CyRC analysis: Authentication bypass vulnerability in Bouncy Castle
CVE-2020-28052 is an authentication bypass vulnerability discovered in Bouncy Castle’s OpenBSDBcrypt class. It allows attackers to bypass password checks.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
%term
Smoothing the Bumps of Onboarding Threat Indicators into Splunk Enterprise Security
This blog is part two of Splunk's Sunburst Backdoor response aimed at providing additional guidance to our customers (you can read part one, "Using Splunk to Detect Sunburst Backdoor," by Ryan Kovar). In this blog, we’ll cover how to ingest threat indicators to combat Sunburst Backdoor in Splunk Enterprise Security (ES).
Top 5 Employee Monitoring Software For 2021
Employee Monitoring is the process of tracking employee activities such as app use, internet browsing, email communications, file transfers etc. An employee monitoring solution allows a business to keep an eye on its users so that they cannot put the organization in harm’s way intentionally or accidentally by leaking sensitive data, sabotage, fraud, theft or other miscreants.
ZenGRC Demonstrates Industry Leadership with 15 Consecutive Quarters of Recognition on G2 Winter 2020 Grid Report for GRC Platforms
SAN FRANCISCO – December 16, 2020 – Reciprocity, the company behind ZenGRC, the industry-leading information security risk and compliance solution, today announced ZenGRC has earned two badges on the G2 Winter 2020 Grid Report. This marks the 15th consecutive quarter ZenGRC has been recognized by G2 in its quarterly report. G2 is a peer-to-peer business solutions review website, leveraging customer feedback to rank the best business software and services.
Contact Form 7 (5.3.1 & below) Vulnerable To Unrestricted File Upload
Before you start reading the description, please log in to your WordPress Admin panel & update all the plugins. Contact Form 7 version 5.3.1 and below were found to be vulnerable to unrestricted file upload vulnerability. This issue has been reported by security researchers at Astra Security. By exploiting this vulnerability, attackers could simply upload files of any type, bypassing all restrictions placed regarding the allowed uploadable file types on a website.
Integrate Datadog Compliance Monitoring with your AWS Well-Architected workloads
Many of our customers rely on the Amazon Web Services (AWS) Well-Architected Framework as a guide to build safe, secure, and performant applications in the cloud. AWS offers the Well-Architected Review (WAR) Tool as a centralized way to track and trend adherence to Well-Architected best practices. It allows users to define workloads and answer a set of questions regarding operational excellence, security, reliability, performance efficiency, and cost optimization.
2021 Cybersecurity in healthcare
Breaches and cyberattacks are on the rise in the healthcare industry. The recent acceleration of digital technology and connectivity within Healthcare has led to significant patient care delivery improvements, more effective population health management, and better patient outcomes. With this increased technology and connectivity, however, comes increased exposure to cyberattacks that can impact patient care delivery, safety, and privacy.
Wishes Do Come True: Fast Development, Secure Delivery
Organizations re-thinking their software delivery lifecycle are faced with a dilemma: how to speed up the pace of development necessary to surpass their competition, without sacrificing the security of the applications they’re delivering? CI/CD practices and tools have risen up to help meet this need, but fitting legacy applications and security tools into these modern pipelines exposes new gaps that risk slowing release velocity.
Introducing Teleport Cloud | Access Management SaaS | Servers - Clusters - Applications
Teleport Cloud allows you to secure access to your servers, Kubernetes clusters, and Web applications while leaving the operation of your Unified Access Plane to the experts at Teleport. You can still control access to your compute resources anywhere else in the cloud, plugin approval workflows, and use your choice of SSO identity provider. But now you can get your security deployed faster, and you have peace of mind knowing Teleport is continually patched, monitored, and maintained for you.
Recommendations for monitoring SolarWinds supply chain attack with Sumo Logic Cloud SIEM
The global security community recently learned of a supply chain attack against SolarWinds via their Orion® Platform. In this blog we are providing recommendations for Sumo Logic customers to gain a deeper understanding of how to utilize available Indicators of Compromise (IOCs) within our Cloud SIEM offerings to determine your exposure to the attack. Additionally, we’re sharing targeted search recommendations from our Sumo Logic Special Operations (or SpecOps) threat hunting team.