Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Barak Engel Lightning Interview

Welcome to the third installment of Riscosity’s Lightning Interview Series In this episode, we sit down with Barak Engel, founder and CEO at EAmmune, and CISO at MuleSoft, Amplitude, StubHub, BetterUp, and Faire among others. Barak is also the author of Why CISOs Fail, The Security Hippie, and The Crack in the Crystal. Ever wonder how you pentest a novel? Tune in to find out.

API Security: 200 is Not Always Okay, and How to Cope with This

While a 200 OK status often signals success, its appearance can be deceiving, especially when it cloaks significant threats within API interactions. This session expands on the critical role of APIs as part of the broader attack surface essential for robust Threat Detection, Identification, and Response (TDIR) programs. We’ll explore intricate case studies where seemingly successful responses harbored risks that bypass traditional monitoring. Learn how to enhance your SIEM capabilities by effectively detecting anomalies in API traffic, ensuring that every layer of interaction is scrutinized—not just the surface.

From deals to DDoS: exploring Cyber Week 2024 Internet trends

In 2024, Thanksgiving (November 28), Black Friday (November 29), and Cyber Monday (December 2) significantly impacted Internet traffic, similar to trends seen in 2023 and previous years. This year, Thanksgiving in the US drove a 20% drop in daily traffic compared to the previous week, with a notable 33% dip at 15:45 ET. In contrast, Black Friday and Cyber Monday drove traffic spikes. But how global is this trend, and do attacks increase during Cyber Week?

PROXY.AM Powered by Socks5Systemz Botnet

A year ago, Bitsight TRACE published a blog post on Socks55Systemz,a proxy malware with minimal mentions in the threat intelligence community at the time. In that post, we correlated a Telegram user to the botnet operation and estimated its size at around 10,000 compromised systems. After a year-long investigation, we are shedding new light on these conclusions.

Protecting Your Business from Web Scraping as a Service

Since the early days of the World Wide Web, automated scripts known as bots have been crawling cyberspace, collecting data for various purposes. Initially, these bots were designed to be helpful, cataloging information much like search engines such as Google and Bing do today. However, the volume of automated requests has grown significantly. Today, bots account for a substantial portion of web traffic, costing businesses considerable resources to handle unwanted or malicious requests.

CVE-2024-42448: Veeam Discloses Critical RCE Vulnerability in Service Provider Console

On December 3, 2024, Veeam disclosed a critical vulnerability within the Veeam Service Provider Console (VSPC), tracked as CVE-2024-42448, which was discovered during internal testing. VSPC is a management tool designed for service providers to manage customer backups. The vulnerability allows a remote threat actor to perform Remote Code Execution (RCE) on the VSPC server machine from an authorized VSPC management agent machine.

New NIST Guidelines: Rethinking Passwords

The National Institute of Standards and Technology (NIST) issued a new perspective on password management policies, recognizing that many traditional practices used to ensure password security are no longer effective. The suggested practices to eliminate include not requiring periodic password changes, reducing restrictions on special characters, and discontinuing the use of security questions for account recovery.

5 Secrets of a SOC Leader Turned Field CISO

Torq is thrilled to have Patrick Orzechowski (also known as “PO”) on board as our new Field CISO, bringing his expertise and years of experience as a SOC leader to our customers. PO is a seasoned security veteran with a deep understanding of the modern security landscape. By way of introduction, below he shares his five top pieces of advice for SOC leaders facing today’s security challenges.

How to Hide & Disable default WP Login form? | WordPress SSO Security

Say Goodbye to Login Hassles with WordPress SSO! Tired of remembering multiple passwords on your WordPress site? With miniOrange's Hide and Disable WordPress Login feature, you can completely hide the default login form and implement a Single Sign-On WordPress option with your preferred Identity Provider. This game-changing solution not only simplifies access but also elevates your WordPress admin login security.