Having some form of a security operations center (SOC) to protect and secure your assets, applications, and infrastructure is no longer optional. As cyber criminals grow more sophisticated and modern complexities (remote work, the cloud, international operations) expand the attack surface, a SOC becomes a critical line of defense. It works proactively and reactively and can help an organization advance their security posture while dealing with immediate threats.

Sisense is a popular monitoring tool that enables users to monitor business metrics from multiple third-party sources in a single dashboard. On April 10, the company informed customers that the sensitive information they entrusted with Sisense may have been compromised and urged them to reset their password and rotate their secrets. According to KrebsOnSecurity, the attackers were allegedly able to access GitLab repositories hosted by Sisense, where hard-coded secrets may have been found.

AI is everywhere—but how can you be sure that your data isn’t being used to train the AI models that power your favorite SaaS apps like Slack? This topic reached a fever pitch on Hacker News last week, when a flurry of Slack users vented their frustrations about the messaging app’s obtuse privacy policy. The main issue?

TruffleHog and Gitleaks are popular secrets scanning tools that can automatically surface hardcoded secrets such as API keys, passwords, and tokens. They can both be integrated into the Software Development Lifecycle (SDLC) to proactively scan repositories to identify and rectify potential issues before they can be exploited. The need for effective secret detection tools underscores a broader shift toward more secure software development practices.

Today, organizations are confronted with a multitude of cybersecurity risks, both from external and internal threats. The global cost of cybercrime is projected to exceed $10 trillion by 2025. In 2023, a staggering 72% of all organizations worldwide fell victim to ransomware attacks, which is just one type of threat. The reality is that cyber threats are pervasive, and the adversaries behind them are becoming increasingly sophisticated with each passing year.

Organizations’ zero-trust policies and identity-centric programs ensure that user identities and login credentials are vigorously protected with IAM policies and security tools like MFA or IP restrictions. However, the situation is very different regarding non-human identities (NHI) like API keys, OAuth apps, service accounts, and secrets. Lack of visibility, monitoring, and governance of this permissive access is everywhere, and attackers have figured it out.

Securing Kubernetes environments is a continuous task, but the journey is fraught with challenges, particularly when addressing misconfigurations. This blog post explores the nuances of securing Kubernetes without disrupting applications, exploring the challenges, and proposing strategies for effective resolution.

In an era marked by an increasing volume and sophistication of cyber threats, the efficiency of your SOC operations has become more important than ever. SOCs are flooded by a daily barrage of attacks and alerts, with a significant portion being false positives, leading to alert fatigue and the potential for genuine threats to slip through the cracks.

In Kubernetes, managing and analyzing network traffic poses unique challenges due to the ephemeral nature of containers and the layered abstraction of Kubernetes structures like pods, deployments, and services. Traditional tools like Wireshark, although powerful, struggle to adapt to these complexities, often capturing excessive, irrelevant data – what we call “noise.”

Microsoft has recently highlighted the abuse of the remote support tool Quick Assist in sophisticated social engineering attacks leading to ransomware infections. This blog post summarizes the threat and recommends a mitigation strategy for Netskope customers.