Security

What You Should Know About Ransomware in 2019

Mar 25, 2019 By Veriato In Veriato

It’s estimated that Ransomware costs will climb to roughly $11.5 billion in 2019, according to CSO Online. The frequency of attacks continues to increase as well. According to a report on Ransomware, these attacks occurred once every 120 seconds in early 2016. By 2017 this spiked to an attack occurring every 40 seconds. In 2019, the frequency is expected to grow to an attack happening every 14 seconds.

Read Post

Veriato

Read more about What You Should Know About Ransomware in 2019

Container compliance for Docker and Kubernetes

Mar 22, 2019 By Sysdig In Sysdig

Container compliance for Docker and Kubernetes is an essential part of enterprise security. It’s important for your environments, no matter where they reside, to remain compliant with industry regulation and/or company security policy.

View Video

Sysdig

Read more about Container compliance for Docker and Kubernetes

Detecting and preventing cgroups escape via SCTP - CVE-2019-3874

Mar 22, 2019 By Harry Perks In Sysdig

This week CVE-2019-3874 was discovered which details a flaw in the Linux kernel where an attacker can circumvent cgroup memory isolation using the SCTP socket buffer. In containerised environments, this has the potential for a container running as root to create a DoS.

Read Post

Sysdig

Read more about Detecting and preventing cgroups escape via SCTP - CVE-2019-3874

Weekly Cyber Security News 22/03/2019

Mar 22, 2019 By Kevin In ionCube24

A selection of this week’s more interesting vulnerability disclosures and cyber security news. A news busy week this has been, from a catastrophic malware hit against an global manufacturer to startling breaches from the usual players. Which to pick out then? OK, a wonderful article by Krebs that caught my attention today.

Read Post

ionCube24

Read more about Weekly Cyber Security News 22/03/2019

Defending Against Malicious and Accidental Insiders - ISMG Interview At RSA Conference 2019

Mar 22, 2019 By Veriato In Veriato

Malicious and accidental insiders alike have drawn renewed attention to the Insider Threat. Patrick Knight of Veriato offers new insight on the scale of the problem and how to tackle it.

View Video

Veriato

Read more about Defending Against Malicious and Accidental Insiders - ISMG Interview At RSA Conference 2019

Proof of Concept: CVE-2017-9791 Apache Struts OGNL Expression Injection

Mar 21, 2019 By Detectify In Detectify

Object-Graph Navigation Language (OGNL) is an expression language for handling Java objects. When an OGNL expression injection vulnerability is present, it is possible for the attacker to inject OGNL expressions. Many critical Apache Struts CVEs are the result of GNL expression injection. Watch our short attack demo video where we explain Apache Struts OGNL expression injection and how it works.

View Video

Detectify

Read more about Proof of Concept: CVE-2017-9791 Apache Struts OGNL Expression Injection

Apache Struts Vulnerabilities

Mar 21, 2019 By Detectify In Detectify

Apache Struts is a well-known development framework for Java-based web applications that is mostly used in enterprise environments. If you search for Apache Struts CVEs on MITRE, you currently get 77 results, and most of the critical ones are due to OGNL expression injection, which is very similar to SSTI (Server Side Template Injection) attacks. In this article we will go through the security history of Apache Struts, common Apache Struts security issues and the impact of these vulnerabilities.

Read Post

Detectify

Read more about Apache Struts Vulnerabilities

When Is a Data Breach a Data Breach?

Mar 21, 2019 By Tripwire Guest Authors In Tripwire

A data breach remains a common headline in the news cycle. A different company, website or social network reports a security issue almost daily. If it feels like using the internet has become a risky endeavor, the feeling is accurate. But what exactly classifies an event as a data breach? The world wide web is littered with different security gaps and vulnerabilities. But that doesn’t mean they have been exposed or attacked yet.

Read Post

Tripwire

Read more about When Is a Data Breach a Data Breach?

Five ways AI is being used in the cybersecurity industry

Mar 21, 2019 By Veriato In Veriato

At a point in time, smart devices and robotics were common elements in the storyline of futuristic fictional novels. Today, those concepts are the modern norm across the technology industry. Similarly, in cybersecurity, pioneering professionals held on to seemingly far-fetched dreams where logs were easy to analyze, and false positives didn’t exist. While these challenges still exist, artificial intelligence (AI) is making these once far-fetched dreams the new norm in the security industry.

Read Post

Veriato

Read more about Five ways AI is being used in the cybersecurity industry

Devo for The Modern SOC

Mar 20, 2019 By Devo In Devo

SecOps professionals must draw insight from both traditional security data and business data to effectively secure the enterprise. With Devo, you can enable your analysts with the visibility, speed, and practitioner-led workflows they need.

View Video

Devo

Read more about Devo for The Modern SOC

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

What You Should Know About Ransomware in 2019

Container compliance for Docker and Kubernetes

Detecting and preventing cgroups escape via SCTP - CVE-2019-3874

Weekly Cyber Security News 22/03/2019

Defending Against Malicious and Accidental Insiders - ISMG Interview At RSA Conference 2019

Proof of Concept: CVE-2017-9791 Apache Struts OGNL Expression Injection

Apache Struts Vulnerabilities

When Is a Data Breach a Data Breach?

Five ways AI is being used in the cybersecurity industry

Devo for The Modern SOC

Monthly Archive

Follow Us