Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Is safe collaboration the key to combating CAD cybercrime?

Cybercrime and cybersecurity challenges have escalated during the Covid-19 crisis, particularly in the manufacturing and design industry. The pandemic has also led to an increase in remote working style creating a wide attack surface. With no time to implement safety security measures to prevent breaches and attacks, no organization is entirely immune or safe. Another cause of concern for the manufacturing and design industry is the upsurge in external partners and suppliers.

Best practices for businesses to stay safe online this tax season

It’s tax time again. Typically, the deadline for federal tax filing in the United States is April 15, but this year the deadline has been extended to May 17, 2021. However, if you think your business will be receiving a refund, the IRS encourages you to file as early as possible. Filing taxes can be stressful. Adding to the potential stress is the increasing tax scams out there and the ongoing battle to keep your company data protected and secure.

Welcome to WhiteSource, Diffend!

Today we’re thrilled to announce that Diffend, an innovative software supply chain security service, is now part of WhiteSource. At WhiteSource we believe that open source risk management is a pillar of software supply chain security, and Diffend helps us extend our capabilities in this area. While 99.999% of open source releases may be safe, our customers trust us to help identify the ones that could do harm and should be avoided.

Practical Guide For SIEM And Active Directory

Active Directory is a popular technology used in many organizations to handle their user management, authentication and authorization. The fact that it’s so dominant and so central to the IT infrastructure makes it a key component for security monitoring. It’s also a popular target for malicious actors, as compromising Active Directory accounts gives them access to many resources.

Customer experience- The ultimate game changer in digital onboarding

Companies have been on a digital-first trajectory for years now, which spurred in the wake of COVID 19. A lot of companies had to bear the brunt of this catastrophe, and a lot of them survived grasping the straws of digital transformation. But the real winners of this re-ordering were the once who got an inkling that transforming digitally was just a pre-requisite, it is the ‘Customer Experience’ which will keep the ball rolling.

Snyk Maven plugin: Integrated security vulnerability scanning for developers

Maven is the most commonly used build system in the Java ecosystem, and it has been for many years. Building your application with Maven is easy since it takes care of many things for you. In different phases of the Maven lifecycle, it handles things like: With Maven, the development lifecycle happens the same way on every machine for every developer on the team, as well as within the CI pipeline.

How to detect EC2 Serial Console enabled

Recently, Amazon AWS introduced the new feature EC2 Serial Console for instances using Nitro System. It provides a simple and secure way to perform troubleshooting by establishing a connection to the serial port of an instance. Even though this feature is useful in case of break glass situations, from a security perspective, it could be used by adversaries to gain access through an unguarded secondary entrance.

Pentest People Win 2 Digital City Festival Awards

On 15th April we were delighted to attend the Digital City Awards online ceremony where we scooped two wins, the Cyber Security Project of the Year and the major award category, The Digital City Innovation of the Year Award. This award recognises the novel product or service which has revolutionised the way things are done and made a real difference in its intended field.

How to Think About Gartner's Strategic Roadmap for SASE Convergence

Gartner recently published the 2021 Strategic Roadmap for SASE Convergence, outlining key challenges that are driving shifts to Secure Access Services Edge (SASE) architecture. Not surprisingly, chief among these challenges are consistency, simplicity, transparency, and efficacy—all of which a properly implemented SASE architecture is positioned to solve. But knowing what the challenges are, how do we then get to SASE? Has your journey already started? What are the right moves?

Cloud Threats Memo: Malicious Campaigns Taking Advantage of Well-known Collaboration Apps

BazarLoader is a malicious dropper used in multiple campaigns, including the massive wave of attacks targeting US Hospitals with the Ryuk ransomware during October 2020. The primary purpose of BazarLoader is to download and execute additional malware payloads, and one of the key characteristics is its delivery mechanism, which exploits legitimate cloud services like Google Docs to host the malicious payload.