Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Netskope and Google Chrome Enterprise: Driving Better Context for Securing Data

When defining security policies, it is critical to know who the user is and what their privileges should be based on their role, and whether the device itself or the state of the device at the time of connection is in a known good state.

SnykWeek Boston: Perspectives on developer security adoption

During SnykWeek Boston, Simon Maple (Field CTO, Snyk) led a panel discussion about developer adoption of application security. The panelists included: Want the TL;DR? Here are some of our favorite takeaways: Read on to dive deeper into these illuminating insights around organizing security teams, setting security goals, empowering developers, improving compliance, and much more.

What Is PCI Compliance?

Whether you’re a startup, an e-commerce company, or a large corporation, as long as you handle credit card transactions, you need to be aware of and comply with the Payment Card Industry Data Security Standard (PCI DSS). As online commerce and online payment technology continue to grow, they need to be accompanied by new rules and regulations to make sure that both the business and the customers are safe and secure.

OPA Design Patterns: Offline Configuration Authorization

An OPA design pattern, as detailed in a previous post, gives you an architectural solution to solve one or more common policy problems. In this blog post, we describe what we call the Offline Configuration Authorization design pattern for OPA. Remember that each OPA design patterns covers the following information.

4 Tips for an Airtight Kubernetes Security Policy

Kubernetes powers significant automation capabilities for developers in deploying, managing, scaling, and ensuring the availability of containerized apps. Data from 2021 shows that adoption continues to rise with over 5.6 million developers now using the industry’s favored container orchestration engine. However, Kubernetes and containerization introduce new complexities that pose unique security challenges.

From WhiteSource to Mend-A Rebrand Journey

How important is a company name, really? Turns out that it is pretty important, especially if the name you currently have does not represent what the company has become, or where it is going. Our name is what defines the vision, spirit, and ethos of who we are and what we are trying to accomplish—the strategy, technology, and culture all rolled into one. It needs to be crisp, memorable, and legally acquirable. Guess what? It is harder than it looks…

How Defenders Can Hunt for Malicious JScript Executions: A Perspective from OverWatch Elite

An adversary’s ability to live off the land — relying on the operating system’s built-in tooling and user-installed legitimate software rather than tooling that must be brought in — may allow them to navigate through a victim organization’s network relatively undetected. CrowdStrike Falcon OverWatch™ threat hunters are acutely aware of adversaries’ love of these living off the land binaries (LOLBins) and build their hunts accordingly.

Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices

AT&T Alien Labs™ has been tracking a new IoT botnet dubbed “EnemyBot”, which is believed to be distributed by threat actor Keksec. During our investigations, Alien Labs has discovered that EnemyBot is expanding its capabilities, exploiting recently identified vulnerabilities (2022), and now targeting IoT devices, web servers, Android devices and content management system (CMS) servers.

Two-Factor Authentication, App Productivity & Admin Logs (v7.0.1)

CurrentWare version 7.0.1 is here! With this release we’re excited to announce the introduction of two key security features: Two-factor authentication (2FA) and our first two admin activity logs! These enhancements provide an extra layer of security to help ensure that only trusted operators are accessing your admin console while providing greater visibility into what they are doing within the CurrentWare Suite.