the government. The past year has led many people and organizations to depend more on technology, completely changing the way they operate. With the increased dependency of technology, it should come as no surprise that the number of breaches and security risks have increased as well.


Prepare your Kubernetes cluster for Pod Security Policy deprecation

The Kubernetes community created a feature in v1.10 called Pod Security Policy (PSP) to control the security-related fields for pods defined in your Kubernetes cluster. Now that PSP is being deprecated in Kubernetes v1.21, what should you do to secure your Kubernetes cluster? In this blog, we’ll learn a bit about PSP, explore why it’s being deprecated and how Open Policy Agent (OPA) can ease the migration from PSP.


Snyk Code adds security scanning for C# and .NET

As a quick note, I have a personal history with .NET, including time working at Microsoft as a .NET evangelist. And I’ve briefly met Anders Jejlsberg, the designer of C# and Typescript, so this blog is a bit personal for me. We are happy to announce that Snyk Code scans for security vulnerabilities and provides remediation suggestions for yet another language: C#. This adds a major language to our portfolio which includes support for Java, JavaScript, TypeScript, and Python.


Securing Access to Your MongoDB Database

MongoDB is one of the most popular open-source databases. Unfortunately, this also means ubiquity of misconfigured and unsecured MongoDB deployments out in the wild. Just in recent years, we’ve seen several hacks involving thousands of MongoDB databases left exposed online without any protection, making them ripe for the hacker’s picking. It doesn’t have to be this way, though.


The Identity Brief: Turning Data Into Fraud Prevention, Just Like a Tech Giant

We just launched the Identity Brief: a podcast dedicated to exploring the world of identity. In episode 1, our guest Ori Eisen, CEO of Trusona, detailed how he found his way to fighting fraud using passwordless security. He reminded us that money goes to fund nefarious things when it is lost or stolen in a breach. We all have a responsibility to leverage technology like passwordless authentication to minimize the funding of cyber criminals.


How to Bridge the Cybersecurity Skills Gap

Application security remains a top concern for organizations, making the need for skilled cybersecurity professionals as urgent as ever. Nearly half of security practitioners in high-performing enterprises who participated in a recent Ponemon Institute research report about reducing enterprise security risks stated that hacks to insecure applications are their organization’s biggest concern.


Netskope Threat Coverage: 2020 Tokyo Olympics Wiper Malware

Major sporting events, like the World Cup or the Olympics, are usually targets of cybercriminals that take advantage of the event’s popularity. During the 2018 World Cup, for example, an infected document disguised as a “game prediction” delivered malware that stole sensitive data from its victims, including keystrokes and screenshots.


XDR Security: Why Successful XDR Is Driven by Data and Security Analytics

Let’s take a trip — back about eight years — when a Gartner analyst coined the term endpoint detection and response (EDR). He was describing security systems that both detect and investigate suspicious activities on computers and other devices and use automation to help security operations center (SOC) teams quickly identify and respond to threats. Since then, EDR has become a critical component of a modern security stack for organizations of all sizes.


Detecting unusual network activity with Elastic Security and machine learning

As we’ve shown in a previous blog, search-based detection rules and Elastic’s machine learning-based anomaly detection can be a powerful way to identify rare and unusual activity in cloud API logs. Now, as of Elastic Security 7.13, we’ve introduced a new set of unsupervised machine learning jobs for network data, and accompanying alert rules, several of which look for geographic anomalies.

The Simplest way to Secure your Java Maven Project

Can I scan for security vulnerabilities using Maven? How can I integrate security scanning in my Maven build? How to monitor for security vulnerabilities with every Java build? Scanning the dependencies for known security vulnerabilities in your project is essential. The ideal time to start checking your dependencies is the very moment you import them! To that end, we created the Snyk Maven plugin so you can now scan your application for security vulnerabilities in third-party libraries as part of your build cycle—putting security expertise in the hands of developers.

Encrypted Traffic Collection

Working with encrypted traffic is a common task in the SOC and one that many people think network monitoring solutions can't do anything about. The reality, however, is a bit less cut and dry than you might think. Corelight with Zeek can parse details about the certificate handshake and the SSL connection itself. See the cipher and elliptic curve in use, which are great for detecting vulnerabilities like CurveBall. Learn more about Corelight's Encrypted Traffic collection in this brief two minute video.

5 critical aspects of Attack Surface Management (ASM)

Modern technologies and work flexibilities, such as cloud computing, work-from-anywhere, remote employees connecting to the internal network, and so on, enhance the organizations' operation and provide ease of management. Consequently, they impact the organizations' security controls and introduce additional attack surfaces or opportunities for intruders to attack. This situation demands security analysts to adopt modern attack surface management techniques and technologies.


10 Common Cyber Attack Vectors and How to Avoid Them

When it comes to cybercrime, cybercriminals are constantly changing their tactics. Think back to 10 years ago; malware sites — malicious sites that attempt to install malware on a device – were a common attack vector. At the same time, sophisticated ransomware attacks on organizations were rare. Often, ransomware was used to target individuals, sometimes blackmailing them for having been on unsavory sites and asking for a few hundred dollars in ransom.


Mitigating Insider Threats: Plan Your Actions in Advance

For any organization, insider attacks are like a severe illness: prevention is better than the cure. Like illnesses, insiders mask their malicious actions and can harm your organization for a long time before you detect them. This harm can be in the form of a loss of data, customers, money, etc.   Planning a risk mitigation process helps to stop insider attacks at the early stages or reduce their potential damage.


The Next Disruptive ICS Attack: 3 Likely Sources for Major Disruptions

Faced with rows of empty gas pumps, many Americans on the East Coast may be wondering why this happened, whether it will happen again, or if there is anything we can do to avoid future catastrophe. The unpleasant truth of the matter is that this will certainly not be the last time society is disrupted due to attackers targeting critical industrial control systems (ICS). The impact of such an attack is amplified by the growing reliance on automation and antiquated protocols throughout many OT networks.


Cloud Compliance Best Practices: A Quick Overview

Cloud compliance is more important than ever, especially as businesses and organizations continue to engage in remote and digital work practices due to COVID-19. Even before the pandemic, more and more companies were migrating to the cloud. But what exactly is cloud compliance, and what are some best practices you should keep in mind if you’re shopping for a provider or looking to enhance your current computing system?


Common web vulnerabilities every hacker and developer should know

Web applications and hosted software make up the largest attack surface for modern tech organizations. The most common web vulnerabilities being exploited go beyond the OWASP Top 10 list. At Detectify, we work in close collaboration with an invite-only community called Detectify Crowdsource to get the latest vulnerability research into the hands of security defenders. Besides knowing the vulnerabilities, you need the know how on how to mitigate them.


The Future Federal SOC Will Be Data-Driven

The executive order on cybersecurity President Biden issued in May doesn’t radically change federal cybersecurity practices for now, but it lays the groundwork for significant changes in the future. The EO directs multiple federal agencies to develop new policies and processes to safeguard federal networks, and also to improve the overall cybersecurity posture of all Americans.


How to Assess and Up-level Your Organization's Maturity for SOAR, Gartner's Take

Earlier this year, Gartner published its latest research on the Security Orchestration, Automation and Response (SOAR) market in a report entitled, “Is Your Organization Mature Enough for SOAR?”. We’ve been talking to clients about this very subject and agree with Gartner that SOAR tools can increase SecOps efficiency and consistency, provided organizations have laid the proper groundwork.


Announcing Social Trends: Use social media for security intelligence

We are excited to announce the availability of Social Trends, adding social media intelligence (SOCMINT) to Snyk’s vulnerability data to help development and security teams prioritize vulnerabilities more effectively. Given the size of vulnerability backlogs facing organizations today, finding and fixing security vulnerabilities in a timely manner is a monumental task. There simply are not enough hands on deck to triage and tackle all the vulnerabilities on the list.


How to cyber security: Addressing security fatigue

Addressing security fatigue with small changes to your AppSec strategy can help you manage and minimize risks in your applications. How many times a day does something like this happen to you? Is it 10 times a day? 25? 100? I’m a highly technical security professional and I’m not even sure what I should do. What is PC-Doctor? What is SystemIdleCheck.exe? If I click No, will something not work the way that I want it to work? Each time you see such a prompt, what do you do?


Egnyte and Splunk Integration: You Can't See if You Don't Look

Security Information and Event Management (SIEM) technology provides visibility across an organization's information security systems by collecting and correlating events from logs across many different sources. Security analysts use tools like a SIEM to go “threat hunting”. By correlating disparate events across systems, they can often detect Indicators of Compromise (IoC’s) that may otherwise go unnoticed on individual systems.


NIST vs SOC 2: What's the Difference?

When the subject is cybersecurity compliance, the National Institute of Standards and Technology (NIST) is often the first reference that comes to mind. NIST has been around for decades, and its standards for the development of cybersecurity risk management programs are considered the gold standard. There is, however, another standard that applies to service providers that handle customer data, as well as to those firms’ business partners: the SOC 2 audit.


