Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

AWS CIS: Manage cloud security posture on AWS infrastructure

Implementing the AWS Foundations CIS Benchmarks will help you improve your cloud security posture in your AWS infrastructure. What entry points can attackers use to compromise your cloud infrastructure? Do all your users have multi-factor authentication setup? Are they using it? Are you providing more permissions that needed? Those are some questions this benchmark will help you answer. Keep reading for an overview on AWS CIS Benchmarks and tips to implement it.

Unified threat detection for AWS cloud and containers

Implementing effective threat detection for AWS requires visibility into all of your cloud services and containers. An application is composed of a number of elements: hosts, virtual machines, containers, clusters, stored information, and input/output data streams. When you add configuration and user management to the mix, it’s clear that there is a lot to secure!

Preventing Recent Microsoft Exchange Vulnerabilities and Similar Attacks Using Netskope Private Access

On March 2, Microsoft released patches to address four zero-day vulnerabilities in Microsoft Exchange Server software. Those vulnerabilities, known collectively as ProxyLogon, affect on-premises Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. (Exchange Online, which is part of Microsoft 365, has not been affected.)

Manufacturing Has the Lowest Percentage of High-Severity Flaws but Needs to Improve Time to Remediation

The past 12 months have been especially challenging for the manufacturing industry. The pandemic affected in-person manufacturing jobs as well as supply and demand, causing many manufacturing companies to shut their doors or lay off valuable employees. Recognizing the vulnerable state of manufacturing companies, cybercriminals saw manufacturing as an easy target. In fact, the manufacturing industry saw an 11 percent increase in cyberattacks in 2020.

Survey: 99% of Security Pros Struggling to Secure Their IoT & IIoT Devices

Organizations are increasingly introducing new Internet of Things (IoT) devices into their environments. According to Statista, the aggregate number of IoT devices deployed by organizations globally increased from 7.74 billion in 2019 to around 8.74 billion a year later. The market and consumer data firm reported that the next few years will see growth in all types of IoT devices, including Industrial Internet of Things (IIoT) offerings like smart monitors.

SAST, DAST, SCA: What's best for application security testing?

With a 43% rise in data breaches tied to web application vulnerabilities according to Verizon, enterprise security teams are looking more closely at how security controls can be integrated to DevOps without impacting productivity. But with so many automated security testing tools (SAST, DAST, SCA) on the market, it’s important to understand the difference and when to use them to ensure robust Application Security.

Using Devo to Stop Black Kingdom ProxyLogon Exploit

Black Kingdom is targeting Exchange servers that remain unpatched against the ProxyLogon vulnerabilities disclosed by Microsoft earlier this month. It strikes the on-premises versions of Microsoft Exchange Server, abusing the remote code execution (RCE) vulnerability also known as ProxyLogon (CVE-2021-27065[2]).

How to Overcome the Challenges of Securing a Fully Remote Workforce

One of the most significant changes to come out of the COVID-19 pandemic is the shift to remote work. By late 2020, 58% of U.S. employees worked at home at least some of the time, and this trend will likely continue. While a remote workforce can bring several productivity and morale benefits, it also creates some security challenges such as cyber threats. Most companies’ cyber defenses are designed to handle a single, centralized network in one location with standardized devices.

Synopsys CyRC named a CVE Numbering Authority

As a CVE Numbering Authority, Synopsys can assign CVE ID numbers and publish newly discovered vulnerabilities. The Synopsys Software Integrity Group has been helping organizations find and fix vulnerabilities in their software for nearly a decade. And now it will be able to help them and the broader software industry even more.

What is a Compliance Risk Assessment?

As global regulations for data privacy and cybersecurity continue to proliferate, the pressure for organizations to manage compliance risk grows. To meet the demand for greater compliance risk management and value for corporate stakeholders, compliance professionals must be sure they have a thorough understanding of their compliance obligations and potential vulnerabilities.