Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

Snyk

Detect and prevent dependency confusion attacks on npm to maintain supply chain security

Sep 13, 2021 By Liran Tal In Snyk

On February 9, 2021, Alex Birsan disclosed his aptly named security research, dependency confusion. In his disclosure, he describes how a novel supply chain attack that exploits misconfiguration by developers, as well as design flaws of numerous package managers in the open source language-based software ecosystems, allowed him to gain access and exfiltrate data from companies such as Yelp, Tesla, Apple, Microsoft, and others.

Read Post
detectify

How ethical hacker Frans Rosén deleted your Apple Shortcuts via CloudKit

Sep 13, 2021 By Detectify In Detectify

SHORT SUMMARY: STOCKHOLM, SWEDEN – In February 2021, Detectify co-founder and Crowdsource hacker Frans Rosén was looking for security bugs in Apple services. Noticing that many of Apple’s own apps store their data in public databases on Apple’s data storage framework CloudKit, Frans was curious to know if any specific apps’ data could be modified with access to the public CloudKit containers in which their data was stored. Long story short, they could.

Read Post

DevSecOps Road Trip UK stop - Andrew Martin & Lili Kastilio

Sep 13, 2021 By Snyk In Snyk
Session 1: Threat Modelling Kubernetes Cloud native container and Kubernetes systems bring new threats and risks to our precious workloads. As cloud technologies undergo rapid innovation and new tools and techniques emerge, security can get left behind. The answer to this conveyor-belt of potential insecurity? Threat modelling!
View Video

Aligning Legal and Information Security - State of Incident Response 2021

Sep 13, 2021 By Kroll In Kroll
The State of Incident Response 2021 surveyed 400 information security and 100 legal and compliance leaders from companies with over $500M in annual revenue, identifying a lack of clarity from information security professionals about when and how to engage legal as part of an incident response. The survey also identified challenges with digital evidence preservation, breach notification readiness, a proper communication process.
View Video

Incident Response Automation Challenges - State of Incident Response 2021

Sep 13, 2021 By Kroll In Kroll
With the volume and sophistication of cyber threats growing, we asked 400 information security and 100 legal and compliance leaders from companies with over $500M in annual revenue how their organizations are planning to deal with incident response. Nearly all teams plan on automating more of their IR process, but nearly half face headwinds like lack of in-house expertise, lack of proper technology, and lack of bandwidth.
View Video

Cybersecurity Budgets Increasing, But Internal Challenges Remain - State of Incident Response 2021

Sep 13, 2021 By Kroll In Kroll
We surveyed 400 information security and 100 legal and compliance leaders from companies with over $500M in annual revenue and more than half reported increased cybersecurity budgets for next year and that their executive leadership is more aware of cyber threats. However, over 40% report internal obstacles with the adoption of security processes, lack of organization-wide support, and a "bare minimum" approach to security.
View Video

The Role of Managed Detection and Response - State of Incident Response 2021

Sep 13, 2021 By Kroll In Kroll
Internal security teams are overwhelmed by cyber threats and finding seasoned incident response professionals is now harder and more expensive. The State of Incident Response 2021 surveyed 400 information security and 100 legal and compliance leaders from companies with over $500M in annual revenue to learn how managed detection and response vendors are incorporated into their security programs. Over 76% of organizations are relying on a third-party vendor to augment in-house capabilities, and their biggest benefit is delivering faster containment, response, and more automation capabilities.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.