Everyone loves buzz words, no? Red team is the newest (well... not that new) coolest thing on the streets of information security city and many cybersecurity pros want to jump right in and become involved in Red team activities at their company. However, there is more to being a Red team member than just signing up.

On Thursday, July 21, 2022, SonicWall disclosed a critical severity vulnerability – CVE-2022-22280 – impacting their Analytics On-Prem and Global Management System (GMS) products, which are used for central management and deployment of SonicWall firewalls, email security, remote access, and other solutions.

The desire to take advantage of the modern cloud-native paradigm has forced many enterprises to rush to production with Kubernetes and containerized applications. Often, the incorrect expectation with cloud-native adoption is that Ops teams would be able to easily transition their existing security and operational practices, workflows and tooling to these new software development platforms and everything would still work as before.

The Center for Internet Security’s Critical Security Controls has become an industry standard set of controls for securing the enterprise. Now on version 8, the original 20 controls are down to 18 with several sub controls added. The first six basic controls can prevent 85 percent of the most common cyber attacks, and even though the controls have been developed with traditional data centers and process in mind, there is no reason they can’t be adapted to DevOps practices.

In the two years proceeding from the beginning of the COVID-19 pandemic, the business world has been transformed on a grand scale. Organizations have created more data than ever before, data is now spread across a wider attack surface, putting it at a heightened risk of becoming a compromised risk. The manner and location of data storage and correspondence has had to shift to meet the needs of remote and hybrid workers, with companies being forced to take a more rigorous approach to data security.

Our research has revealed that 80% of security professionals have experienced increased security threats since shifting to remote work. To stay protected against attacks and reduce the chances of losing significant amounts of money, putting their users at risk, or destroying their reputation, organizations must do more to innovate against email risks. In our most recent report, Cybersecurity experts' views on email risk within Microsoft 365, we identify many of the risks Microsoft 365 users face.

The Nightfall platform is a SaaS data protection platform already known for its high accuracy findings and analytics. Now, thanks to new features baked into the Nightfall Console, users will have enhanced analytics functionality through an elegant and easy to navigate dashboard interface. Watch the video demo below for a walkthrough of changes, or read the rest of the post to learn more.

Kubernetes is the de-facto container management platform of today and the future. It has increased the scalability and flexibility of applications and eliminated vendor lock-in. Kubernetes also brings a lot of security native features; however, with security, the devil is always in the details. By default, the security of cloud services, applications, and infrastructure is not in the scope of Kubernetes. This does not mean that running Kubernetes is destructive and makes your applications vulnerable.

When most people speak of any city government, they often mention words like “Bureaucratic”,“Behind the times”, and “Slow.” This is especially true when considering cybersecurity initiatives. However, a small town in Texas is changing that view. Seguin, Texas, which was once the smallest Texas city to have a full-time cybersecurity employee, was the only government entity to be named in the CSO50 2022 Awards.

Building a HIPAA-compliant security program is a very time intensive and demanding undertaking. It can also be confusing, as satisfying requirements like the HIPAA Security Rule require extensive interpretation and documentation on the part of security professionals. However, by arming yourself with knowledge before beginning the process, you can cut down on unnecessary difficulties.