In my previous blog, I covered the many different types of cyber threat intelligence and why gathering CTI is beneficial to security teams. In this post, I will dig into the cyber threat intelligence lifecycle framework and a model to help correlate and contextualize your findings.

The IT systems and data of the Department of Defense (DoD) and its network of contractors are a matter of national security. Accordingly, the DoD maintains cybersecurity requirements that organizations must meet in order to be an approved vendor for the DoD. This article provides an overview of the most pertinent documents that inform the DoD’s cybersecurity expectations for defense industrial base (DIB) organizations, a review of useful frameworks, and tips for implementing DoD requirements.

In our first post of the series, we looked at ways to detect pass-the-hash attacks, which exploit NTLM authentication within an Active Directory domain. Pass-the-ticket is a related attack that which leverages Kerberos authentication to perform lateral movement. In this post, we will dive into how the pass-the-ticket attack works and what you can do to detect it.

Using the ChangeNTLM and SetNTLM commands in Mimikatz, attackers can manipulate user passwords and escalate their privileges in Active Directory. Let’s take a look at these commands and what they do.

Even the most precise and regimented DevOps teams can be plagued by numerous post-deployment security issues, causing potentially damaging production delays and engineering rework. Building on Snyk’s successful acceleration of DevSecOps, Snyk IaC empowers developers to treat Terraform like any other form of code and proactively test IaC early as well as continuously monitor infrastructure post-deployment.

Starting October 12th, 2022 we’ll be rolling out some exciting new user interface changes for the Snyk application, at app.snyk.io. These changes make use of the Snyk design system by incorporating standardized UI components, an updated color palette, and other elements to help you get even more from Snyk. In this blog post, we’ll walk through the most important changes.

The Splunk Vulnerability Disclosure SVD-2022-0604 published the existence of an attack where the dashboards in certain Splunk Cloud Platform and Splunk Enterprise versions may let an attacker inject risky search commands into a form token.

The popularity of freelancing has continued to rise in the United States. In fact, a majority of organizations in America have worked with freelancers and plan to hire them again, according to data from the LinkedIn Workforce Report. In the post-pandemic world, there are a massive and growing number of digital nomads, people who choose to travel while working remotely from anywhere in the Internet-connected world.

In April 2022, a medical billing company based in New York became the victim of a serious ransomware attack. Bad actors stole personal and financial data of patients from 26 healthcare institutions who were the company’s clients. The billing company had to notify almost 1 million individuals that their data had been stolen. Over the last few years, organizations and fintechs that process payments for healthcare providers have become a hot target for cyber attacks.

If you’re helping shape application security in an organization, whether as an external security consultant or vendor, or as part of an internal security team, it is critical to work effectively with developers. While a lot of individuals have an interest and stake in security, and many have a significant role to play, developers who write code and fix flaws determine whether application security initiatives succeed or fail.