Insider Threat Prevention: 5 Steps To Improving Defensive Posture By The End Of 2021

As businesses emerge from a pandemic year, cybersecurity concerns are necessarily top of mind . Companies face expansive cybersecurity threats on many fronts, prompting 75 percent of business leaders to view cybersecurity as integral to their organization’s COVID-19 recovery. They undoubtedly face an uphill battle. Surging ransomware attacks and increasingly deceptive phishing scams are attracting national attention, while more than 500,000 cybersecurity jobs remain unfilled in the US alone.


What is the MITRE ATT&CK Framework for Cloud? | 10 TTPs You should know of

In any case, by using the MITRE ATT&CK framework to model and implement your cloud IaaS security, you will have a head start on any compliance standard since it guides your cybersecurity and risk teams to follow the best security practices. As it does for all platforms and environments, MITRE came up with an IaaS Matrix to map the specific Tactics, Techniques, and Procedures (TTPs) that advanced threat actors could possibly use in their attacks on Cloud environments.


How to mitigate CVE-2021-33909 Sequoia with Falco - Linux filesystem privilege escalation vulnerability

The CVE-2021-33909, named Sequoia, is a new privilege escalation vulnerability that affects Linux’s file system. It was disclosed in July, 2021, and it was introduced in 2014 on many Linux distros; among which we have Ubuntu (20.04, 20.10 and 21.04), Debian 11, Fedora 34 Workstation and some Red Hat products, too. This vulnerability is caused by an out-of-bounds write found in the Linux kernel’s seq_file in the Filesystem layer.

Kubernetes Quick Hits: Use SecurityContext to drop unnecessary Linux Capabilities

In this episode of our Kubernetes Quick Hits video series, Eric Smalling–Sr. Developer Advocate at Synk– talks about Linux Capabilities and why you probably can run with none of them enabled. Linux Capabilities is item number six from our recently published cheatsheet, 10 Kubernetes Security Context settings you should understand, check it out and start securing your Kubernetes application deployments today!

How logging everything helps mitigate ransomware risks

Ransomware attacks, the malicious code that attackers use to encrypt data or lock users out of their devices, have been rampant and are on the rise globally. The largest ransomware payout thus far in 2021 was made by an insurance company at $40 million. A more recent attack occurred in early July and was launched by a group called REvil. The immediate victim was a Florida company, Kaseya, that provides software to companies that manage technology for thousands of smaller firms.

OT security and implications to wider IT Environments

Poor Operational Technology (OT) security can lead to serious IT data breaches. Learn from experts at Splunk, Corelight, and ClearShark about the risks unsecured OT systems pose to IT networks, and how visibility into network traffic can enable accurate alerting to malicious behavior. You’ll learn key differences between OT and IT networks, about Corelight’s ability to understand and enhance OT protocols, and the value of Zeek wire data for both IT and OT security.

Accelerate SecOps with a Single Source of Network Truth

Network evidence is vital for defense, but collecting it can be overly complicated and result in incomplete data that is difficult to use. By transforming VPC and on-premises traffic into Zeek logs and Suricata alerts, you can accelerate threat hunting and incident response workflows in security analytics tools like Chronicle and VirusTotal.

Telegram Zeek, you're my main notice

Zeek’s Notice Framework enables network operators to specify how potentially interesting network findings can be reported. This decoupling of detection and reporting highlights Zeek’s flexibility: a notice-worthy event in network A may be run-of-the-mill in network B. Much like detections, reporting needs will likely differ between networks as well.


Malware alert: The RedXOR and Mamba attacks and how to defend against them

Picture this: It’s a normal day of working from home as usual since the COVID-19 outbreak. After that satisfying cup of coffee, you log in. But something is wrong. No matter how many times you click, your files don’t open. Your screen is frozen and refuses to budge. And then, you see one of the worst nightmares any IT admin can imagine: “Oops, your files have been encrypted. But don’t worry, we haven’t deleted them yet.


Improved third party security with rapid assessment tools

The CISO of a large state agency shared with me the automated tools he used to mine intelligence about his IT suppliers, and their sub-suppliers and interconnections by way of vetting for security posture. He truly recognized the threat of third parties long before the SolarWinds hack. His due diligence sparked inspiration for this blog. Can a business assume that third party security controls are strong enough to protect their digital supply chains? What about cloud-based assets?


Company Trends Report: Visibility into Cyber Risk Management

Everyone tracks progress. Whether it’s academics, health, or job skills, people need visibility into where they started and how well they’re advancing toward a goal. From a business perspective, tracking progress gives insight into whether the organization is prioritizing activities for long-term initiatives or whether it needs to take corrective action. Sometimes, the progress reports remain internal. Other times, organizations share them with customers and business partners.


Which Managed Kubernetes Is Right for Me?

Kubernetes helps with scaling, deploying, and managing containerized workloads, facilitating a faster deployment cycle and configuration management—all while providing improved access control.Kubernetes is also a CNCF project, meaning it’s cloud-native and can be easily deployed through any cloud provider. This blog will compare on-premises, or self-hosted,Kubernetes clusters to managed ones, as well as outline your options for Kubernetes in the cloud.


How to Securely Send Data to Your SIEM

Deploying a SIEM requires strategic planning. When deciding on a deployment, an organization must consider the level of risk it is willing to assume, what its security priorities are, and which use cases to implement. From there, your security operations team must thoughtfully identify their inputs — the data the SIEM solution will gather — before rolling out anything. Otherwise, you won’t obtain your desired outputs to identify high-fidelity alerts to act on.


What is Hybrid Cloud Security?

Hybrid clouds are an elegant and adaptable technology solution for combining public and private cloud storage with more traditional IT infrastructure. While the hybrid cloud model provides a number of benefits, it requires a different security approach than private data storage options. Keep reading to learn more about the pros and cons of hybrid cloud computing, as well as the best security measures for protecting the data stored there.


How Network Segmentation Can Protect Supply Chains from Ransomware Attacks

Organizations can take various steps to protect their operational technology (OT) environments against digital threats. But some stand out more than others. In particular, network segmentation is described as “the first answer to insufficient ICS (Industrial Control System) cybersecurity.” Experts advocate zoning ICS assets to coordinate informational technology (IT) and OT environments effectively. That doesn’t always happen, however.


How to Map Your Digital Footprint: 2021 Guide for Businesses

Forensic investigators can track your exact location by following the biological traces left on every object you touched. In the digital world, your online activity is much easier to track because digital prints are larger, harder to hide, and even harder to erase. This poses a serious cybersecurity problem for all businesses.

SaaS Visibility - Use Case 1

Provide inline visibility and advanced analytics for thousands of apps (managed and unmanaged) in use, including users, file names, activity, and to whom. Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, Netskope is fast everywhere, data centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.

Data Movement - Use Case 2

See and control data movement between cloud app instances and in the context of app risk and user risk. Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, Netskope is fast everywhere, data centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.

Sensitive Data Propagation - Use Case 3

Alert or block when sensitive data is posted or added directly (not just uploaded) in cloud apps like Slack, Word online, and GitHub. Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, Netskope is fast everywhere, data centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.

BYOD and 3rd Party Access - Use Case 5

Allow unmanaged device access to a specific cloud app for collaboration, however, do not allow downloading of sensitive data when on an unmanaged device. Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, Netskope is fast everywhere, data centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.

Cloud Phishing - Use Case 6

Protect users from phishing attacks using cloud hosted fake forms (e.g. Office 365 login) to collect app access credentials. Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, Netskope is fast everywhere, data centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.

Sensitive Data in Documents and Images - Use Case 7

Alert or block when sensitive documents and images such as tax forms, resumes, patent, forms, passports, drivers' licenses, social security cards, and screenshots are uploaded to cloud apps and websites. Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, Netskope is fast everywhere, data centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.

Build developer trust with faster, accurate AppSec testing from Rapid Scan

Synopsys Rapid Scan helps developers build secure apps with faster, accurate application security testing. The word “rapid” has particular importance when it comes to what developers expect from application security solutions. Anything that slows down development efforts causes friction.

AppSec Decoded: New executive order changes dynamic of software security standards | Synopsys

In this episode of AppSec Decoded, Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center (CyRC), discusses how the new executive order from the Biden administration will change the way government entities or the heads of those entities operate to adjust to the surge of security threats.

Egnyte Links for Procore Project Links Quick Tip

In this video, learn how to streamline access to your project files by using Egnyte links as Procore project links. Save time and eliminate duplicate files in Procore by using Egnyte links for Procore project links. Ensure your team has easy access to their project files in Procore by using Egnyte links as project links.

Splunk SOAR Feature Video: Custom Functions

Splunk SOAR’s custom functions allow shareable custom code across playbooks and the introduction of complex data objects into the playbook execution path. These aren’t just out-of the-box playbooks, but out-of-the-box custom blocks that save you time and effort. This allows for centralized code management and version control of custom functions providing the building blocks for scaling your automation, even to those without coding capabilities.

