“Well, yeah, I can give the devs a new security tool, but I can’t make them use it.” I was mid-way through dinner with an old college friend when he dropped this into the conversation. I’d told him I wanted to pick his brain about security issues and tools, but told him no matter what, I wouldn’t start to deliver a pitch. Well, I kept my promise, but I think I must have given my tongue a bruise from biting it.

The Trustwave SpiderLabs research team has been tracking a new threat group calling itself Anonymous Sudan, which has carried out a series of Distributed Denial of Service (DDoS) attacks against Swedish, Dutch, Australian, and German organizations purportedly in retaliation for anti-Muslim activity that had taken place in those countries.

John Kevin Adriano, Trustwave SpiderLabs Security Researcher Tax season is a busy time of year for taxpayers and threat actors. Consumers and businesses focus on filing their taxes and getting excited over possible refunds, while cybercriminals roll out both their tried-and-true tax scams along with implementing new efforts.

Gartner’s newly released 2023 Market Guide for Managed Detection and Response Services offers detailed advice to organizations on what capabilities an MDR provider must deliver in order to keep its clients secure. The guide reinforces the notion that a MDR provider must come to the table with a portfolio of strong supporting solutions to deliver an effective and comprehensive security product.

We recently released Enterprise OPA, the drop-in enterprise edition of Open Policy Agent (OPA). With Enterprise OPA, we aim to solve several challenges large organizations encounter when using OPA. These include performance and memory usage when using large datasets, keeping authorization data up to date and performing policy updates in a safe way.

Elastic Security 8.7 helps security practitioners eliminate alert fatigue, reduce MTTR, and better secure cloud environments through integrated SIEM, cloud security, and endpoint security. This release includes the following new features that bring efficacy and efficiency to the modern security operations center (SOC): Security operations centers use SIEM, EDR, and cloud security solutions to detect malicious activity by analyzing their security-related events and information. . .

Twitter's source code was recently leaked publically on a GitHub repository. This blog post looks at exactly what happened and what security consequences could stem from this leak.

Technology is a double-edged sword. On one hand, it can make new experiences possible and elevate productivity. On the other hand, it introduces new threats and attack vectors; and it can widen the gap even further between our ability to produce software and our ability to secure it. Getting faster at creating and finding security flaws does not make us faster at fixing them; data shows us that one in four vulnerabilities remain open well over a year after first discovery.

The large attack surface of Kubernetes’ default pod provisioning is susceptible to critical security vulnerabilities, some of which include malicious exploits and container breakouts. I believe one of the most effective workload runtime security measures to prevent such exploits is layer-by-layer process monitoring within the container. It may sound like a daunting task that requires additional resources, but in reality, it is actually quite the opposite.

We're excited to share that Nightfall has been named as a Leader in Data Loss Prevention (DLP) in G2's Spring '23 rankings. Huge thank you to our customers and supporters who made this possible, and to our dedicated team who works so hard to keep their cloud data safe. This year has been a busy one, with the release of our Advanced Secrets Detection, that provide detailed metadata about discovered API keys, like whether they're active