The ransomware-as-a-service (RaaS) operation behind REvil have become one of the most prolific and successful threat groups since the ransomware first appeared in May 2019. REvil has been primarily used to target Windows systems. However, new samples have been identified targeting Linux systems. AT&T Alien Labs™ is closely monitoring the ransomware landscape and has already identified four of these samples in the wild during the last month, after receiving a tip from MalwareHuntingTeam.

I recently caught up with Phil Guimond, Principal Cloud Security Architect at ViacomCBS. He describes his role as a fancy way of saying he likes to be involved in All The Things™. This includes cloud security and architecture, application security, penetration testing, and digital forensics and incident response, and even vendor reviews and risk management from time to time. He works in a very cross-functional team. We had a great discussion, and I wanted to share it with all of you.

Penetration testing is a common technique used to analyze the security posture of IT infrastructure. Web application penetration testing can assist you in identifying the potential security weaknesses in your web-based applications so that they can be fixed before attackers exploit them.

The following is an excerpt from Netskope’s recent book Designing a SASE Architecture for Dummies. This is the seventh, and final, in a series of seven posts detailing a set of incremental steps for implementing a well-functioning SASE architecture.

Cybersecurity has a bad rap for getting in the way of business. Many CIOs & CISOs dedicate a lot of time to minimizing security solutions’ performance drag on their network traffic while ensuring that the solutions continue to do their job keeping the network secure. The move to the cloud exacerbates this challenge.

Container orchestration platform Kubernetes announced in December 2020 that its third and final release, Kubernetes v1.20, would deprecate dockershim and subsequently Docker as a container runtime. This deprecation has brought multiple changes that admins must be aware of and accordingly respond to.

Automating incident recovery has inculcated rhythm to systems. But ITOps need more than automation. And, that is the acceleration of automated incident recovery. 79% reported in a survey that adding more IT staff to address IT incident management is not an effective strategy. Incident recovery needs accelerated intelligent automation. The two core outputs when accelerated are better and faster Incident Diagnosis and Resolution.

For over a year the future has lacked clarity. As parts of the world start to open up and the life sciences industry ramps back up to pre-pandemic activity, the fog of uncertainty is starting to lift. We are seeing an acceleration of digital transformation across the Life Sciences industry with the adoption of decentralized trials, real world evidence, and remote monitoring.

The ability for security teams to integrate threat data into their operations substantially helps their organization identify potentially malicious endpoint and network events using indicators identified by other threat research teams. In this blog, we’ll cover how to ingest threat data with the Threat Intel Filebeat module. In future blog posts, we'll cover enriching threat data with the Threat ECS fieldset and operationalizing threat data with Elastic Security.

Commissioning a penetration test is an important step in helping to enhance your organisation’s cyber security resilience. Pen testing costs vary from a few thousand pounds to several thousand more, so it’s essential to ensure that the pen testing you select enables you to achieve the best security outcomes from your budget.