Privilege abuse is the top misuse-related reason for data breaches according to the 2021 Data Breach Investigations Report by Verizon. To mitigate the risk of data leaks and other incidents, it’s crucial to enhance the protection of critical assets and keep a close eye on the activity of privileged users. Yet it can become a real ordeal for an IT security manager not only to secure access to their organization’s servers but also to track and manage all privileged sessions.

MSPs are playing an increasingly important role in organizations' cybersecurity. This is the key finding from our Pulse "Outsourcing Security" survey of more than 100 organizations worldwide: 88% of respondents are outsourcing their cybersecurity processes or tools, and the most common type of outsourcing agreements selected is through MSPs (55%).

This weekend I spent some time with Okta’s Identity Engine product, learning about various ways to integrate it with Splunk and other external systems. When I got to Okta’s Event Hooks feature, I exclaimed “Aw, HECk!” (actually I said something a little stronger) and banged my head against my old copy of "Log4J 4 Me and U - A Complete Guide" for a few hours trying to get Event Hooks sending data properly into Splunk’s HTTP Event Collector, or HEC.

This blog was written by an independent guest blogger. Non-fungible tokens (NFTs) are the new player in the financial investment market. They’ve seen tremendous interest from a wide range of parties, whether that be institutional investors or retail hobbyists looking to find an angle. As with anything involving money, malicious actors are already starting to take hold; Insider magazine recently highlighted the 265 Ethereum (roughly $1.1 million) theft due to a fraudulent NFT scheme.

Mobile phone apps are more popular than ever with a rapidly expanding user base each year. They have literally made everything come to the fingertips of the users and there’s a significant demand for mobile apps for just about everything, generating great competition and pressure among app developers around the world.

At first glance, DevSecOps and Agile can seem like different things. In reality, the methodologies often complement each other. Let’s see how. Agile is a methodology that aims to give teams flexibility during software development. DevSecOps is about adding automated security to an existing automated software development process. Both are methodologies that require high levels of communication between different stakeholders and continuous improvement as part of the process.

Deloitte, a leader in managed security services, has launched MXDR by Deloitte — a Managed Extended Detection and Response suite of offerings — within which the CrowdStrike Falcon® platform will power a number of solutions. MXDR by Deloitte combines an integrated, composable and modular managed detection and response SaaS platform with managed security services in a unified offering of advanced, military-grade threat hunting, detection, response and remediation capabilities.

In an incident response investigation, CrowdStrike analysts use multiple data points to parse the facts of who, what, when and how. As part of that fact-finding mission, analysts investigating Windows systems leverage the Microsoft Protection Log (MPLog), a forensic artifact on Windows operating systems that offers a wealth of data to support forensic investigations. MPLog has proven to be beneficial in identifying process execution and file access on systems.

This weekly cybersecurity news overview provides a brief recap of the most important and interesting stories that dominated headlines in the past seven days.