Ruby is a well-defined and thought-out language and has been around since the mid-1990s. In 2004, Ruby incorporated RubyGems as its package manager. RubyGems is used to manage libraries and dependencies in a self-contained format known as a gem. The interface for RubyGems is a command line tool that integrates with the Ruby runtime and allows Gemfiles to be added or updated in a project. I looked at three Ruby platforms and found vulnerabilities that were surprising, even to me.

A recent study reveals that cybercrime costs the world economy more than $1 trillion, a more than 50 percent increase from 2018. Damage to companies also includes downtime, brand reputation, and reduced efficiency. Besides installing anti-malware software to protect against cyberattacks, however, there is other security software to consider. One option is a SIEM (Security Information and Event Management) solution.

To get a better understanding of how RDP works, think of a remote-controlled toy car. The user presses buttons on the controller and makes the car move forward or backwards. He can do all that and control the car without actually contacting it; the same is the case while using RDP. This article shall help you become aware of RDP security encompassing threats, vulnerabilities and encryption practices.

In the IT world authentication is a process that verifies or identifies if a user is actually who he claims to be. This protects systems, networks, devices or applications from unauthorised access or use as only legitimate authenticated users are allowed to access the resources. Usually, user authentication is achieved by submitting a valid username or user ID and its corresponding private information (e.g. a password).

It is commonly accepted that Data is the lifeblood of every business. Unless of course, your company still does bookkeeping with pen and paper? If not, the chances are that the day-to-day operations of your business cannot function without Data. Data lasts forever and is being used in ways we can’t even imagine - almost every device is a computer producing data these days.

It’s not every day that you get four CTOs of leading Cloud companies in a discussion about security, the changing role of the security operations center (SOC), and how best to manage data, artificial intelligence(AI), and service providers in these challenging times. To close out the 2021 Modern SOC Summit, Christian Beedgen, Sumo Logic’s CTO, hosted a discussion with Peter Silberman, CTO at Expel.io, Scott Lundgren, CTO at Carbon Black, and Todd Weber, the CTO at Optiv.

This blog series expands upon a presentation given at DEF CON 29 on August 7, 2021. Phishing attacks are starting to evolve from the old-school faking of login pages that harvest passwords to attacks that abuse widely-used identity systems such as Microsoft Azure Active Directory or Google Identity, both of which utilize the OAuth authorization protocol for granting permissions to third-party applications using your Microsoft or Google identity.

This blog series expands upon a presentation given at DEF CON 29 on August 7, 2021. In Part 1 of this series, we provided an overview of OAuth 2.0 and two of its authorization flows, the authorization code grant and the device authorization grant.

Teleport has been instrumental in helping our clients achieve difficult security and compliance requirements, and today we are proud to announce that our Cloud offering is now SOC2 Type II compliant. Last year our on-premises product was SOC2 Type II certified, and we published an overview on our blog helping explain what SOC2 is and why it has become table stakes for B2B SaaS companies.

Between us — there’s no such thing as zero trust — it’s a catchy term used to describe a very complicated approach to security. But just because marketing loves the term doesn’t mean we should ignore the concept. The idea of zero trust is the assumption that users should be granted the least access possible to be productive, and that security should be verified at every level with consistent protection measures.