Why You Need Application Security Testing for Business-Critical Applications: Part 4
Blog Published: 08/08/2022
Originally published by Onapsis here. This blog series discusses the importance of building secure business-critical applications with application security testing. In the final blog in this series, we discuss how vulnerabilities in custom code and transports can lead to security and compliance i...
Are Ransomware Attackers Ever Caught?
Blog Published: 08/05/2022
Originally published by ShardSecure here. The growing threat of ransomware Ransomware has become a major concern for individuals, small businesses, major corporations, and the public sector alike. With recent high-profile victims ranging from oil and gas pipelines to software companies, public he...
How To Build and Optimize Your Cybersecurity Program
Blog Published: 08/05/2022
Originally published by Axonius here. Written by Ronald Eddings, Axonius. Digital transformation has been a shock to the system for security teams — the attack landscape is ever-evolving, and organizations are constantly using new tech. From a security perspective, it can be hard to keep up.When ...
The Call Is Coming from Inside the House: Novel Exploit in VOIP Appliance
Blog Published: 08/04/2022
Originally published by CrowdStrike here. Written by Patrick Bennett, CrowdStrike. CrowdStrike Services recently performed an investigation that identified a compromised Mitel VOIP appliance as the threat actor’s entry point. The threat actor performed a novel remote code execution exploit on the...
An Overview of TDIR: Threat Detection and Incident Response
Blog Published: 08/04/2022
Originally published by Panther here. Today, countless solutions support threat detection. This is great news, but the market is saturated with different solutions and many different acronyms. One of the more recent acronyms to gain traction is threat detection and incident response (TDIR). This ...
Zero Trust for Cloud-Native Workloads
Blog Published: 08/04/2022
Originally published by TIgera here. Written by Giri Radhakrishnan, Tigera. There has been a huge uptick in microservices adoption in the data analytics domain, primarily aided by machine learning (ML) and artificial intelligence (AI) projects. Some of the reasons why containers are popular among...
Optimize Incident Response Plans with Smarter Security Tabletop Exercises
Blog Published: 08/03/2022
Originally published by CXO REvolutionaries here. Written by Jeff Lund, Global CISO - Global Information Security, Marsh McLennan. Building your Blueprint for Incident ResponseTabletop exercises (TTXs) are a great way to assess an organization’s incident response plan (IRP) for cybersecurity inci...
Cyber Considerations From the Conflict in Ukraine
Blog Published: 08/03/2022
Originally published by KPMG here.After months and weeks of tension, the Russian government’s invasion of Ukraine has elevated concerns for cyber security incidents and the resilience of critical business functions, amongst international organizations. Beyond protecting their employees and suppor...
Okta Customers Exposed to Risk of Password Theft and Impersonation in PassBleed Attacks
Blog Published: 08/02/2022
Originally published by Authomize here. Written by Gabriel Avner, Authomize. Authomize’s Security Research Lab has uncovered a set of inherent risks in the popular Identity Provider Okta that put users at risk of potential compromise and exploitation. According to Authomize’s CTO and Co-founder...
Draft Bill: American Data Privacy and Protection Act
Blog Published: 08/02/2022
Originally published by BigID here. Written by Jaclyn Wishnia, BigID. A draft of a bipartisan federal comprehensive privacy bill was published on Friday, June 3rd. The proposed bill — entitled the “American Data Privacy and Protection Act”— would “provide consumers with foundational privacy right...
Troy Leach, Data Security and Standards Advocate, Joins Cloud Security Alliance as Chief Strategy Officer
Press Release Published: 08/02/2022
Leach will bring his expertise to bear through on external engagements, corporate initiativesSEATTLE – Aug. 2, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing env...
The New Kubernetes Gateway API and Its Use Cases
Blog Published: 08/02/2022
Originally published by ARMO here. Written by Leonid Sandler, CTO & Co-founder, ARMO. Despite being a large open-source and complex project, Kubernetes keeps on evolving at an impressive pace. Being at the center of various platforms and solutions, the biggest challenge for the Kubernetes pr...
When to Engage a FedRAMP Consultant vs. When to Engage a 3PAO
Blog Published: 08/01/2022
Originally published by Schellman here. Written by Andy Rogers, Schellman. “I have a very particular set of skills. Skills I have acquired over a very long career. Skills that make me a very well-equipped advisor/assessor for your FedRAMP boundary.” If you’ve seen the film Taken, you’ll know that...
The State of Remote Work Offboarding Security
Blog Published: 08/01/2022
Written by Marie Prokopets, Co-founder and COO, Nira. As companies switch to remote, distributed, and hybrid workforces, security risks related to offboarding have grown. When employees leave or change roles, organizations must protect their sensitive data from accidental or malicious data ex...
Top Threat #2 to Cloud Computing: Insecure Interfaces and APIs
Blog Published: 07/30/2022
Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...
166 Cybersecurity Statistics and Trends
Blog Published: 07/29/2022
Originally published by Varonis here. Written by Rob Sobers, Varonis. Cybersecurity is a day-to-day operation for many businesses. A lack of data protection, side effects of a global pandemic, and an increase in exploit sophistication have led to a huge incline in hacked and breached data from ...
Using the CSA STAR Program for Procurement
Blog Published: 07/29/2022
This blog was originally published by PivotPoint Security here.Among cloud service categories, Software as a Service (SaaS) offerings are not only the most numerous—up to a million providers worldwide—but also arguably the weakest on security. While infrastructure and platform providers are more ...
Should You Outsource or Manage Security In-House?
Blog Published: 07/29/2022
This blog was originally published by LogicHub here.Written by Willy Leichter, Chief Marketing Officer, LogicHub.Cybersecurity professionals Colin Henderson and Ray Espinoza share their take on in-house versus outsourced threat detection and response.Your in-house team has the context necessary t...
Can You See Me Now? Time to Shine a Light on the Huge Security Risk Posed by Your Shadow Data.
Blog Published: 07/28/2022
Originally published by Laminar here. Written by Karen Sung, Laminar. Shadow data is the largest threat to your data security that you don’t even know about. There is nothing that is growing faster in the cloud than data.It only takes one developer to leave an S3 bucket with user data open or lea...
Why Penetration Testing Is the First Step to Better Prepare for Hacks
Blog Published: 07/28/2022
Originally published by A-LIGN here. Written by Joseph Cortese, Technical Knowledge Leader and Research and Development Director, A-LIGN. The threat landscape is in a constant state of evolution. What may have been a best practice a year ago to help protect your organization against cyber threa...
