Once a malicious actor has gained initial access to an internal asset, they may attempt to conduct command and control activity.

Privileged account management is the process of identifying, controlling and monitoring privileged accounts and their associated activity. Privileged accounts are typically high-level administrator accounts that have broad access rights across an organisation’s IT systems. Because of their elevated level of access, these accounts pose a significant risk if they were to fall into the wrong hands.

In Q1 2022, Kroll observed an 54% increase in phishing attacks being used for initial access when compared to Q4 2021. For the first time since the Microsoft Exchange vulnerabilities in Q1 2021, email compromise surpassed ransomware as the top threat incident type observed.

NIST (National Institute of Standards and Technology) is a federal agency under the responsibility of the US Department of Commerce. Established in 1901 to promote innovation and industrial competitiveness in the US, NIST helps organizations advance measurement science, technology, and standards to improve the quality of life for citizens and enhance economic security.

$132.94 billion. That’s the size of the cybersecurity market today. But despite the massive investment in money, time, and expertise, organizations have never been more at risk of an attack. What’s causing the disconnect? Despite all the effort to ensure security, there is an equally massive and growing effort to exploit vulnerable organizations.

One of the most used buzzwords in our industry is "single pane of glass". But what does it really mean? In most cases, it means a single dimension – either cross-infrastructure or cross-functionality or cross-organization. It usually never AND. Most likely, it's OR. So you will need to use multiple single-pane-of-glass products This led to an interesting discussion between us. Is it a single-pane for all the K8s clusters? Or single-pane for all the K8s security capabilities/functionalities?

On Wednesday, May 4, 2022, F5 disclosed a critical-severity vulnerability impacting the iControl REST authentication of BIG-IP systems being tracked as CVE-2022-1388. If successfully exploited, the vulnerability could lead to Authentication Bypass, which could allow a threat actor to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. BIG-IQ Centralized Management, F5OS-A, F5OS-C, and Traffic SDC are not impacted by CVE-2022-1388.

CVE-2022-30278 is a reflected cross-site scripting (XSS) vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files.

When it comes to security teams, many people may assume that these specialists have some natural ability or extra mental strength for dealing with challenges. After all, these individuals are responsible for preventing cyberattacks and dealing with catastrophic incidents when they occur; they must always be on and ready.

As a developer, you’re probably using some infrastructure cloud provider. And chances are, you automate parts of your infrastructure using infrastructure as code (IaC), so deployments are repeatable, consistent, easily deployable, and overall, more secure because code makes parameters more visible.