Splunk SOAR Feature Video: Contextual Action Launch

Splunk SOAR apps have a parameter for action inputs and outputs called "contains". These are used to enable contextual actions in the Splunk SOAR user interface. A common example is the contains type "ip". This is a powerful feature that the platform provides, as it allows the user to chain the output of one action as input to another.

Splunk SOAR Feature Video: Configure Third Party Tools

To get started in Splunk SOAR, you will need to configure an asset. Assets are the security and infrastructure assets that you integrate with the Splunk SOAR platform, like firewalls and endpoint products. Splunk SOAR connects to these assets through apps. Apps extend the platform by integrating third-party security products and tools.

Detecting SeriousSAM CVE-2021-36934 With Splunk

SeriousSAM or CVE-2021-36934 is a Privilege Escalation Vulnerability, which allows overly permissive Access Control Lists (ACLs) that provide low privileged users read access to privileged system files including the Security Accounts Manager (SAM) database. The SAM database stores users' encrypted passwords in a Windows system. According to the Microsoft advisory, this issue affects Windows 10 1809 and above as well as certain versions of Server 2019.


Defending the Internet of Things from hackers and viruses

The 2010 Stuxnet malicious software attack on a uranium enrichment plant in Iran had all the twists and turns of a spy thriller. The plant was air gapped (not connected to the internet) so it couldn’t be targeted directly by an outsider. Instead, the attackers infected five of the plant’s partner organizations, hoping that an engineer from one of them would unknowingly introduce the malware to the network via a thumb drive.


Collecting and operationalizing threat data from the Mozi botnet

Detecting and preventing malicious activity such as botnet attacks is a critical area of focus for threat intel analysts, security operators, and threat hunters. Taking up the Mozi botnet as a case study, this blog post demonstrates how to use open source tools, analytical processes, and the Elastic Stack to perform analysis and enrichment of collected data irrespective of the campaign.


Data Security Explained: Challenges and Solutions

Data is the most valuable asset for any business. No matter what industry you are in, it’s critical to take care of your data, whether it is financial reports, healthcare records or a start-up business plan. Despite increased data protection regulation, data breach risks are growing. According to Capita, 80% of data breaches involve personally identifiable information at a cost of $150 per record.

The Next Chapter

Welcome to the next chapter of 1Password. Today we’re announcing a new investment round in 1Password. Our current investor Accel led this round and a number of incredible folks including Ashton Kutcher’s Sound Ventures and top executives from Shopify, Slack, Squarespace, Google, Eventbrite, MessageBird and Atlassian also came on board. Find out more about how we’re building the future of online security on the 1Password blog.

Investing in our future (again!)

I have some fantastic news to share. Today we’re announcing a new investment round in 1Password. Our current investor Accel led this round and a number of incredible folks including Ashton Kutcher’s Sound Ventures and top executives from Shopify, Slack, Squarespace, Google, Eventbrite, MessageBird and Atlassian also came on board.


Agent Tesla Delivers Oski Stealer

Cyberint Research observed a number of unsolicited malicious email (malspam) campaigns throughout July 2021 in which Agent Tesla has been used to deliver 'Oski Stealer' to a variety of targets worldwide. First observed around November 2019, Oski Stealer is a popular threat, used to gather credentials and/or financial data from victims, and is readily available to purchase on various cybercriminal forums, typically advertised by a threat actor known as 'oski_seller', for around US$70-100.


What is edge networking? An overview on the network edge

As organizations look for ways to improve network performance for user-facing application data, it is becoming increasingly evident that routing requests all the way to internal data centers is the least optimized model. Doing so increases latency, reduces available bandwidth, increases bandwidth requirements at the data center, and increases overall costs.


What is SOX Compliance? Requirements & Controls

Although the Sarbanes-Oxley Act of 2002 (SOX) has been around for nearly two decades, many companies still struggle to meet compliance requirements. Initially enacted in response to public companies mishandling financial reporting, SOX is a compliance requirement for all public companies. Understanding SOX compliance, as well as its requirements and controls, helps organizations create more robust governance processes.


Everything You Should Know About the HIPAA Enforcement Rule

With the regular and much needed update to critical standards such as HIPAA, auditors and compliance experts need to be continuously on their toes to review and acquaint themselves with these new developments. One of the latest such updates is the Health Information Portability and Accountability (HIPAA) Enforcement rule, which has caused quite a stir in the industry due to confusion about its applicability.


Nightfall's data protection & classification platform enables SOC 2 compliance

Security teams that work in highly regulated industries or build solutions for consumers must adhere to compliance controls and regimes required for their business. One of the most important compliance requirements for many companies is the SOC 2 audit. The SOC 2 audit provides detailed information and quality assurance about essential security factors such as the confidentiality of data under your organization’s stewardship, privacy controls, and many other standards.

Onboarding Data in Splunk Security Analytics for AWS

Splunk Security Analytics for AWS’ new data onboarding wizard quickly takes you from subscribing to the service to visualizing your AWS environment. We’ll walk through the wizard in this video, and you’ll see how the new process can save you hours, days or even weeks when compared to traditional data onboarding processes.

B eyond Blockchain : An Introduction to HALOCHAIN

This is part of my two-part blog series about HALOCHAIN technology. In this introductory blog, you will get a glimpse of SECUDE’s HALOCHAIN technology (Patent Pending) and how it will revolutionize the digital trading business. In my next blog, I will write about how system administrator holds the key to the company’s most critical data and how HALOCHAIN technology can be used to mitigate the risks related to log file manipulations.


Supercharge your SIEM Capabilities with Modern Log Management

Cybersecurity is front and center today for every business regardless of size or industry. Major ransomware attacks and data breaches seem to make headlines just about every day. Sophisticated attackers and cybercriminals are always finding new ways to extort businesses, steal confidential data, and wreak havoc. A quick read of the CrowdStrike 2021 Global Threat Report will surely give you cause for concern.


Cybercrime statistics we can't ignore

- Even as crime numbers fell overall in Singapore between 2016 and 2017, the percentage of cybercrimes grew from 15.6% to 16.6% of total crimes. This motivated the Singapore Police Force and the National Crime Prevention Council to re-enact cybercrime cases in a popular crime watch series. - In Australia, the Australian Cyber Security Centre’s Annual Cyber Threat report shows that a cyber crime is reported, on average, every ten minutes.

A Security Umbrella From A Single Vendor

Equipping your team with the most holistic cybersecurity stack is just as important as protecting your clients with the latest and greatest security solutions. There are many factors to consider before deciding which option would best benefit your business. Hear from Success Computer Consulting to learn what they consider as they're deciding which vendors to partner with.

Why implementing Zero Trust is more important than ever before

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week, we explore why organizations should implement Zero Trust in 2021. In 2010, John Kindervag introduced the concept of “Zero Trust” which has become a touchstone for cyber resilience and persistent security. Zero Trust is not a security product, architecture, or technology.


Cloud Threats Memo: Watch Out for Google Forms Cloud Phishing

Google Forms is one of the preferred tools used by cybercriminals to quickly set up and deliver phishing pages. We have seen examples of Google Forms pages mimicking Microsoft Office 365 logins (one of the preferred imitated applications), financial institutions like American Express, and in general any applications. Despite the naïve layout, the tool is flexible enough to build an (un)realistic login page with few clicks.


Six Terms to Up Your IoT Vocabulary

You know that uncomfortable feeling in the pit of your stomach when you didn’t study for the test and you think you’ll get a failing grade? You stare blankly at the test questions and feel completely lost and adrift. It’s like having a conversation with a colleague who casually drops a term or acronym related to the Internet of Things (IoT), and you suddenly find yourself on unfamiliar ground.


What Will Cybersecurity Look Like Over the Next Five Years?

As a result of the Covid-19 pandemic, organizations in all industries ramped up their digital transformation efforts to make online operations easier for their employees and customers. But with more and more organizations online, the digital attack surface is growing at a record pace. The more applications with vulnerable code, the more opportunities for a cyberattack. In fact, our research found that 76 percent of applications have at least one security vulnerability.


100+ Server Security & Best Practices Tips on Securing a Server

Servers are the backbone of an organisation’s IT infrastructure as they provide both information and computational services to its users. And because of their critical role, servers are always a prime target for hackers looking to exploit any vulnerability they can find, leading to data breaches and financial and reputational damage.


Get Started with Splunk for Security: Splunk Security Essentials

Continuing to ride the waves of Summer of Security and the launch of Splunk Security Cloud, Splunk Security Essentials is now part of the Splunk security portfolio and fully supported with an active Splunk Cloud or Splunk Enterprise license. No matter how you choose to deploy Splunk, you can apply prescriptive guidance and deploy pre-built detections from Splunk Security Essentials to Splunk Enterprise, Splunk Cloud Platform, Splunk SIEM and Splunk SOAR solutions.

