Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

What is a vulnerability management program and should your business have one?

The rapid rate of change in attack methods and techniques in today’s cybersecurity landscape has made the keeping of an environment secure increasingly more difficult, causing many to fall into a dangerous state of simply reacting to current threats.

SolarLeaks

In the aftermath of the notorious SolarWinds breach, occurring in mid-December 2020, a nefarious website was observed on 12 January 2021 and, presumably linked to the threat actors involved in the original supply chain attacks, purports to offer stolen data from four victim companies for sale: Other than the above, no file listings, screenshots or detailed 'proof' have been provided although links to four encrypted archive files, one for each potential victim organization, were uploaded to the popular

Sysdig 2021 container security and usage report: Shifting left is not enough

The fourth annual Sysdig container security and usage report looks at how global Sysdig customers of all sizes and industries are using and securing container environments. By examining how and when organizations are implementing security in the development lifecycle, we have been able to uncover some interesting data points in this year’s report. For example, we can see that 74% of organizations are scanning container images in the build process.

The Case for Targeted Remote Browser Isolation with Next Gen SWG

Remote browser isolation (RBI) has many use cases, but has found a popular use case with secure web gateways (SWG). While SWGs can block known bad websites and allow known good ones, the gray area of uncategorized and security risk websites is a challenge for most SWG deployments. If you allow them, your inline defenses and endpoints are exposed and may miss evasive malware, macros, malicious scripts, and phishing attacks.

ECMWF - How Third Parties Securely Access Supercomputing Clusters

To the average person, weather forecasts inform whether or not they need to bring an umbrella to the office. But to some, it can be quite literally a matter of life and death. Organizations like the European Center for Medium Range Weather Forecasting (ECMWF) sit at the center of a web of highly sensitive operations, providing them weather predictions and reports.

Network, Endpoint, and Cloud DLP: A Quick Guide

At the beginning of 2019, 60% of companies responding to the Insider Threat Report survey reported that they were planning to implement a data loss prevention (DLP) solution. For a few years, organizations have been aware that they need to add data loss prevention (DLP) tools and software to their technology stack in order to safeguard sensitive information collected and stored` However, there’s a common misconception that DLP is just one “thing”.

The Essentials of Personally Identifiable Information (PII)

Modern privacy regulation is centered around the concept of personal information. The General Data Privacy Regulation (GDPR) popularized it, but since then similar initiatives—like the California Consumer Privacy Act—have expanded on the definition of "Personal Information." If your application collects any kind of information about your users or customers, it is important that you track when, how, and for what purpose you are collecting their data.

Assessing design quality for better software due diligence

Design quality audits are sometimes overlooked in software due diligence, but they are vital to understanding the overall health of a company’s software system. When software is part of an M&A transaction, performing technical due diligence is a critical part of the process. There’s a lot to cover when it comes to software due diligence, and you can learn more by reading our take on the specific areas of the process, but today we’d like to discuss software quality.

What should you do after your penetration testing report?

We believe that continuous communication with our clients prior to, during, and, after a penetration testing engagement is vital to ensure that you get the best service from us. In this blog post we would like to discuss the events that should take place once you receive your penetration testing report so you can gain the most value from our services.

Reflective DLL Injection In The Wild

December 2020, the weeks before Christmas, saw an increase in reported malware activity that culminated most prominently in the Sunburst Trojan attacks - events that are still developing as of today. As we were asserting our readiness to respond to new threats under our watch, we identified a suspicious executable being copied to a remote network share.