Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

Live Hacking: Find Vulnerabilities in Your Apps Before Hackers Do

Dec 20, 2021 By Snyk In Snyk
As cloud-native technologies disrupt the Application Security (AppSec) market, forward-thinking enterprises are shifting their security to the left. A range of cutting-edge security platforms is now available, empowering developers to build secure applications within the development process. But what do secure applications look like, and why does it matter? Why are enterprises implementing security during the deployment phase?
View Video

The CrowdStrike Falcon OverWatch SEARCH Threat Hunting Methodology

Dec 20, 2021 By CrowdStrike In CrowdStrike
The CrowdStrike®️ Falcon OverWatch™️ team is one of the industry’s most sophisticated threat hunting teams, responsible for continuous hunting across a massive global data set. Key to the team’s success is OverWatch’s carefully tuned methodology, SEARCH, which supplies the framework needed to balance the people, process, and technology, providing successful threat hunting results every minute of every day and leaving the adversary nowhere to hide.
View Video
CrowdStrike

CrowdXDR Alliance Expands to Help Security Teams Identify and Hunt Threats Faster

Dec 20, 2021 By Anne Aarness In CrowdStrike

CrowdStrike is proud to announce that Armis, Cloudflare and ThreatWarrior have joined the open CrowdXDR Alliance. The addition of these industry leaders enhances XDR with telemetry from cloud, network and Internet of Things (IoT) solutions.This best-of-platform approach to XDR will help solve real-world productivity challenges that security teams face by empowering them to identify and hunt threats at accelerated speed and scale.

Read Post
Snyk

Snyk makes it easier to fix Log4Shell with extended free scans

Dec 20, 2021 By Simon Maple In Snyk

Due to the recently discovered Log4Shell vulnerability, and to support the tremendous effort being mounted by the community to address it, we are happy to announce that we are increasing the free test limit in Snyk Open Source! This means that any developer, no matter the company or project, can now use Snyk Open Source to find and fix Log4Shell with double the number of free tests, whether it’s within your IDE, your Git repositories, CI environments, or using the Snyk CLI.

Read Post

Using Arctic Wolf's Open Source Log4Shell Detection Script

Dec 20, 2021 By Arctic Wolf In Arctic Wolf
After successful deployment to Arctic Wolf’s customer community of more than 2,300 organizations worldwide, Arctic Wolf’s Log4Shell Deep Scan is now publicly available on GitHub. Log4Shell Deep Scan enables detection of both CVE-2021-45046 and CVE-2021-44228 within nested JAR files, as well as WAR and EAR files.
View Video

Advanced Custom Fields

Dec 20, 2021 By Netskope In Netskope
Advanced concepts in custom measures. Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, Netskope is fast everywhere, data-centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.
View Video
netskope

Security Service Edge (SSE) Considerations for the Future of Work

Dec 20, 2021 By Tom Clare In Netskope

As we all learn how to practically apply the emerging technology of Secure Service Edge (SSE), here is a significant SSE use case—perhaps the most significant, at least in our immediate future. Looking ahead to 2022, many businesses will no doubt have return-to-office plans at the front of their minds. But coming back to the office brings its own unexpected risks that security leaders need to be ready for.

Read Post
netskope

CVE-2021-45105: New DoS Vulnerability Found in Apache Log4j

Dec 20, 2021 By Gustavo Palazolo In Netskope

Just a few days after CVE-2021-45046 was released and fixed, a third zero-day vulnerability was discovered in Apache Log4j, tracked as CVE-2021-45105. The bug was reported on December 15, 2021, and disclosed on December 18, 2021. This third vulnerability has received a CVSS score of 7.5 out of 10, whereas the first one known as Log4Shell (CVE-2021-44228) received the maximum CVSS score of 10 due to its criticality.

Read Post
teleport

Passwordless Remote Access to Windows Servers and Desktops

Dec 20, 2021 By Sakshyam Shah In Teleport

During my time as a penetration tester, I’ve seen many IT teams storing server catalogs with respective IP addresses and passwords in a sharable Excel sheet. This is more so true in windows server infrastructure as many organizations resort to password-based auth for local and remote access. Of course, security-conscious organizations would use a password vault. But in any case, password storage in any form is often an Achilles heel in infrastructure security.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.