Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Watch Here: How to Build a Successful AppSec Program

Cyberattackers and threat actors won’t take a break and wait for you to challenge them with your security efforts – you need a proactive application security (AppSec) program to get ahead of threats and remediate flaws quickly. It’s critical that you stand up an AppSec program covering all the bases, from which roles each team member will have to alignment on KPIs and goals, and even a detailed application inventory to stay on top of your code.

7 Steps of Cyber Kill Chain

The Cyber Kill Chain offers a comprehensive framework as a part of the Intelligence Driven Defense model. In this article, we will discuss what the cyber kill chain is and what its steps are. Cyber intrusions are the worst nightmare of many of us. That is why many cyber security professionals and developers offer unique solutions for the identification and prevention of cyber intrusions activity. Being one of those developers, Lockheed Martin has brought the Cyber Kill Chain into our lives.

How are scalping bots threatening your businesses?

Scalper bots, or inventory hoarding bots, are used to disrupt, manipulate, and steal merchandise much faster than any human can. These malicious bots add products to carts, often products that are in high demand or limited supply. This stock is held in a basket and made unavailable to other prospective buyers. Scalper bots perform this process multiple times, causing significant problems for websites and retailers, by hijacking inventory and reselling the items at a higher price.

Synopsys' Seeker IAST wins Best Cloud and Web Application Security category at CybersecAsia Awards

Synopsys is proud to announce that Seeker® IAST won the CybersecAsia 2020 award for Best Cloud and Web Application Security. This award underscores Seeker’s position as an industry leader in functionality and capability, offering best-in-class detection, tracking, and monitoring of sensitive data leakages for today’s modern and complex web, mobile, and cloud-based applications.

Domain controller patch alert! Vulnerability grants domain admin access in 10 seconds

A critical Active Directory vulnerability (CVE-2020-1472) has been making headlines for being the most notorious elevation of privilege bug because it can affect all computers and domain controllers in an organization. This high-risk vulnerability, dubbed Zerologon, gives threat actors easy, instant access to domain controllers without requiring any additional privileges. This attack does not even require a user to be authenticated; the user just needs to be connected to the internal network.

What is threat modeling?

A lot of cybersecurity terminology can sound complex and esoteric. You may hear defensive security specialists, the people who work to secure computers and their networks, talk about threat models and threat modeling a lot. So what is threat modeling? It’s actually pretty simple, and it’s a concept that can not only be applied to computer security, but also to ordinary people in our everyday lives.

CMMC compliance explained: what is the Cybersecurity Maturity Model Certification?

With an escalating cybersecurity threat risk that doesn’t appear to be slowing down, the Department of Defense (DoD) has taken proactive measures in creating the Cybersecurity Maturity Model Certification (CMMC). The CMMC will soon be a requirement for any defense contractors or other vendors that are, or wish to be, working with the DoD .

Be Wise - Prioritize: Taking Application Security To the Next Level

As the number of known vulnerabilities continues to grow every year, software development and application security teams are increasingly relying on vulnerability detection tools throughout development. The result: teams are often overwhelmed with a steady stream of security alerts that must be addressed, and it’s becoming clear that it’s impossible to attempt to fix everything.

How to Set Up Kubernetes SSO with SAML

Kubernetes has some impressive baked-in role based access controls (RBAC). These controls allow administrators to define nuanced permissions when querying Kubernetes resources, like Pods, Deployments, ReplicaSets, etc. For those familiar with Kubernetes, the value of RBAC is immediately recognizable. A single Kubernetes cluster can contain your organization’s entire CI/CD pipeline, highly available SaaS products, or infrastructure that is in the process of being moved to the cloud.