Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Trustwave's Action Response: More MSDT Fallout with "Dogwalk"

A zero-day vulnerability has been re-disclosed that is very similar to the Follina zero-day announced last week and is actively being tracked by Trustwave SpiderLabs. The vulnerability was initially publicly disclosed back in 2020 but dismissed by Microsoft, which replied at the time: "We are also always seeking to improve these protections.

5 Things Developers Should Know About JavaScript Web Application Security

When client-side security breaches happen, web application developers may find themselves at the receiving end of the blame game (somewhat unfairly). The demands of an accelerated development cycle combined with pressures related to JavaScript web applications security, means developers may feel caught in the proverbial “damned if you do and damned if you don’t” loop.

Make Account Compromise a Non-Issue: Introducing Immutability for Microsoft Azure VMs

Author Brian Mislavsky Rubrik Storage Tiering for Microsoft Azure now leverages Azure Blob immutability by default. In our Winter Release, we introduced Storage Tiering for Microsoft Azure as a way for Rubrik customers to further protect workloads in Microsoft Azure by enabling the ability to logically air gap data between Azure Subscriptions as well as potentially decrease long term storage costs by almost 40%.

The unfair life of an admin: How to make your users appreciate you

It's natural for tension between the cybersecurity team and internal stakeholders to exist. As the administrator, you play a crucial role in ensuring the network's security, protecting against unauthorized access, and troubleshooting any access issues. But trying to keep people both secure and productive can be challenging. Ultimately, you want to protect critical data without making your colleagues' jobs more difficult.

How to Write Your First Rules in Rego, the Policy Language for OPA

Rego is the purpose-built declarative policy language that supports Open Policy Agent (OPA). It’s used to write policy that is easy to read and easy to write. Fundamentally, Rego inspects and transforms data in structured documents, allowing OPA to make policy decisions. Rego was originally inspired by Datalog, a common query language with a decades-long history, but extends its capabilities to support structured document models like JSON.

Cybersecurity Sessions #8: MFA is better than passwords... Right?

We’re told that multi-factor authentication is more secure than passwords, but in truth most MFA is susceptible to the same old threats, such as phishing and man-in-the-middle attacks. In fact, the widely championed advice to “use MFA, any MFA” could lead to a false sense of security and even more data breaches.

The Pack Looks Back At RSAC 2022

After a two-year hiatus, we couldn’t have been happier to spend the week in the Bay area with our customers, partners, and peers at the RSA Conference. The opportunity to showcase our latest solutions and technologies while connecting with some of the smartest people in the industry is something we’ve missed dearly, and meeting with our customers in person has made the 2022 conference sweeter than ever before.

Navigating Cybersecurity with NERC CIP as the North Star

Working in the Electric Utility sector of critical infrastructure gives a person a very unique perspective on how many of the pieces of the puzzle fit together to provide uninterrupted services to a broad population. My personal experience as a software engineer in the electrical industry introduced me to the nuances that the average person doesn’t consider when they flip on a light switch. When I moved into the cybersecurity space, an entirely new realm was opened up.

What Constitutes a Data Breach?

A data breach occurs when sensitive data is copied, transmitted, viewed, stolen, or accessed by an unauthorized individual. For a security incident to constitute a data breach, the exposure of sensitive data must be intentional. The presence of intent differentiates a data breach from a data leak, where exposure is accidental. A data leak occurs when data is accidentally exposed through a vulnerability, such as weak passwords.