In January of 2021, CodeCov suffered a supply chain attack that exposed client environment variables. In the following months, the specifics of the breach and its technical applications have been thoroughly examined by the application security community to determine what went wrong and how to combat similar attacks in the future. But another interesting outcome of the breach were the insights into a slightly less glamorous topic: responsible disclosure.

In two recent blog posts from the CrowdStrike Software Development Engineers in Test (SDET) team, we explored how end-to-end validation testing and modular testing design could increase the speed and accuracy of the testing lifecycle. In this latest post, we conclude our SDET series with a deep dive on how our generalized validation testing component improves efficiency, enhances product functionality and streamlines troubleshooting.

We are proud to have thought leaders at the head of Zenity. Michael Bargury, Zenity co-founder and CTO, recently published an in-depth piece on Dark Reading, one of the most widely read cybersecurity news sites and online communities for cybersecurity professionals. The piece was chosen for Dark Reading’s “The Edge,” a featured section that presents deep dives into cybersecurity issues.

Mergers and acquisitions are high-risk endeavors, sometimes with billions of dollars and corporate reputations at stake. But one way to help lessen the danger is by conducting a thorough cybersecurity review during the due diligence process. The consulting and professional services team at Trustwave works closely with firms across the globe undertaking M&A deals of all sizes.

What comes to mind when you think of security “out-of-the-box?” You’re probably looking for something that will keep users as secure as possible while minimizing implementation friction points to your users. And with ransomware, malware, and phishing threats spreading faster and costing businesses more each year, IT teams must take a full-stack approach to defend against external attacks and internal vulnerabilities, while keeping the business running.

In today’s IT environments, operating systems blend into each other. In on-premises and hybrid or public cloud scenarios, Windows clients connect to Linux-based web servers and Kubernetes containers or microservices. There are several Windows-friendly SSH clients available to keep these connections secure.

The Metasploit Framework is a Ruby-based, open-source framework that is used by information security professionals and cybercriminals to find, exploit, and validate system vulnerabilities. The framework consists of various exploitation tools and penetration testing tools. Information security teams most commonly use Metasploit for penetration testing (or “ethical hacking”) to identify and remediate any existing vulnerabilities across an organization’s networks.

There are almost 165,000 known CVEs (Common Vulnerabilities and Exposures) listed in the NIST Database. In October of 2020, the NSA published a list of the 25 CVEs most likely to be exploited by Nation-State attackers in China; Checkpoint software found over 3 million attempts to penetrate networks or steal files using these known vulnerabilities.

Netlogon Service is a Microsoft Windows Server process used to validate or authenticate users and devices in a domain. It is used to confirm the user’s identity on any particular network that the user is trying to access. Netlogon is a process, not an application, therefore it is continuously running in the background. It can be stopped either manually or by some runtime error.

In Q1 of 2021, 4 in 10 people encountered an unsafe link while using their mobile devices – less than a year later, 5 in 10 people encountered threats in Q3 2021. This trend will only continue as text message, email and social media phishing scams surge.