Axis Security

How do Hackers Hack - An Experiment in Open Portal Attacks

I built it – and hackers came It’s been an eventful 12 months. With people working from home, there’s been an over 40% surge in machines accessible from the internet running RDP, with RDP attacks up over 400%. 1 This site even has instructions for how to create more than one RDP instance on the same Windows 10 machine. 2 There are also these instructions for Windows 2016, that create a larger attack surface that by allowing multiple RDP connections into the same endpoint.


HiveNightmare / SeriousSAM (CVE-2021-36934)

First coming to light as a local elevation of privilege vulnerability affecting pre-release versions of Windows 11 (Figure 1), subsequent investigations into the issue, namely sensitive registry hive files being accessible to all users when 'System Protection' is enabled, confirm that it also affects Windows 10. Initially dubbed 'HiveNightmare' and 'SeriousSAM' by security researchers, CVE-2021-36934 has been assigned to this vulnerability although the CVSS score has yet to be determined.


Actionable Insights with SecurityScorecard Threat Intelligence Partners

Threat intelligence provides valuable insight into contextual business risk. You can gain insight into threat actors targeting your industry or information from your organization located on the Dark Web. According to one report, 79% of security professionals find threat data feeds essential to their organization’s cybersecurity posture. Additionally, 63% of respondents noted that they use feeds to ensure a better defense.


A Cure for a Disheartened Cybersecurity Professional

Data breaches and ransomware attacks aren’t just still occurring. They’re also becoming more frequent. According to ZDNet, the number of ransomware attacks detected and blocked by one security firm grew 715% year-over-year in 2020 alone. Another security company calculated the total number of ransomware attacks for the year to be around 65,000, wrote NPR. That’s about seven ransomware incidents every hour.


11 of the worst data breaches in 2021 so far

It’s no secret that Covid-19 has accelerated the number of cyber-attacks and data breaches witnessed across the globe. Increased reliance on technology as the world worked, shopped and socialised from home increased the surface area for attackers, who capitalised on a growing amount of PII (personally identifiable information) available across the internet.


Dogfooding It: How I Used Our Own Vulnerability Validation Technology to Kill 56 Container App Vulnerabilities Without Patching

As every responsible company does, we too scan our containerized applications for vulnerabilities before deploying them in production. In a recent scan, our security team found 56 high and critical vulnerabilities coming from container base-image and open-source components.


The Complete Guide to Prototype Pollution Vulnerabilities

Prototype Pollution is one of the less known vulnerabilities in the security community. Researchers started to discuss it as a potential attack vector around 2017, and the first vulnerabilities were found in the wild at the start of 2018. In this article, we’re going to take a deep dive into what Prototype Pollution vulnerabilities are, and how they can be mitigated.


More businesses lost larger sums of money to phone scams in past year

Fraudulent phone calls have been an issue for years, and they’re becoming more common. According to a recent report from Truecaller, 59.49 million Americans lost money to scam calls in the past year, costing $29.8 billion. These threats have risen in both number and cost, and businesses can’t afford to ignore this trend. Small and medium-sized businesses are popular targets for fraud, as they often have less security.


Implement a Multi-layered Ransomware Defense Strategy

Ransomware. Nearly every day, we learn about another major attack on companies such as JBS, Kaseya, and Quanta, a key supplier to Apple. Along with the increase in attacks, recent reports have shown the average ransomware recovery cost skyrocketed to $1.85 million this year. And, as companies have become more willing to accept attackers’ ransom demands to restore their mission-critical operations, the average ransomware payment has jumped to more than $170,000.


How to Reduce Noise and Fix Alert Fatigue in Security Operations [With Examples]

Have you ever noticed trees that are marked with spray paint? Now, I’m no tree spray paint marking expert, but it’s my understanding that different colors or symbols can signify different things, such as trees that need to be removed, are damaged but may survive, need to be treated, or are a danger to public utilities.


Shift even further left with blazing-fast Rapid Scan SAST

Why fixing software issues as you code matters and how Rapid Scan SAST can help. It’s common knowledge that fixing bugs early in the software development life cycle (SDLC) is much faster and less costly than doing it later. However, did you know that developers prefer finding and fixing bugs as they code rather than getting a list of identified issues even just one day later?


Preventing Data Exfiltration with eBPF

To keep your business secure, it is important not only to keep the hackers from getting in but also to keep your data from getting out. Even if a malicious actor gains access to the server, for example via an SSH session, it is vital to keep the data from being exfiltrated to an unauthorized location, such as IP addresses not under your organization’s control. In considering a solution to protect against data exfiltration, it is critical to note that one policy does not fit all.


How Orange Business Services is building a better SIEM with Elastic

I’m a security analyst at Orange Business Services in Paris, and one of my current projects for the Orange Group is implementing a new SIEM based on the Elastic Stack. In this blog post, I’ll share why we chose Elastic and how we were able to integrate Elastic into our existing SIEM, resulting in faster investigations and saving our engineers’ time. So follow along.


5 Key Cybersecurity Considerations for Insurance Companies

The connected nature of business environments has increased the severity and frequency of cyberattacks in the insurance sector. Insurance companies face a greater threat than most industries because they deal with sensitive and valuable data stemming from numerous avenues. This has resulted in several high-profile cyberattacks on insurance providers over the past few years.


Why Are Ransomware Attacks on the Rise?

Since the Colonial Pipeline incident in May 2021, the word “ransomware” has been circulating in public opinion and even in recent remarks from President Biden and law enforcement, along with warnings about how this type of advanced cyberattack on companies and individuals should be avoided.  But what exactly is ransomware? Why are we suddenly talking so much about it now?


What Is Supplier Risk Management?

The risks that threaten your vendors and contractors threaten your company as well. Every additional party added to your supply chain expands the scope of your risk and creates more opportunities for your compliance program to fail.  Some new suppliers may be reluctant to be fully transparent with you about their own risks and security measures. Nevertheless, it’s crucial that you work with your vendors to keep all potential threats at bay.


New Bill Could Force U.S. Businesses to Report Data Breaches Quicker

A bipartisan Senate bill would require some businesses to report data breaches to law enforcement within 24 hours or face financial penalties and the loss of government contracts. The legislation from Senate Intelligence Chair and Democratic Senator Mark Warner with Republican Senators Marco Rubio and Susan Collins is just one of several new cybersecurity bills that will likely be debated this year. If passed, the bill could require certain U.S.


IT/OT Convergence or IT/OT Integration?

IT/OT convergence is an oft-repeated term, and maybe it’s the wrong term. From a technology standpoint, IT/OT convergence has been occurring since at least the 1990s when HMI/Operator Stations began running on Windows and when Ethernet began displacing deterministic custom LAN protocols in the OT realm. This technology convergence has continued with networking, cybersecurity, virtualization, edge, zero trust, etc.


What is Wireshark? The Free Network Sniffing Tool

Wireshark is a free open source tool that analyzes network traffic in real-time for Windows, Mac, Unix, and Linux systems. It captures data packets passing through a network interface (such as Ethernet, LAN, or SDRs) and translates that data into valuable information for IT professionals and cybersecurity teams. Wireshark is a type of packet sniffer (also known as a network protocol analyzer, protocol analyzer, and network analyzer).


What Is An Application Security Vulnerability and How Can It Hurt You?

A software bug, system flaw, security gap—these are all terms you may have heard in the world of application security (AppSec). Yes, they all mean slightly different things, but the reality is each one can lead to a vulnerability—which translates into a weakness that can be exploited to compromise the security of an application.


Improve Data Governance for GxP-Compliant Repositories

The need to employ data governance over sprawling repositories is essential in any industry, but it is especially important for the life sciences. The amount and types of data produced are not easily reviewed and organized. The value and sensitivity of the data makes it a lucrative target for cyber attacks. Egnyte’s data governance features give you more control over your data integrity, data privacy, and data security policies across a multitude of public cloud repositories.


Four steps for hardening Amazon EKS security

In the first part of this blog series, we explored deploying Amazon EKS with Terraform, and looked at how to secure the initial RBAC implementation along with securing the Instance Metadata Service. In this second post, we’ll look at more best practices to harden Amazon EKS security, including the importance of dedicated continuous delivery IAM roles, multi-account architecture for Amazon EKS cluster isolation, and how to encrypt your secrets in the control plane.


Pegasus spyware slipping into mobile devices unnoticed. Time to take mobile security seriously.

An investigation titled the Pegasus Project by 17 media organizations and Amnesty International’s Security Lab uncovered that surveillance software from NSO Group purportedly used by governments to target criminal and terror suspects is actively being utilized to target journalists, activists and dissidents. As a result, the security industry has dubbed this, the Pegasus Spyware, which bears a remarkably similar resemblance to the recent spyware activity surrounding FinSpy.


How to Ensure HIPAA Compliance Using Employee Monitoring In a Post-COVID-19 Healthcare Landscape

The recent pandemic pushed medical facilities and staff to the brink, taxing resources, exhausting employees, and disrupting decades of norms and protocols. It also accelerated technological trends that were quickly becoming popular, namely the centrality of technology and data in patient care. Today, many medical practices are digital-first operations, embracing telehealth and remote work at far greater levels than before the pandemic.


