Testing uptime, response time, and other performance metrics in applications can take a few different shapes. One common technique is an approach known as synthetic monitoring. This form of performance monitoring doesn't rely on real users interacting with a service, and instead uses automated tools to mimic interactions. Then, the results are recorded and parsed just like other solutions.
Initially, Security Information and Event Management (SIEM) solutions were readily adopted because of their capability to provide actionable insights into the deep corners of an organization’s network. Legacy SIEM systems helped in understanding when and where security incidents are happening in real-time. Soon enough, these SIEM systems faced an avalanche of false positives, and they required a dedicated team to filter out irrelevant alerts.
There’s no question that cybercrimes are a growing problem for businesses in the United States. A cyberattack can cost a business about $200,000 on average. Sadly, many businesses that are targeted cannot recover from the financial effects of a cyberattack. In fact, it’s estimated that 60% of targeted companies go out of business within six months of the attack.
Businesses want to connect to their users and meet them where they are. One growing way to communicate to them is through text messages including providing coupons, recent news, and other marketing materials. When these marketing efforts are unwanted by the customer, this is when they cross the line into the SPAM category. SPAM has taken many forms throughout history such as junk mail in your mailbox and robocalls.
The limitations of traditional lending solution creates a room for innovation via Fintech. Fintech is able to address the challenges that conventional lending providers face by utilising a combination of different business models, technology, and innovative approaches. Indonesia’s fintech market looks like an open bottle of honey to me. The fintech market has grown by 16.3% with total investment in fintech companies reaching $176.75 million in 2019.
With Gartner releasing its latest Magic Quadrant for WAN Edge Infrastructure earlier this month, it seemed an appropriate time to explore the intersection of SD-WAN and SASE. Both of these technological approaches hold great promise and are large, billion-dollar markets, sharing the common goal of connecting users to the data and applications critical to doing their job. The two technologies demonstrate the increasing overlap and tightening linkage between networking and security investments.
Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw, discovered by vulnerability researcher Slavco Mihajloski, opened up opportunities for cybercriminals to completely compromise WordPress sites. The flaw can be exploited if a user attempts to log into a Loginizer-protected website with a carefully-crafted username.
This week NSA published a list of the top 25 vulnerabilities that Chinese hackers are actively exploiting, and unsurprisingly the list included some of the most prominent CVEs that we’ve covered in our previous risk based vulnerability management blogs.
The latest exploit in the series of issues with cloud infrastructure software is called “ContainerDrip” (CVE-2020-15157)and in some cases it can cause you to leak your registry secrets to an attacker. The attack is actually a kind of secret or password leak using request forgery. Your client unintentionally makes an HTTP API request to the attacker’s endpoint where this request contains the container image registry secret.
Bots are evolving dramatically and becoming more sophisticated and launching ever more complex and targeted attacks at ever increasing rates. This makes detecting bots more important than ever but also more difficult than ever. Bots of the more recent generations are harder to identify without expert bot detection tooling. These bots could put businesses at risk of exposure to threats such as scraping, carding, and credential stuffing.
