Supply chain attacks have been on the rise in the last few years, rapidly becoming one of the most dangerous security threats. This article highlights some of the most noteworthy supply chain incidents observed in 2022.
Nowadays, organizations are exposed to a high volume of security related information. Unfortunately, most of these organizations have little to no capabilities of using this information in a proactive manner, i.e. using information to try to change or anticipate an outcome. In other words, using information to produce intelligence products. It is safe to say that few of these organizations have a clear understanding of what Cyber Threat Intelligence (CTI) is and what it is not.
Note: The examples in this post use apt commands, which are for Debian-based operating systems like Ubuntu, Kali and Mint. However, the examples have also been tested with yum/dnf commands for RPM-based distros like CentOS, Red Hat, Fedora and openSUSE.
Bots make up more than 42% of all internet traffic — so there’s a good chance bots are regularly visiting your website. While some bots are good, most are malicious, and are designed to cause problems for you and your site users. Many businesses try to protect themselves from bad bots by blocking users from certain locations. This tactic assumes users from far-flung destinations are probably bots.
In today’s rapidly evolving cyber risk landscape, a resilient and trusted digital ecosystem is possible with an agile security program. Cyber resiliency is the ability to respond to and recover from a cybersecurity incident effectively. A record high 71% of organizations were victimized by a ransomware attack in 2022. Even more concerning is that Gartner estimates that 80% of organizations have no knowledge or awareness of their attack surface.
Deep within data lies stories that can help businesses of all shapes and sizes see hidden detail – and act on it. Take a US healthcare provider, for example, who came to us with a pressing issue: the greatest cause of its patient dissatisfaction was due to waiting times. When were the longest peaks? Where was the epicenter of the backlog? And once this was known, what targeted processes could be introduced to speed things up?
The majority of today's web applications contain dangerous vulnerabilities. To analyze their security, one cannot do without a dynamic scanner. DAST (Dynamic Application Security Testing) tools allow you to detect and evaluate security problems quickly. Let me tell you what to look for when choosing such a tool.
Last year the Log4J vulnerability perfectly illustrated how properly shared SBOMs would have helped users find and mitigate the “vulnerability of the decade”. And over the last few days we’ve been worried that we’re in the same place with OpenSSL 3.x. Why will this keep on happening? A lot has happened since The White House issued Executive Order 14028.
In this episode of the Future of Security Operations, Thomas speaks with Andrew DiMichele, Director of Security Operations at Redis, whose background is building security operations programs. Andrew's security journey began in the US Air Force Reserves and has brought him to CISCO, banking, IBM, and Citrix.