What is SOAR? And how does it improve threat detection and remediation?

SOAR (Security Orchestration, Automation and Response) refers to the convergence of three distinct technology markets: security orchestration and automation, security incident response platforms (SIRP) and threat intelligence platforms (TIP). SOAR technologies enable organisations to collect and aggregate vast amounts of security data and alerts from a wide range of sources.


Setting the cyberscene: Leading with a security first mindset

Our current global landscape is testing resiliency. As organizations continue to shift to a remote work business model, the rush to digitally transform has created new and heightened cyber risk concerns. Protecting these digital connections needs to stay top of mind for leaders looking to help their organizations adapt to these changes while continuing to innovate. In this blog, we will look to set the cyberscene and focus on a security first mindset.


Last (Executive) Orders Please: Supply Chains, Policy and Modernising Cybersecurity

An EO is a written, signed, and published directive from the President that manages operations of the federal government, and although some EO’s require legislative approval, they effectively become law. It comes on the back of several high profile incidents involving Microsoft (Exchange), SolarWinds and the recent Colonial Pipeline incident. It is seen as a much-needed step to modernise and protect federal networks and improve information sharing between the private and US government.


What is a SIEM, And Why Should You Have One?

SIEM (pronounced like “sim” from “simulation”), which stands for Security Information and Event Management, was conceived of as primarily a log aggregation device. However, a SIEM’s primary capabilities are to provide threat detection, better enable incident investigation, and speed up your incident response time, while also giving you a unified, holistic view of your infrastructure.


How Devo Is Working with Google Cloud IDS to Deliver Greater SOC Visibility with Integrated Security Tools

As the only cloud-native logging and security analytics platform that enables organizations to take full advantage of all of their data to run and secure their business, Devo is committed to working with other leading security technology providers to bring advanced capabilities to our customers. That’s why we’re pleased to announce an integration with Google Cloud IDS.


Are You Prepared for the Surge in Ransomware?

Incidents of ransomware have been increasing and evolving steadily for years as financially motivated adversaries shift tactics when one is no longer profitable. Unfortunately, many organizations haven’t been able to adapt their security operations to keep up. Back in 2019, 60% of organizations told ESG that they experienced a ransomware attack that year, with 29% reporting that attacks happened at least on a weekly basis.


OPA, Styra and Terraform: protect your cloud investment

The shift to cloud-native has transformed the way organizations do business, keep up with the competition and meet the demands of customer expectations. From the infrastructure that maintains IT operations to the applications that supply customers with the ability to interact with their data, the velocity in which DevOps teams have to deliver these services has significantly increased, leaving little to no room for error.


How Snyk is normalizing authentication strategies with Gloo Edge

Snyk supports multiple authentication (authN) strategies on its APIs. Historically, API keys have been the primary form of authN, but more recently we introduced support for authN using signed JWTs produced as a result of an OAuth integration. This is currently in use by both our AWS CodePipeline and Bitbucket integrations. In the beginning, Snyk began with a hub and spoke architecture with a central monolith making authN decisions.


Rezilion Wins Globee in the 6th Annual 2021 American Best in Business Awards

Rezilion Named Winner in the 6th Annual 2021 American Best in Business Rezilion announced today that The Globee® Awards, organizers of world’s premier business awards programs and business ranking lists, has named Rezilion Prioritize, a winner in the 6th Annual 2021 American Best in Business Awards. The American Best in Business Awards are open to all organizations with at least one or more offices in the United States of America. All organizations operating in the U.S.A.


CrowdStrike and Siemplify: SOARing with the Falcon is Now Easier Than Ever

Combining security orchestration, automation and response (SOAR) and endpoint detection and response (EDR) is a no-brainer. CrowdStrike has been the greatest evangelist of the 1-10-60 security benchmark (that’s one minute to detect a breach, 10 minutes to triage it, and 60 minutes to contain it), and with most companies falling considerably short of this benchmark, automation and orchestration can bring you that much closer.


When DevOps as a Service Meets Security

DevOps is one of the latest IT methodologies to be offered ‘as a Service’. With DevOps as a Service (DaaS), all tasks related to selecting, managing and maintaining DevOps tools and infrastructure, policies and processes are handled centrally, much of it automated, by a specialist team and provided – as a service – to all the development teams across the organization.


July 2021 Netskope Cloud and Threat Report

The July 2021 Netskope Cloud and Threat Report is the latest installment of our research analyzing critical trends in enterprise cloud use, cloud-enabled threats, and cloud data transfers.  Enterprise cloud usage continues to rise, driven by collaboration and consumer apps, a continuation of a trend that started at the beginning of the COVID-19 pandemic and continues through today, as 70% of users on the Netskope Security Cloud continue to work remotely.  At the same time, attackers continu


Protect Yourself from Powerful Pegasus Spyware

Note from the author: This write-up is meant to provide an overview on Pegasus, why you should be concerned, how Lookout can help protect you and what actions security admins should take. For additional information, please read our full technical report. Lookout Customers: If you believe your organization or one of your employees has been compromised by Pegasus, please reach out to our support team immediately.


Is Microsoft Teams HIPAA Compliant?

Microsoft Teams, and subsequently Microsoft, likely need no introduction. The popular collaboration tool launched in 2016, providing organizations with a powerful way to communicate and share information within the Microsoft ecosystem. Tools like Teams have only become more important post-COVID with teams being hybrid, decentralized, and distributed.


OWASP Mobile Top 10 Security Vulnerabilities and Attack Prevention

Far from the days of just phone calls and text messages, mobile apps have captured our attention with efficient experiences that keep us connected to friends, family members, coworkers. It’s all at your fingertips via these amazing apps- anywhere in the world! This blog post takes you through the OWASP mobile top 10 security risks, attack scenarios from OWASP and risk remediations that help cybercriminals get their hands on sensitive data.


Sysdig and Apolicy join forces to help customers secure Infrastructure As Code and automate remediation

Today, we announced that Sysdig is acquiring Apolicy to enable our customers to secure their infrastructure as code. I could not be more excited because the innovation that Apolicy brings to bear is unique and highly differentiated, allowing customers to strengthen their Kubernetes and cloud security and compliance by leveraging policy as code and automated remediation workflows that close the gap from source to production.

Celebrating 25 Years

WatchGuard is celebrating our 25th anniversary in 2021! From our early days in Seattle’s Pioneer Square to a team of more than 1,200 today, our outstanding employees and culture have fueled our success. WatchGuardians past and present have contributed their curiosity, humor, dedication, teamwork, and customer focus to building a cybersecurity platform that simplifies every aspect of security delivery. It’s been a fantastic journey! We’ve gathered photos from decades past and interviewed a wonderful group of our colleagues to create this look back on 25 years of our history. Thank you to employees, partners, and customers, both past and present. We wouldn’t have made it here without you!

What is Digital Risk Protection (DRP)?

Technology is always changing, and as it does, businesses are constantly adopting new technologies to streamline their business processes and improve deliveries of goods and services. With those new technologies, however, comes risk. Every new technology opens up a business to digital threats. Sometimes those threats come from the untested nature of leading-edge technology, and sometimes those threats are simply associated with the learning curve of users within an organization.


Top 5 NCSC Cloud Security Principles for Compliance

There are many important factors to consider when choosing a cloud provider for your cloud use cases. For organizations in heavily regulated industries, compliance with relevant regulations is one of the most important things to think about. Whether you’re planning for a single cloud workload or a hybrid multi-cloud setup, maintaining compliance for sensitive data in the cloud is imperative.


CISO Interview Series: How Aiming for the Sky Can Help Keep Your Organization Secure

Organizations need the right internal personnel like a CISO to keep their systems and data secure. But what kind of skills do these leaders need? And how should they guide their employers in a way that doesn’t overlook the evolving threat landscape? To find out, I spoke decided to speak with Goher Mohammad. Goher is the Group Head of Information Security (CSO) for L&Q. He has held that position there for just under three years.


What is UPnP? Yes, it's still dangerous in 2021

UPnP (Universal Plug and Play) is a service that allows devices on the same local network to discover each other and automatically connect through standard networking protocols (such as TCP/IP HTTP, and DHCP). Some examples of UPnP devices are printers, gaming consoles, WiFi devices, IP cameras, routers, mobile devices, and Smart TVs. UPnP can also modify router settings to open ports into a firewall to facilitate the connection of devices outside of a network.


Executive Order Update: NIST Establishes a Definition for Critical Software and Outlines Scan Requirements for Software Source Code

On May 12, 2021, President Biden announced an executive order to improve the nation’s cybersecurity. The order, which outlines security initiatives and timelines, calls for the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) to enhance the security of the software supply chain.


ICYM: 4 lessons for securing codebases from secrets exfiltration

Last month we hosted a webinar dedicated to discussing the issue of codebase security. As trends like secrets and credential exfiltration continue to be of concern within systems like GitHub, threats, such as cryptojacking and supply side attacks, have become more of a problem. This makes understanding key aspects of codebase security very important. That’s why we pulled out 4 lessons from our recent session that developers and security engineers must know.

