In a previous blog post, we took a look at Java’s custom serialization platform and what the security implications are. And more recently, I wrote about how improvements in Java 17 can help you prevent insecure deserialization. However, nowadays, people aren’t as dependent on Java’s custom serialization, opting instead to use JSON. JSON is the most widespread format for data serialization, it is human readable and not specific to Java.

True Login phishing kits are continuously being developed by threat actors to improve their TTPs in luring victims. By using true login kits, the phishing operators have a higher chance of making potential victims believe they are logging into the real website. True login kit developers are abusing publicly available APIs of the banking company to be able to query login information to be shown to potential victims, in turn luring the victim even further into the operations.

2021 was a challenging year for manufacturers, energy producers, and utilities. A chaotic pandemic year created an opportunity for threat actors to take advantage of disruption to infrastructure integrity and IT to OT operational dependencies, something they achieved with frightening rapidity and effectiveness.

This is part 2 of Trustwave’s 2022 Cybersecurity Predictions blog series. In 2021, the cybersecurity industry was truly tested. Most notably, we uncovered the deeper fallout from the SolarWinds attacks, combatted the proliferation of advanced ransomware gangs and a surge in vulnerability exploitation, and saw fragile supply chain and critical infrastructure more targeted by attackers than ever.

You work at a SaaS provider, and now you need to pass a FedRAMP audit. If that describes you, read on. This post will tell you (almost) everything you need to know about how to pass a FedRAMP Audit. For the rest, reach out to us. We will put you in touch with one of our Solution Engineers like me who have helped some of the largest SaaS providers in the world pass their FedRAMP audit prior or after IPOing. It’s what we do.

There’s a lot of upside to becoming an application-centric business. You can increase collaboration, work more effectively with your data, deliver an optimal customer experience, and much more. One major downside, though, is that your network and security operations teams are under intense pressure to provision new applications both quickly and securely.

Need a removable media policy for ISO 27001 or other information security frameworks? In this article you will be provided with a free removable media policy template and tips for writing your own information security policies.

Networks form a critical core for our modern-day society and businesses. People, processes, and technologies should be in place for monitoring, detecting, logging, and preventing malicious activities that occur when an enterprise experiences an attack within or against their networks.

Infosys is a global leader in next-generation digital services and consulting. It enables clients in 46 countries to navigate their digital transformation. With $13 Billion USD as its last 12 month’s revenue, serving a client base of 1500 customers, human capital of 249K employees, and managing millions of square feet of real estate.

Kubernetes’ last release for the year v1..23 will be released next week Tuesday, December 7, 2021 The Christmas edition of Kubernetes comes with 45 new enhancements to make it more mature, secure, and scalable. In this blog, we’ll focus on the critical changes grouped into the Kubernetes API, containers and infrastructure, storage, networking, and security. Let's start with the “face of Kubernetes”, which makes it scalable and expandable.