Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Weekly Cyber Security News 19/04/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. While not as main stream as Skype, Matrix has certainly gained a good following (one I’ve been personally watching for a few years myself). The announcement of a major breach via vulnerabilities in it’s Jenkins CI system do highlight that any door in will be taken and used to pivot into where the jewels really are.

The Importance of Threat Intelligence Feeds

Threat Intelligence Feeds, in fact, are an actionable threat data related to artifacts or indicators collected from any third-party vendors in order to learn from other company’s visibility and access to enhance your own cyber threat response and awareness. The example of these third-party vendors includes Kaspersky Threat Intelligence and Alient Vault OTX. Threat Intelligence Feeds concentrate on a single area of interest and they are delivered online.

How to Measure Internal Audit Performance

Ever-increasing cybersecurity threats have made data security a staple in all businesses that transmit, manage, or store sensitive data. However, many companies struggle with security when it is time to carry out IT audits. To determine the effectiveness of your risk management program, it is crucial to measure your organization's internal policies against the recommended industry standards and regulatory requirements.

What information does Detectify provide for PCI Compliance Requirement 6?

The Payment Card Industry Data Security Standard (PCI DSS) program provides an information security compliance benchmark for companies that are handling, processing and storing cardholder data online. Software development and vulnerability management are covered in the PCI DSS compliance requirements as this concerns products and applications created to handle cardholder data.

Detectify security updates for 18 April

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

Why RBAC is not Enough for Kubernetes Security

Kubernetes isn’t (just) fun and games anymore. It’s being rolled out for production; it’s mission-critical; and all the security and compliance rules and regulations of the old world need to somehow be retrofitted onto Kubernetes. Unfortunately, the old tools for access control like RBAC simply aren’t up to the challenge.

Best Practices with AWS GuardDuty for Security and Compliance

Cloud networks are popular targets for cybercriminals and organizations will inevitably face them. If you’ve ever administered a network of any type, you know that DDoS (distributed denial of service) attack attempts are really frequent, and there’s loads of malware out there too.

Devo recognized in new Intelligent Application & Service Monitoring report

Forrester Research has released The Forrester Wave™: Intelligent Application & Service Monitoring, Q2 2019 report and I am excited to share that Devo has been identified as a Strong Performer. Devo’s recognition as a Strong Performer is, in our opinion, a great validation of our data-first approach.

Workflow Automation For Compliance

The time-consuming, administratively burdensome compliance process is riddled with potential human errors that can lead to violations. As securing data increasingly relies on proving controls’ effectiveness, the compliance becomes more stressful for everyone in the organization. However, building compliance workflow can streamline the process leading to a more cost effect and auditable outcome.

Siegeware and BAS attacks, an emerging threat

As technological solutions to cybercrime become increasingly advanced, able to preempt attacks and weed out vulnerabilities before they’re widely known, attackers also become more adept at cloaking their presence and concealing their intent. The targets of attacks also change with the times.