Encryption in the Enterprise: What gets encrypted

In this webinar cut, we are going to review what kind of data should get #encrypted in the #enterprise. 👨‍💼 About the Speaker Bozhidar Bozhanov is co-founder and CEO at LogSentinel. He is a senior software engineer and solution architect with over 10 years of experience in the software industry. Bozhidar has been a speaker at numerous conferences and is among the popular bloggers and influencers in the technical field. He is one of the top-ranked users in Stack Overflow and his tech blog is recognized as one of the top Java developers blogs by international online media.

What is Data Leakage? Data Leak Prevention Tips

Data leaks can happen in many ways, and they’re surprisingly common. For example, a company might be hacked by cybercriminals; someone may lose their laptop with sensitive information; employee records could get lost during the relocation process. It doesn’t take much for sensitive information to get into the wrong hands. In fact, research has found that more than half of all data leakages come from human errors like typos and lost files.


Why you should upgrade to Maven version 3.8.1

If you are working in the Java ecosystem and building your applications with an older Maven version, this message is for you. Check your Maven version by typing mvn -version! If you are still running on an old Maven version like 3.6.3 or below you definitely need to upgrade to version 3.8.1 because of security reasons. Be aware that to run Maven 3.8.1, Java 7 is required. Luckily we found out in the JVM Ecosystem report 2021 that not many people work with Java 6 or below.


Physical Penetration Testing: Top 8 attack methods and tools (2021)

Physical penetration tests are meant to simulate real-world scenarios to help assess the vulnerabilities and risks that could compromise a company’s physical security. Specialists often carry them out in this field who know how to access sensitive information, bypass controls, intercept network traffic and EM waves and more! Physical penetration testing is a vital part of any company’s security.


What Are Supplier Management KPIs?

Key performance indicators (KPIs) are how organizations measure success. Supplier management KPIs assure that value is received for the money spent with suppliers and vendors while keeping one eye on cost savings. When evaluating your organization’s supply chain, you can review several areas, such as: Supplier management across the entire lifecycle can be difficult because of the sheer number of vendors and suppliers a corporate organization typically uses.


The NIST Cybersecurity Framework: Security Checklist And Best Practices

The National Institute of Standards and Technology (NIST) is part of the US Department of Commerce and was founded in 1901. NIST was originally established to help the U.S. industry become more competitive with economic rivals and peers, such as the UK and Germany. NIST prioritizes developing measurements, metrics, and standards for technology used in different industries.


Security measures for data protection

All of us take our personal security very seriously – after all, when was the last time you left your house without locking your front door? Sadly the same can’t be said for the care we take about our personal data – both our own, and that of other people. But personal data is an integral and unignorable fact of life, and we need to ensure we’re taking care of it in both our personal and professional lives.


Synopsys Defensics R&D team places second in 5G Cyber Security Hack 2021 event

The Synopsys Defensics R&D team put the Defensics fuzz testing tool to the test in the 5G Cyber Security Hack event and placed second in the competition. Finnish transport and communications agency Traficom, together with challenge partners Aalto University, Cisco, Ericson, Nokia, and PwC, organized the 5G Cyber Security Hack, which was held June 18 to 20, 2021.


Prevent secrets, credentials, and PII leaking in application logs with the Nightfall Developer Platform

Infosec leaders have a lot of corners to cover in their cybersecurity strategy. When crafting the tactics and onboarding the platforms that will protect sensitive information, the checklist of requirements could be missing a very important vector for attack, compliance risk or data loss: application logs.


Preventing data loss in data warehouses with the Nightfall Developer Platform

Data warehouses power your data analysis and business intelligence operations so you can level up your knowledge and progress toward bigger business goals. Like any key component of your tech stack, using data warehouses effectively also requires care and caution — especially when uploading and sharing sensitive information.


SQL Injections: Is There a Way for Real-Time Tracking and Prevention?

SQL injection (SQLi) is one of the most common code-injection techniques used to get information from one’s database. Generally speaking, this is malicious code placing in one’s database via a page input, most often a registration form. SQL injection usually occurs when you ask a user for input, like their username/user ID, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database.


SAP Security Monitoring and Why Is It Important

Security is a key element required by any enterprise technology for ensuring business success and growth as well as trust in their buyers. But where to start in setting up a security posture in your SAP environment? As a security specialist, you know your customers are usually only a click away from your services and products. Your clients might only notice technical deficiencies and will not get into detail about the security aspects of all the systems you use.


Netskope Enhances Its Leadership Position in Latin America

Netskope recently announced that we have closed a new round of financing of 300 million dollars, which was led by ICONIQ Capital and a group of existing investors, including Base Partners, a technology-focused expansion capital investment firm based in São Paulo, Brazil. Following this over-subscribed round of funding, Netskope achieves a post-payment valuation of $ 7.5 billion.


How to Establish a Culture of Secure DevOps

We’re constantly told to “Shift Left” and that Secure DevOps is the only way to have confidence in your cloud native applications. But speaking to end-users and industry colleagues, it’s clear that there are some major challenges in adopting Secure DevOps. If we read our history books, we know that DevOps wasn’t successfully adopted by buying tools, and a true cultural movement towards DevOps wasn’t established by having a small dedicated team of DevOps specialists.


How to Set and Manage Active Directory Password Policy

With cyberattacks exploding around the world, it’s more important than ever for organizations to have a robust password policy. Hackers often gain access to corporate networks through legitimate user or admin credentials, leading to security incidents and compliance failures. In this article, we will explore how to create and maintain a strong and effective Active Directory password policy.


Appknox Webinar: Secure Coding Practices to Prevent Vulnerabilities in SDLC

Continuing on the successful webinar journey, last week Appknox hosted a webinar on "Secure Coding Practices to Prevent Vulnerabilities in SDLC." Focusing on secure coding best practices, our experts busted several myths and misconceptions regarding mobile app security in the webinar and highlighted several client-side misconfigurations which generally go unnoticed by the app developers.


Taking the Pain Out of Vendor Risk Assessments

Supply chains are an essential part of today’s on-demand economy. However, they also expand your ecosystem, increasing the threat surface that you need to secure. While compliance assessments document vendor controls and enable you to manage third-party risk, responding to and completing them takes time. These delays can make your procurement team feel like you’re trying to disqualify their vendor.


How Packages' External Resources Threaten Your Supply Chain

Many developers already know that in some ecosystems, open source dependencies might run their custom code from packages when they are being installed. While this capability can be used for both good and evil, today we’ll focus on a legit use case that, when misused, can escalate and be used to compromise your organization’s supply chain. If you haven’t guessed yet, I’m talking about downloading and linking external dependencies during the install process.


US offers $10 million reward in hunt for state-sponsored ransomware attackers

The United States Department of State is offering a reward of up to $10 million for information leading to the identification of anyone, working for a foreign government, who participates in a cybercriminal attack against American critical infrastructure. The news of the reward comes at the same time as the White House announced it was setting up a ransomware task force following a series of high-profile attacks in the United States.

Outpost24 and Secure Code Warrior integration

Added links in Outpost24 Scale DAST tool to Secure Code Warrior for findings with a CWE. Where an Appsec finding is linked to a CWE we have introduced direct links to Secure Code Warrior eLearning training platform. This gives users the ability to understand what the vulnerability is and more importantly how to address these findings within their development process. Customers do not have to be customers of Secure Code Warrior (SCW) to enjoy the learning modules presented, though customers who are SCW customers may get further insights as well as tracking scores and other metrics.

Learn How Powerful Metrics Can Help You Manage AppSec Tools and Risk

Bugs and flaws in software are common and unavoidable. In fact, about 84%[1] of software breaches happen at the application layer, which means organizations looking to build secure software must use at least a handful of application security (AppSec) scanning tools to test their code—from code commit to build to deployment.

Protect Your Retail Supply Chain Against Cyber Attacks

The consumer goods and retail industry stores customer data in various digital platforms across multiple third-party vendors. This environment is perfect for cybercriminals to look for weak points to gain access to valuable customer data. Oftentimes, cybersecurity teams are focused too much on securing their own organization from the outside. As hacker techniques become more widespread and sophisticated, organizations must be able to see not only their own security posture but also their third parties’ from the viewpoint of the hackers’. What do hackers see and where are the weak points?

Sitdown with a SOC Star: 13 Questions With Axel Schulz of the University of Toronto

Today we are joined by Axel Schulz, who, like a few others who have graced the “Sitdown With a SOC Star” series space, did not enter the security operations field in a traditional way. And he wants to scream that fact from the rooftops, as it just may encourage others to not overthink their previous experience and eventually help close the incontrovertible talent deficit facing the industry. He’s also fanatic about threat detection & response, playbooks and bicycling.


How to Build Your Cyber Crystal Ball Using Step-by-Step, Systematically Modeled Threats

2020 was a tough year. As security leaders, we faced new challenges in protecting applications and users who were shifting rapidly off-premises and into the cloud, and our security teams’ workloads grew at an unprecedented rate. In 2021 and 2022, CISOs need to prioritize ensuring that we’re focused on the right things.


