DirtyCred is a new Linux kernel exploitation technique that allows kernel Use After Free (UAF) or Double free vulnerabilities to swap a credential or file structure on the kernel heap memory to escalate privileges to root. The replaced credential or file structure provides root access on a Linux host and breaks out of the container at the same time. Ph.D.
Security has been a concern in the tech industry for years now. However, not a lot of companies follow their own protocols or guides when it comes to securing code. It’s easy to believe that security incidents are uncommon (or unlikely to happen in your own organization), but the latest issue with Uber is one of many examples to the contrary.
Trustwave has been recognized in the IDC MarketScape: Worldwide Managed Cloud Security Services in the Multicloud Era Vendor Assessment (doc #US48761022, September 2022). Trustwave, a pure-play cybersecurity services provider, is well positioned in the market. It shows the market acceptance for specialized security skills from its MSS providers.
A recent report suggests that 700,000 new cybersecurity professionals have joined the market since 2020. But still, we are nowhere near closing the talent gap. LinkedIn shows only about +3k people with the "Application Security Engineer" job title. Let's dive into the world of application security.
Hybrid cloud computing enables organizations to deploy sensitive workloads on-premise or in a private cloud, while hosting less business-critical resources on public clouds. But despite its many benefits, the hybrid environment also creates security concerns. AlgoSec’s co-founder and CTO, Prof. Avishai Wool shares his expert insights on these concerns and offers best practices to boost hybrid cloud security.
We are proud to announce the WatchGuard Firebox M690 has been named “Next Generation Firewall Solution of the Year” in the sixth annual CyberSecurity Breakthrough Awards This prestigious awards program recognizes the world’s best information security companies, products and people.
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about the evolution of video conferencing since the 2020 pandemic, the security challenges faced by video conferencing tools, how companies and governments have acknowledged the risks, and the best practices to avoid such attacks.
Ransomware’s first documented attack was relatively rudimentary. It was delivered via floppy disk containing a malware program in 1989 that told its victims to pay $189 in ransom to a PO Box in Panama. Today ransomware criminals are significantly more sophisticated, thanks to advances in cyber methods and cryptocurrencies. Not all Ransomware is created equally. Like all malware, malicious codes vary in sophistication and modularity. As such, not all ransomware codes are made the same.
In what seems to be a constant drip of headlines about large enterprises experiencing security incidents, the world most recently learned of a successful data infiltration of rideshare and delivery company Uber. In a blog update, Uber attributed the attack to the infamous Lapsus$ group that has made a name for itself over the past year with successful breaches of household names including Microsoft, Rockstar Games, Samsung, Nvidia, Ubisoft, and Okta.
