Security

Your Log4shell Remediation Cookbook Using the JFrog Platform

Dec 18, 2021 By Asaf Cohen In JFrog

Last week, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java (specifically, the 2.x branch called Log4j2). The vulnerability was originally discovered and reported to Apache by the Alibaba cloud security team on November 24th. MITRE assigned CVE-2021-44228 to this vulnerability, which has since been dubbed Log4Shell by security researchers.

Read Post

JFrog

Read more about Your Log4shell Remediation Cookbook Using the JFrog Platform

Webinar: Understanding Payment Gateway Related Vulnerabilities

Dec 18, 2021 By Appknox In Appknox

Join us in an exciting webinar by Appknox's CISO & Co-Founder, Subho Halder and Vaishali Nagori, Penetration Tester at Appknox on Payment Gateway Related Vulnerabilities. Know how Fortune 500 companies have created superior & secure payment gateways for their customers.

View Video

Appknox

Read more about Webinar: Understanding Payment Gateway Related Vulnerabilities

Five worthy reads: Congratulations! You have just been socially engineered

Dec 17, 2021 By ManageEngine In ManageEngine

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about social engineering, its types, its evolution, and how to avoid falling victim to a social engineering attack. Kevin David Mitnick is considered one of the most famous social engineers among the IT community. Kevin is now a top cybersecurity speaker and a best-selling author.

Read Post

ManageEngine

Read more about Five worthy reads: Congratulations! You have just been socially engineered

CrowdStrike APAC Named Frost & Sullivan Endpoint Security Industry Company of the Year and was also recognized as a Customers' Choice by Gartner

Dec 17, 2021 By CrowdStrike In CrowdStrike

As today's adversaries become more sophisticated, only CrowdStrike provides full, automated protection across endpoints, cloud workloads, identity and data without impacting performance and end-user productivity.

Read Post

CrowdStrike

Read more about CrowdStrike APAC Named Frost & Sullivan Endpoint Security Industry Company of the Year and was also recognized as a Customers' Choice by Gartner

What is supplier due diligence?

Dec 17, 2021 By Rebecca Bada In Bulletproof

Supplier due diligence is an action taken by an organisation to identify and understand the credibility and suitability of a prospective partner or vendor. Conducting supplier due diligence can help guide decision-making when choosing the right vendor, detect risks with potential suppliers and protect customer data in the process. It's also considered good business practice and can help mitigate future financial and reputational damage caused by a data breach.

Read Post

Bulletproof

Read more about What is supplier due diligence?

Has the pandemic increased the burnout rate in the Cybersecurity profession?

Dec 17, 2021 By Bob Covello In AT&T Cybersecurity

In the last 18 months, many people have learned a lot about themselves. The solitude of lockdowns, isolation, remote work, and seemingly endless video meetings have taxed everyone’s mental health. One would think that cybersecurity would have been unaffected by these shifts in working environments and habits. After all, many of us are introverted by nature, which is one of the reasons often cited as why we gravitated towards technology as our chosen path.

Read Post

AT&T Cybersecurity

Read more about Has the pandemic increased the burnout rate in the Cybersecurity profession?

DevSecOps and Data Engineering

Dec 17, 2021 By Snyk In Snyk

As security is adopted more in the shift left devsecops approach it brings with it a re-examining of the full SDLC. This is increasingly important not only as part of security policies and app handling but also ensuring the protection of infrastructure, data and end user app experiences. In this Snyk Live episode we are joined by Saman Fatima, sharing experiences around security practices and approach. Looking at DevSecOps practices like IAM and how security can apply to data engineering.

View Video

Snyk

Read more about DevSecOps and Data Engineering

Hangin' with Haig: Conversations Beyond the Keyboard with Guest cyber threat hunter, Jessica O'Bryan

Dec 17, 2021 By ThreatQuotient In ThreatQuotient

ThreatQuotient's Director of Alliances, Haig Colter, assumes the role of host in our series Hangin’ with Haig: Conversations Beyond the Keyboard. In our upcoming episode, we welcome Jessica O’Bryan, Cyber Threat Intelligence & Threat Hunt Development Lead for the Cyber Security Operations Center (CSOC) at Viasat. Haig will dive into Jessica’s journey in the cybersecurity industry and her love for rock climbing and surfing. In order to follow her passion for the outdoors and sports, Jessica has traveled throughout the west coast in a camper. Join us and listen in on Jessica's incredible adventures.

View Video

ThreatQuotient

Read more about Hangin' with Haig: Conversations Beyond the Keyboard with Guest cyber threat hunter, Jessica O'Bryan

SecurityScorecard Finds Log4j Active Exploitation from Nation State Actors

Dec 17, 2021 By SecurityScorecard In SecurityScorecard

There's little question that you've already heard about the recently discovered security flaw related to Log4j, a widely used Java library for logging error messages in applications. The vulnerability enables a threat actor to remotely execute commands via remote code execution (RCE) on nearly any machine using Log4j. But it's also important to cut through all of the noise to truly understand the implications of the Log4j and what organizations can do to combat it.

Read Post