Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Top 10 Cybersecurity Conferences of 2023

2023 is coming in hot. If you don't want to miss out on this year's best events, you better start planning your conference schedule early. To help you out, I created an overview of my personal top 10 favorite cybersecurity events in 2023 about application security, cloud security, IoT, and all the other topics that currently occupy the cybersecurity world.

Continued Exploitation and Evolution of ProxyShell Vulnerabilities - The Monitor, Issue 22

In August 2021, threat actors started to exploit ProxyShell vulnerabilities in certain Microsoft Exchange Server versions. Today, not only is Kroll seeing actors continue to leverage ProxyShell in larger network intrusions but also now organizations must also be on guard for the so-called ProxyNotShell vulnerabilities, which surfaced in September 2022.

Distraction on overdrive: Security in a time of permacrisis

We can probably all agree that we’re living in a state of permacrisis right now. After grappling with Covid-19, the world has been rocked by volatile stock markets, record-setting inflation, and the ongoing conflict in Ukraine. No wonder Collins Dictionary chose permacrisis as its word of the year for 2022.

SOAR'ing to Success: How an Insurance Company Automates Threat Hunting

Many automation tools, such as SOAR, suffer from an ironic Catch-22: you know that automation will save your team huge amounts of time, but it’s difficult to implement and requires skills you don’t necessarily have in-house. Essentially, you can’t afford the tools that will save you money. Ay, there’s the rub! You may have seen tools promising “no-code” capabilities with intuitive GUIs that help non-programmers build abstract functions.

How Netskope Cloud Exchange as a Managed Service Can Help Improve Your Security Posture

Starting January 1, 2023, Netskope will offer customers Cloud Exchange (CE), its industry leading integration platform, as a managed service. This managed service will enable a much larger customer base to benefit from CE, including customers lacking in-house resources or preferring to consume CE as a managed service.

Top 5 Access Control Challenges

Identity and access management (IAM) is an integral part of security systems. Without proper authentication and authorization, it would be impossible to practice cybersecurity principles such as zero trust and least privilege. By now, most organizations have a firm grasp on the identity part of IAM, including concepts like multi-factor and token-based authentication.

Expel's Jon Hencinski: How to reduce risk through better security strategy

In this episode of The Future of Security Operations podcast, Thomas speaks with Jon Hencinski, Vice President of SecOps at Expel, a company with "a mission to make security easy to understand, easy to use, and easy to continuously improve." Jon is passionate about getting to the root cause of security issues and using strategy to help organizations eliminate problems.

Elastic + Tidal making MITRE ATT&CK easier

Security vendors seem to have a complicated relationship with the MITRE ATT&CK(™) matrix. With one hand, they hold it high as a powerful resource, and with the other, they criticize some aspect of it. But regardless of your viewpoint on any given day, ATT&CK is one of the most important resources for improving your understanding of threat capabilities and aligning those to technical controls, countermeasures, or mitigations.

Using LDAP Ping to Enumerate Active Directory Users

LDAP Nom Nom is a recently discovered brute-force technique for enumerating valid usernames in Active Directory — anonymously and without leaving any log entries behind. It abuses LDAP Ping, a little-known mechanism in Active Directory normally used by computers to check whether a domain controller is alive. This blog post explains how LDAP Ping works and how adversaries can abuse it with LDAP Nom Nom.

Unsafe deserialization vulnerability in SnakeYaml (CVE-2022-1471)

SnakeYaml is a well-known YAML 1.1 parser and emitter for Java. Recently, a vulnerability — CVE-2022-1471 — was reported for this package. This vulnerability can lead to arbitrary code execution. The org.yaml:snakeyaml package is widely used in the Java ecosystem, in part because it is packaged by default with Spring Boot in the spring-boot-starter.