The Global Real-Time Payments Evolution

In June, our team participated in The 2021 Payments Canada Summit, Canada’s premier payments conference. One of the main topics raised at The SUMMIT was the future of payments: why real-time payments (RTP) will be a game-changer for Canadians and the financial industry. The trend towards instant and faster payments is a global one. While Real-time Rail (RTR) is expected to go live in Canada in 2022, other regions have been using RTP for several years.


Devoxx4Kids: Empowering young Java developers and creating future industry stars

Recently, we released the JVM Ecosystem Report 2021. This annual report is full of interesting facts about the current state of the Java ecosystem. If you haven’t seen it yet, you should give it a read. Don’t forget to download the full PDF for all the insightful information.


Demystifying the Hype Around XDR

Extended Detection and Response (XDR) has generated a lot of buzz recently with press, analysts, and even customers. There’s no denying that, at face value, its promise of reduced complexity and cost while increasing detection and response is alluring. As security teams look to modernize their security tooling, they’re also looking for solutions to some of their largest challenges. Is XDR the answer? What is XDR, exactly, and how do you determine if it’s right for your organization?


Accelerate Hybrid Threat Protection Using Sumo Logic Cloud SIEM powered by AWS

It has been off to the races for the Sumo Logic and AWS teams since the general availability of the Sumo Logic Cloud SIEM powered by AWS solution on June 1, 2021. We are excited for the overwhelming response from customers from across all segments, industries and geographies.


ManageEngine recognized in 2021 Gartner Magic Quadrant for Security Information and Event Management for the fifth time!

Today, we’re excited to announce that ManageEngine has been recognized in 2021 Gartner Magic Quadrant for security information and event management (SIEM) for the fifth consecutive time. We are thrilled to be awarded this recognition yet again for our contribution to the world of cybersecurity. “Most enterprises were not prepared for the widespread changes in work environments following the COVID-19 pandemic.


Meaningful security metrics

Security metrics are vital for you as a security leader to track the progress of your security program and have effective risk-focused conversations with business and operations stakeholders. Security metrics pave the way for security initiatives, facilitate resource, help communicate resource allocation and help communicate results with relevant stakeholders throughout the organization.


What is Zero Trust Architecture? 9 Steps to Implementation

As more companies migrate to the cloud, the way that companies protect data changes as well. In a traditional on-premises network architecture, companies were able to follow the “trust but verify” philosophy. However, protecting cloud data needs to take the “never trust always verify” approach. Understanding what a Zero Trust Architecture is and how to implement one can help enhance security.


Growing Threat of DDoS Attacks by Extortionist Threat Actors

Kroll experts have noticed an increase in distributed denial of service (DDoS) attacks by cybercriminals seeking to turn a profit in two distinct incident types. First, many ransomware operators are now threatening and conducting DDoS attacks as an additional pressure tactic during the ransom negotiation process. Second, also known as ransom denial of service (RDoS), attackers threaten DDoS attacks that will take down an organization’s public-facing services unless a ransom is paid.


What is LDAP Injection? Various types with examples and attack prevention

LDAP is a way for organisations to store user credentials and use them later. It provides access control as well as mechanisms to read and modify data. If the LDAP server isn’t properly configured or secured with another layer of protection, then it could be vulnerable to an attack called LDAP injection. However, you can only protect your applications if you: 1) know what LDAP is and 2) understand what can go wrong with it.


Kaseya Ransomware Attack: How It Affects MSSPs and SMEs, and What to Do to Prevent It

A cybercrime organization with Russian origins called REvil claims to have infected 1 million systems across 17 countries. It is now demanding $ 70 million in bitcoins in exchange for a “universal decryptor” that will return users’ access. Hackers targeted the US IT company Kaseya, and then used that company’s software to infiltrate the victims’ systems, using a zero-day vulnerability.


Why API testing is critical for today's business applications

An application programming interface (API) enables communication and data exchange between two separate software systems. The application (or service) layer sits between the presentation and database layers and lays out the rules of how users can interact with services, data or functions of the application. API testing is a software testing practice that tests the functionality, reliability, performance and security of an API.


Tips for hardening your container image security strategy

In the first part of this blog series, we looked at security best practices for the base images which you might be using. But what happens to container image security when we add other things to it? Perhaps we’re installing additional software from upstream, and we’ve got custom applications of our own which might have their own dependencies also being installed.


Streamlining the SBOM: What You Need to Know for Software Bill of Materials Creation and Maintenance

The Biden administration recently passed an Executive Order in the wake of another string of costly and embarrassing cyber attacks. Executive Order 14028 Improving the Nation’s Cybersecurity includes many new initiatives designed to share cybersecurity intelligence, modernize federal infrastructure, and improve the traceability and integrity of applications that store and process vital information. The last provision, laid out in Sec.


Collect, Store, and Collaborate with Egnyte for Life Sciences

Modern drug discovery and clinical trials produce a volume of data that can quickly overwhelm local storage and bandwidth capacity. Sequencing data, scanned source files, biostatistical (SAS, R, SPSS) databases, and DICOM imaging are all hard to store and collaborate on, especially with a distributed workforce. Egnyte’s platform has been facilitating secure sharing of files for over a decade, accelerating the ability to collaborate without sacrificing security.


The Network Leader's Punch List for Returning to the Office

Over the last year and a half, we all went through the monumental disruption of having just about everyone work from remote locations. We strained VPN infrastructure and out of necessity split tunnels became the norm, not the exception. Even if it meant the users were a bit more exposed, you really had no choice, as Zoom/Webex/Teams meetings can eat up bandwidth like nobody’s business. But now the users are starting to come back into the office, what’s the big deal?


Key Takeaways for Developers From SOSS v11: Open Source Edition

Our latest State of Software Security: Open Source Edition report just dropped, and developers will want to take note of the findings. After studying 13 million scans of over 86,000 repositories, the report sheds light on the state of security around open source libraries – and what you can do to improve it. The key takeaway? Open source libraries are a part of pretty much all software today, enabling developers to work faster and smarter, but they’re not static.


Kroll 2021 data breach outlook: "under-attacked" industries feel the heat

Kroll’s 2021 Data Breach Outlook has identified a 140% increase in data breach notification cases from 2019 to 2020. Industries such as healthcare, education and financial services, which were the most impacted in 2019, continued to be hard hit in 2020 and, so far, in 2021 too. However, the greatest increases occurred in industries that were generally spared in 2019. Data attacks became broader and deeper during the COVID-19 pandemic, a trend that has continued throughout the recovery.


What are Product Security Incident Response Team (PSIRT) Best Practices?

In my previous post, I disclosed that SonicWall had quietly released vulnerability fixes over the course of several days before vulnerability advisories were published for CVE-2020-5135. Rather than properly fixing CVE-2020-5135, SonicWall’s fix introduced a new vulnerability in the same code. SonicWall was aware of the new vulnerability but deferred the small fix until the next release, more than 6 months later.


What are Advanced Persistent Threats (APT attacks)

An Advanced Persistent Threat is a sophisticated (rarely) multi-staged attack carried out by skilled and well-organised threat actors such as organised cybercrime syndicates and nation-state actors. The majority of the times, Advanced Persistent Threats (APT) are nothing more than a fancy name with much more media frenzy around the topic of cyber attacks.


Report: Data Management Trends in Life Sciences

Organizations in the life sciences industry need to maintain regulated data in compliance with a number of global data privacy laws. Ideally, compliance is automatically ensured, and data is easily categorized. But we all know that this is not always the case in a decentralized, dynamic environment. So, how are the leading biotechs efficiently and securely managing collaboration and data?


It's All Fun and Games Until You Get Breached - Tackling Security Challenges in the Remote Work Reality

From healthcare to education to critical infrastructure, nobody seems to be safe from cyber attacks. Not even video game creators. News broke in early June that video game giant Electronic Arts was one of the latest victims of a major breach. At first glance, this is just another story of hackers breaking into a victim and finding their way to a sizable pay day. Nothing new here. Plenty of attacks happen every week, right? However it was the way that the attackers got in that was interesting.


Protecting the Supply Chain in COVID-19

Supply chain cybersecurity is important at all times, but arguably even more so during the COVID-19 crisis. If a hack compromises the speedy delivery of vaccines, medical equipment, or drugs used to treat people suffering from the virus, everyone involved could face devastating consequences. Here are some proactive steps people can take to keep their sensitive supply chain data safe.


Are Sports Organizations Safe from Cyber Threats?

Since we live in a digital world where data has surpassed the value of oil and became the most valuable resource in the world, we start to question our digital security. Data has become more accessible for hackers, which results in a constant increase of cyber-attacks over the years. Most industries function digitally, so cyber-attacks are present everywhere, including sport organizations.


What's next for the National Cyber Director?

