Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

5 Steps to Selecting a Vendor Risk Management Framework

Third parties are an inevitable and essential part of your business ecosystem. They’re your vendors, partners, and contractors. They improve efficiency, extend your reach, and make it possible to deliver the best possible products and services. From a security perspective, however, they also bring a significant amount of risk. Misconfigurations of a third-party’s cloud can lead to supply chain data breach risks.

How Rugby Can Teach Cybersecurity Leaders to Build and Manage their Teams

Leadership and teamwork personally and professionally have long been a passion of mine, while we all interpret and digest the concepts differently, I usually find the strongest parallels in team sports. Over the last couple of months there has been no shortage of sport available to watch – tennis, cricket tests, state of origin, rugby (mostly look forward to the seeing the Springboks play) and I guess AFL requires an obligatory mention.

CVE-2022-26136 & CVE-2022-26137 - Multiple Critical Vulnerabilities in Atlassian Products

On Wednesday, July 20, 2022, Atlassian released patches to remediate two critical vulnerabilities (CVE-2022-26136 and CVE-2022-26137) that impact how Atlassian products implement Servlet Filters and could lead to unauthenticated authentication bypass, cross-site scripting (XSS), or cross-origin resource sharing (CORS) bypass depending on the filters used by each impacted product.

Atlas Intelligence Group (A.I.G) - The Wrath of a Titan

Over the past couple of months, a new group has emerged named the Atlas Intelligence Group (A.I.G), aka Atlantis Cyber-Army. What makes this group unique compared to all the other groups we’ve seen lately, is its recruitment of cyber-mercenaries to do specific jobs as a part of bigger campaigns known only to the admins. In the early days, the group appeared to be yet another data leakage group.

What Is FedRAMP Compliance?

The Federal Risk and Authorization Management Program (FedRAMP) is a program run by the U.S. federal government to help cloud service providers bid on government contracts. Simply put, FedRAMP helps such providers achieve minimum standards of cybersecurity, so they can sell their cloud service offerings to federal government agencies more efficiently. All cloud service providers (CSPs) must achieve FedRAMP authorization to be able to contract with federal agencies.

Are You Missing These Benefits of a 24/7 SOC?

When it comes to protecting your business, there is no such thing as being too cautious. In today's increasingly connected world, cyberattacks are becoming more and more common, and the stakes are higher than ever before. That's why many businesses are turning to 24/7 SOC through a managed security services provider (MSSP) to protect their business.

How To Put Cloud Nimble to Work to Shift Left Security

Shifting security left means preventing developers from using unacceptably vulnerable software supply chain components as early as possible: before their first build. By helping assure that no build is ever created using packages with known vulnerabilities, this saves substantial remediation costs in advance. Some JFrog customers restrict the use of open source software (OSS) packages to only those that have been screened and approved by their security team.

Secure Amazon EKS Access with Teleport

Enterprises are embracing the cloud native paradigm for agility, scalability, composability, and portability. Kubernetes, the open source container orchestration engine, is the foundation of modern, cloud native workloads. AWS customers can leverage managed Kubernetes available in the form of Amazon Elastic Kubernetes Service (EKS) or deploy a cluster based on upstream Kubernetes distribution running in a set of Amazon EC2 instances.

Cybersecurity Policy - time to think outside the box?

When we get into cybersecurity, one of the first things any organisation or company should do is write a cybersecurity policy, one that is owned by all. Easy words to put down on paper, but what do they mean? So, what is a cybersecurity policy? Well, it is defined in the Gartner IT Glossary as, “an organization’s statement of intent, principles and approaches to ensure effective management of cybersecurity risks in pursuit of its strategic objectives.”