ISO 27001 is a way for companies to prove a certain standard of security to their customers. You may recognize ISO as the standards body that issues international standards and classifiers for all kinds of products and services, including date and time standards, country and currency codes, and structural systems—like the ones we’ll be discussing in this article.
Microsoft 365 is a suite of cloud-based productivity and communication services that includes Microsoft Office applications (including OneNote and OneDrive) as well as other popular Microsoft tools like Skype and Teams. Microsoft 365 tools and services are at the core of many organizations’ data management and day-to-day workflows, so monitoring activity across your environment is key to making sure that these services remain secure and meet compliance standards.
It’s something of a cliché to say that hackers are shady types, often lurking in the shadows. Usually this is just a metaphor, though if you take stock imagery at face value, you’d be forgiven for thinking they only ever appear at night whilst wearing a hoodie. Like most clichés however, this contrivance does have an element of truth in it. The fact is that hackers often work just as hard to keep themselves and their tactics hidden as they do to find vulnerabilities to exploit.
On November 6th, 2019, Detectify added security tests for 50+ of the most popular WordPress plugins, including Easy-WP-SMTP. Although the zero-day affecting Easy-WP-SMTP (CVE-2020-35234) was recently patched, WordPress estimates that many of the 500,000+ active installs of the plugin remain unpatched. Detectify scans your applications for this vulnerability and alerts you if you are running a vulnerable version of WordPress and WordPress plugins.
In part 1 of this blog series on data protection for Kubernetes and cloud native applications, we addressed the need for Data Protection for Containerized Applications. Given that the leading Kubernetes distributions and managed cloud services do not include native capabilities for data protection and disaster recovery, service providers and enterprises need additional data management tools such as CloudCasa to provide these.
This summer, Ada Logics integrated continuous fuzzing into Teleport to strengthen the security posture of the project. We’d like to thank Adam Korczynski from Ada Logics for initiating contact and doing the work. In this blog post, we will give a brief introduction to fuzzing and explain how to carry on the work moving forward. The motive for this work was to take the first steps in implementing fuzzing into Teleport’s development pipeline.
The Sarbanes-Oxley Act of 2002 (SOX) was passed by the United States Congress to protect the public from fraudulent or erroneous practices by corporations or other business entities. The legislation set new and expanded requirements for all U.S. public company boards, management, and public accounting firms with the goal to increase transparency in financial reporting and to require formalized systems for internal controls. In addition, penalties for fraudulent activity are much more severe.
It can sometimes be a little challenging to figure out specifically how to address different vulnerability classes in Python. This article addresses one of the top finding categories found in Python, CWE 117 (also known as CRLF Injection), and shows how to use a custom log formatter to address the issue. We’ll use this project, which deactivates or deletes user accounts from the Veracode platform, to illustrate the functionality.
Last week, the United States Cybersecurity & Infrastructure Security Agency (CISA) advised on initial steps to take in response to the SolarWinds software that was compromised by advanced persistent threat actors. While federal agencies were under a deadline to complete certain actions, this issue will require continued clean-up and longer-term efforts to mitigate the threat.