As the first National Cyber Director begins to settle into office, private industry is very hopeful that this will be one of the turning points to solidify a true private/public partnership for raising the cybersecurity posture of the U.S. As I mentioned in my previous post, Chris Inglis is perfectly positioned to establish the cybersecurity battle rhythm for our nation.


Best practices for a secure ecommerce website

Ecommerce is a popular business model. Many people are getting into this business and looking for ways to secure early retirement from typical 9 to 5 jobs. With the right ideas and execution, there is a good chance that this will happen, but making it in eCommerce isn’t that easy as it was in the past. Yes, there are more options than ever in terms of delivery, logistics, storage, and creating an online store.


Advanced Kubernetes Pod to Node Scheduling

In Kubernetes, the task of scheduling pods to specific nodes in the cluster is handled by the kube-scheduler. The default behavior of this component is to filter nodes based on the resource requests and limits of each container in the created pod. Feasible nodes are then scored to find the best candidate for the pod placement. In many scenarios, scheduling pods based on resource constraints is a desired behavior.


GLBA Compliance Checklist: Keeping Financial Data Safe And Secure

GLBA compliance isn’t something to take lightly. These measures are strictly enforced by the Federal Trade Commission (FTC). In 2018, for instance, Venmo and its parent company PayPal reached a settlement after complaints about the company’s handling of privacy disclosures. The peer-to-peer payment app had 150 days to adhere to GLBA compliance, or it faced fines of up $41,484 per violation.


ThreatQ Data Exchange Unlocks the Value of Industry Threat Intelligence Sharing

There’s no doubt that an analyst’s ability to efficiently share curated threat intelligence has a significant impact on the success of their organization’s overall security operations. In fact, this capability is so important that removing barriers to sharing threat information is the first requirement outlined in the Executive Order issued by the White House on May 12, 2021.


Don't Let Attackers Crumble Your Cookies: Electronic Arts Breach Lessons

Leading American video game company Electronic Arts (EA) recently disclosed a breach that resulted in the theft of hundreds of gigabytes of data. The exfiltrated information included source code and software that power popular games like FIFA and Battlefield. What’s notable about this attack is that the attackers gained access to EA’s infrastructure through stolen Slack cookies that contained cached employee login credentials.


Managing Node.js Docker images in GitHub Packages using GitHub Actions

If you’re doing open source development today, chances are high that you’re active within the GitHub community — participating in open source projects and their repositories. A recent addition to the GitHub ecosystem is GitHub Packages, which was announced back in 2019 and is now receiving even more updates with the general availability of the GitHub Packages container registry.


Intelligent Orchestration and Code Dx: Security superheroes

Building security into DevOps has its challenges. Address them with a modern approach to AppSec using Intelligent Orchestration and Code Dx. As a kid, I was fascinated by superheroes like Spider-Man and Superman, and now as an adult I enjoy watching Wonder Woman. There is something about these movies—all the superheroes are unseen and come to the rescue at the right time, and once they have helped, they just disappear without even taking any credit.


SANS 2021 Report: Top Skills Analysts Need to Master

Organizations are steadily investing in and improving their security operations, leading to an unprecedented demand for security-related roles and skills. According to the U.S. Bureau of Labor Statistics, it is expected that information security analyst jobs will increase 31% from 2019 to 2029. With this, analysts are expected to be masters of the craft, or "all-around defenders." In this report, you will learn: Learn the skills security analysts need to master to make them successful by downloading the report.

SANS 2021 Cyber Threat Intelligence Survey Report:

The past year has been filled with changes to almost every aspect of daily life, and cyber threat intelligence (CTI) work did not go untouched. CTI is analyzed information about the capabilities, opportunities, and intent of adversaries conducting cyber operations. Adversaries tend to operate in and across digital networks and equipment that shape and impact businesses, critical infrastructure, and people's daily lives. Even with the difficulties that 2020 brought, CTI work has continued to grow and mature.

6 Strategies for Cybersecurity Risk Mitigation

This past year saw nearly a 300% increase in reported cybercrimes, according to the FBI’s Internet Crime Complaint Center (IC3). There has been a clear rise in threat volume and sophistication as many cybercriminals shift to techniques that can effectively evade detection and easily go after high-value targets. IoT devices are becoming a focus for threat actors, and threats related to credential harvesting and ransomware are also growing in number.


Cloud Security Best Practices: Four Tips for Moving Security Technologies to the Cloud

In my previous post, I discussed cloud-computing security challenges identified in our new report, Beyond Cloud Adoption: How to Embrace the Cloud for Security and Business Benefits. Based on a survey conducted by Enterprise Strategy Group (ESG), the report found that while cloud computing does initially introduce security challenges and increased complexity, it’s worth it in the end. That said, CISOs need to strategically invest time and resources to achieve better security outcomes.


Reciprocity Expands Partner Program

New IT Distribution Partner to Enable Simplified Support for VARs SAN FRANCISCO – July 12, 2021 – Reciprocity, a leader in information security risk and compliance, today announced it has expanded the Reciprocity® Partner Program to now enable InfoSec solution providers and Value Added Resellers (VARs) to develop and deliver innovative products and services supported by the award-winning ZenGRC® platform.


Critical Data Breach Stats for Australian Businesses in 2021

If you're an Australian business reading this, there's a 30% chance you will suffer a data breach. Such cutthroat statistics, as uncomfortable as they are to read, are important to be aware of if you want to avoid becoming one. To help you achieve a data-driven approach to cybersecurity, we've aggregated some of the most critical data breach stats for Australian businesses. This list also includes global data breach statistics that could be a window into Australia's future modified threat landscape.

Kaseya Ransomware Attack: How Did It Affect the MSSPs And What To Do To Prevent The Risk?

Kaseya #Ransomware Attack A #cybercrime organization with Russian origins called #REvil claims to have infected 1 million systems across 17 countries. It is now demanding $ 70 million in bitcoins in exchange for a "universal decryptor" that will return users’ access. Hackers targeted the US IT company #Kaseya, and then used that company’s software to infiltrate the victims’ systems, using a zero-day vulnerability.

Top 5 high severity CVEs detected by Detectify since June 2020

We’re going to highlight the Top high severity CVEs found by Detectify. Thanks to the Crowdsource global community of handpicked ethical hackers, Detectify users get continuous access to the latest threat findings “from the streets” – even actively exploited vulnerabilities for which there aren’t yet any official vendor patches or updates.


Reduce open source software risks in your supply chain

Knowing what’s in your open source software, whether you’re a consumer or producer, can help you manage security risks in your supply chain Modern open source software (OSS) is a movement that started in the eighties as a reaction to commercial software becoming more closed and protected. It allowed academics, researchers, and hobbyists to access source code that they could reuse, modify, and distribute openly.


The Identity Brief: Why Going Passwordless is Even More Important Than You Think

Earlier this year, the ForgeRock Communications team came to me with the idea of doing a podcast. There are other Digital Identity centric podcasts already out there, so I wanted to figure out a way to make this one different and engaging. It starts with my co-host Fraser Wallace. We often joke that Fraser is the face of ForgeRock - he seems to be everywhere! When he’s not on stage hosting Identity Live, he’s behind the camera producing our awesome video content.

Empower Your Data Governance

Learn how Egnyte protects your organization’s sensitive content from vulnerabilities that can stifle your productivity, including Insider Threats, Ransomware and Data Breaches. You’ll also find out how Egnyte can help you to maximize your GDPR, CCPA, GxP and HIPAA compliance initiatives. To gain visibility into your sensitive content, sign up for Egnyte’s complimentary Data X-Ray today: pages.egnyte.com/Schedule-Complimentary-Data-X-Ray.html


This is a guest blog post from Shuo Yang in his blog series “Transitioning to Programming the Cloud”, as a part of our blog posts focusing on Identity, Security and Access. We talked about how AWS CIP, STS and IAM can serve as the foundation of application authorization in our last post, i.e., how the application gets the temporary credential representing a specific role (i.e.


Five Questions Your Organization Must Ask to Prepare For a Ransomware Attack

Since last week, I’ve been speaking with Splunk customers and our own team about the cyberattacks impacting the Kaseya software platform. While Splunk was not impacted by the ransomware attack, as a security leader we want to help the industry by providing tools, guidance and support. It’s critical that we work together as a community to counter cybersecurity threats and share information about events like these.

Featured Post

Measuring security for cloud native applications

Modern cloud-native applications - and the DevSecOps culture and practices used to manage them - introduce a fresh layer of challenges to the already thorny topic of security measurement. Historically, security has been typically measured on a regular but intermittent basis, at particular points in time. However, the pace of change at modern, cloud-native organisations, who've implemented DevSecOps and/or CI/CD, is relentless. Many deployments might be made in a single day, and the security posture of businesses might thus change dramatically over that time.
Featured Post

Remote possibility: how to help remote staff achieve better work-life balance

The Covid-19 pandemic has dramatically altered working experiences and what we consider to be normal. Almost every industry has been affected and businesses were forced to scramble to find ways of operating at such a difficult time. Things have begun to improve, and we may be through the worst of the pandemic, but it has had a lingering effect.