Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Detecting the Sudo Baron Samedit Vulnerability and Attack

On January 26th, 2021, Qualys reported that many versions of SUDO (1.8.2 to 1.8.31p2 and 1.9.0 to 1.9.5p1) are vulnerable (CVE-2021-3156) to a buffer overflow attack dubbed Baron Samedit that can result in privilege escalations. Qualys was able to use this vulnerability to gain root on at least Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2), some of the most modern and widely used Linux operating systems.

TeamTNT delivers malware with new detection evasion tool

AT&T Alien Labs™ has identified a new tool from the TeamTNT adversary group, which has been previously observed targeting exposed Docker infrastructure for cryptocurrency mining purposes and credential theft. The group is using a new detection evasion tool, copied from open source repositories. The purpose of this blog is to share new technical intelligence and provide detection and analysis options for defenders.

Meet the people behind your compliance

At Bulletproof, we have a fantastic team who power our compliance services, which include GDPR, ISO 27001, Cyber Essentials, training, and act as our all-knowing outsourced Data Protection Officers. Both cyber security and data protection are crucial corporate responsibilities that we believe should be at the heart of any company’s day-to-day operations.

When and How to report GDPR personal data breaches (Article 33)

The Data Protection Act was brought in in 2018, and it controls and monitors the way that UK businesses and organizations use your personal data and information, such as credit, payment card, financial information, social security numbers, and any sensitive data. Under the act, it is up to everyone to ensure that they use data wisely and adhere to the data protection principles that are laid down in the act, which are.

Security Defender Insights: "bad actors are using intelligence and automatic tools, we need to surpass those abilities"

In this new series, Security Defender Insights, Detectify is recognizing Security Defenders in our network to bring you actionable insights and inspiration for your security strategies in 2021. We want to encourage open discussions about web security and show appreciation for hard-working security practitioners. So let’s get started with this interview with Roberto Arias Alegria, Information Security Architect at Quandoo.

Why Mid-Market Companies and SMEs Benefit From SIEM

Security information and event management (SIEM) has been “reserved” for large enterprises for a long time and therefore vendors largely ignored smaller customers. “Smaller customers” are medium enterprises and mid-market companies, according to various definitions and brackets, and they range from a hundred to more than a thousand employees. But the problem that SIEM solves are problems that these SME/mid-market organizations have as well.

Digital transformation- Remodeling banking industry

It is an accepted fact that one needs to constantly keep upgrading oneself to stay relevant in the industry and progress. Banks are at tipping point of adopting the changes happening in the industry. Digital channels have become “table stakes”, financial institutions must find different ways to differentiate themselves. Upending conventions, COVID 19 catalyzed the adoption of digital initiatives by companies and has also radically changed consumer behavior.

Guide to Software Composition Analysis (SCA)

2020 was a watershed year for open source. Digital transformation, already gaining momentum before COVID19 hit, suddenly accelerated. More and more companies became software companies, and with this shift—usage of open source peaked. Why? Simply put, open source enables development teams to deliver value more rapidly and more frequently, thus enabling their companies to better compete in their respective markets.

Top GDPR Solutions for Security and Consent Management

The General Data Protection Regulation (GDPR) is a set of provisions and requirements governing data protection and privacy for individuals across the European Union. It applies to any business or public body — inside or outside the EU — that handles the personal data of EU residents. Essentially, GDPR requirements govern the way companies process and store personally identifiable information (PII).