Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Weekly Cyber Security News 05/10/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Development frameworks are wonderful, can’t disagree there, they do make life easier by taking away tedious process. Obviously their increased complexity in hiding this tedium from the dev means debugging can be tricky at times. So they often included some quite revealing debug modes that can help…. Only that they really are for the eyes of the dev and not the public.

Vulnerability Scanning vs. Penetration Testing

It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing on its own cannot secure the entire network. Both are important at their respective levels, needed in cyber risk analysis and are required by standards such as PCI, HIPAA and ISO 27001.

Don't Use Production Data In Your Test Environment: The Impact Of Leaked Test Credentials

To deliver technology products and services, companies use multiple technology environments so that changes, updates, and testing can be completed in a controlled way without interrupting customer experience. This is a best practice approach that maintains high levels of system stability, uptime and security. These “non-production”, or test environments should ideally be completely disconnected from production environments to prevent security incidents and bugs.

Sales Play Book - Value Proposition

Today’s email attacks (ransomware, business email compromise, and sandbox evasion) have evolved, and are outpacing the tools developed to combat them. While they may help with some aspects of email security or stop some attacks, they don’t solve the whole problem and attacks need only succeed once to seriously harm people, data, and brands. Partial security is not security.

Observability and Visibility in DevSecOps

Companies often turn to software as a solution when they need to solve a problem. Whether it’s to automate or enhance a task, or gain valuable information in an easily consumable fashion. The same is true for security teams on both sides of the red and blue line. Security professionals build tools to automate exploitation, detect attacks, or process large amounts of data into a usable form.

Why Your SOC Needs More Than a SIEM Tool

Cybercrime is becoming more sophisticated by the day. Meanwhile, the price for a breach due to damage and disruption, ransom payments and regulatory fines, is increasing. No wonder there’s more of a need than ever for companies to set up a dedicated SOC using SIEM to identify threats and raise the alarm. But is that enough to fight the hackers?

Exposing the common flaws penetration testers always see

We live in an age where cyber security threats are (or at least should be) at the forefront of everyone’s mind. Very recently, British Airways suffered a huge security breach that led to over 300,000 payment cards being compromised, showing that even the big players can still get hacked if they’re not 100% vigilant.