Synopsys is proud to announce that Seeker® IAST won the CybersecAsia 2020 award for Best Cloud and Web Application Security. This award underscores Seeker’s position as an industry leader in functionality and capability, offering best-in-class detection, tracking, and monitoring of sensitive data leakages for today’s modern and complex web, mobile, and cloud-based applications.

It has been an interesting few months for all of us, and perhaps the only ones to have really benefited are the bad guys. With people on the edge for the latest news, and for those countries where governments have quickly setup public health alerting often quickly with little opssec planning, the doors are open for many opportunities for crooks to cash in – and they have. Needless to say, if you are here, then you probably already know the value of checking before acting right?

While auditing the Kubernetes source code, I recently discovered an issue (CVE-2020-8563) in Kubernetes that may cause sensitive data leakage. You would be affected by CVE-2020-8563 if you created a Kubernetes cluster over vSphere, and enabled vSphere as a cloud provider with logging level set to 4 or above. In that case, your vSphere user credentials will be leaked in the cloud-controller-manager‘s log.

A critical Active Directory vulnerability (CVE-2020-1472) has been making headlines for being the most notorious elevation of privilege bug because it can affect all computers and domain controllers in an organization. This high-risk vulnerability, dubbed Zerologon, gives threat actors easy, instant access to domain controllers without requiring any additional privileges. This attack does not even require a user to be authenticated; the user just needs to be connected to the internal network.

Security log management is the process of collecting, storing, and correlating the network data that details all activity in your systems and networks. Every action in an organization’s network generates event data, including records produced by operating systems, applications, devices, and users. The Center for Internet Security (CIS) identifies log management as a basic control for detecting malicious actors and software hiding in networks and on machines.

American bookselling giant Barnes & Noble is contacting customers via email, warning them that its network was breached by hackers, and that sensitive information about shoppers may have been accessed. In the email to customers, Barnes & Noble says that it became aware that it had fallen victim to a cybersecurity attack on Saturday October 10th.

As the number of known vulnerabilities continues to grow every year, software development and application security teams are increasingly relying on vulnerability detection tools throughout development. The result: teams are often overwhelmed with a steady stream of security alerts that must be addressed, and it’s becoming clear that it’s impossible to attempt to fix everything.

A lot of cybersecurity terminology can sound complex and esoteric. You may hear defensive security specialists, the people who work to secure computers and their networks, talk about threat models and threat modeling a lot. So what is threat modeling? It’s actually pretty simple, and it’s a concept that can not only be applied to computer security, but also to ordinary people in our everyday lives.

Egnyte is used by our customers as a unified platform to govern and secure billions of files everywhere. As the amount of data stored is huge, customers want to search their dataset by metadata attributes like name, user, comments, custom metadata, and many more, including the possibility to find files by content keywords. Taking all of that into consideration, we needed to provide a solution that is able to find relevant content in a fast and accurate way.

With an escalating cybersecurity threat risk that doesn’t appear to be slowing down, the Department of Defense (DoD) has taken proactive measures in creating the Cybersecurity Maturity Model Certification (CMMC). The CMMC will soon be a requirement for any defense contractors or other vendors that are, or wish to be, working with the DoD .