Server Side Request Forgery (SSRF) is a type of attack that can be carried out to compromise a server. The exploitation of a SSRF vulnerability enables attackers to send requests made by the web application, often targeting internal systems behind a firewall.

A recently disclosed vulnerability in Kubernetes dashboard (CVE-2018-18264) exposes secrets to unauthenticated users. In this blog post we’ll explore some key takeaways regarding monitoring privilege escalation on Kubernetes.

The first step to cybersecurity compliance lies in creating controls. Nearly every standard or regulation requires you to establish policies, procedures, and protocols. However, the adage holds: “actions speak louder than words.” Ensuring that everyone within the organization complies with policies and procedures can sometimes be a more formidable process than creating them.

Gartner just released their 2018 Magic Quadrant for Security Information and Event Management (SIEM), which we’re once again excited to be part of!

We finally made it to another new year, and that means it’s time to reflect on the learnings from the previous year while also preparing for many new opportunities and challenges ahead. The enterprise tech and security industry didn’t seem to slow in 2018, so there’s no reason we would expect 2019 to be any different. So what will those “hot button” topics be this year?

This article covers the main techniques cybercriminals use at the initial stage of attacks against enterprise networks. There are several dangerous phases of cyberattacks targeting the corporate segment. The first one encountered by businesses boils down to getting initial access into their systems. The malefactor’s goal at this point is to deposit some malicious code onto the system and make sure it can be executed further on.

During the holiday season people logged on to make purchases through online retailers, like no other time of the year. While there was significant growth in many segments of society on a global scale in 2018, we also saw a significant increase in online retail breaches where personally identifiable information was compromised at an alarming rate.

We in the infosec community have made enormous progress towards getting multi-factor authentication the recognition it deserves. All the respected folks in the community have been promoting multi-factor as the best protection against account hijacks.

Over the last few years, technology has transformed our lives and made it easy for businesses to collect and process personal data. These technological advancements have also created the need for new regulations to provide better protection of personal data.