Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

teleport

SCP - Familiar, Simple, Insecure, and Slow

Jun 18, 2020 By Andrew Lytvynov In Teleport

SCP? It’s that handy file-transfer feature of SSH, right? Well, not quite. It’s more of a hack. Or an undocumented, unstandardized mashup of two protocols. Let’s look at the exciting (and scary) details. Secure Copy Protocol (SCP) allows us to move files (and directories) between two computers. Using it is straightforward: This will copy local_file.txt to another computer (usually a server) with domain name remote_host into the /home directory.

Read Post

Monitoring A Hybrid Workforce, The New Norm

Jun 18, 2020 By Veriato In Veriato
Before Covid-19, there were many reasons why employees worked remotely. For some, it was about removing distractions, and for others, it was about maintaining a healthy work-life balance. But as the world starts to reopen, companies now need to decide whether they continue to allow employees to work remotely or not. According to SHRM, 50% of companies recently surveyed, intend to keep offering a hybrid work arrangement, which means that organizations will need to find ways to monitor and manage employees while they’re in the office or at home. The benefits and challenges of a hybrid workforce Gauging employee productivity and engagement using technology How remote monitoring tools can provide metrics for companies of all sizes
View Video

On-Demand Webinar: Extending Your Fortigate Next-Gen Firewall to Kubernetes

Jun 18, 2020 By Tigera In Tigera
Companies are leveraging the power of Kubernetes to accelerate the delivery of resilient and scalable applications to meet the pace of business. These applications are highly dynamic, making it operationally challenging to securely connect to databases or other resources protected behind firewalls. Tigera and Fortinet have joined forces to solve this operational challenge. With the combination of FortiGate Next-Gen firewalls and Calico Enterprise, you gain full visibility into the container environment and can define fine-grained policies to determine which Kubernetes workloads are allowed to talk to the enterprise’s crown jewels running outside the Kubernetes cluster.
View Video
tripwire

Amazon Web Services Mitigated a 2.3 Tbps DDoS Attack

Jun 18, 2020 By David Bisson In Tripwire

Amazon Web Services (AWS) said that it mitigated a distributed denial-of-service (DDoS) attack with a volume of 2.3 Tbps. In its “Threat Landscape Report – Q1 2020,” AWS Shield revealed that its team members had spent several days responding to this particular network volumetric DDoS attack. In Q1 2020, a known UDP reflection vector, CLDAP reflection, was observed with a previously unseen volume of 2.3 Tbps.

Read Post
tripwire

Copied master key forces South African bank to replace 12 million cards

Jun 18, 2020 By Graham Cluley In Tripwire

Fraudsters stole more than $3.2 million from the banking division of South Africa’s post office, after – in a catastrophic breach of security – employees printed out the bank’s master key. According to South African media reports, the security breach occurred in December 2018 when a copy of Postbank’s digital master key was printed out at a data center in Pretoria.

Read Post
riskoptics

How to Adjust Business Continuity Plans for COVID-19

Jun 18, 2020 By Sherry Jones In RiskOptics

Your business continuity planning (BCP) and disaster recovery (DR) and response plans may not suffice for the COVID-19 pandemic—or for any pandemic. Let’s face it: Many organizations found themselves woefully unprepared to deal with the effects of the novel coronavirus’s rapid, devastating spread. Many are still struggling.

Read Post
detectify

Detectify security updates for 17 June

Jun 17, 2020 By Detectify In Detectify

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

Read Post

Veracode Security Labs: Hands-On Training To Shift Application Security Knowledge Left - Demo

Jun 17, 2020 By Veracode In Veracode
Veracode Security Labs shifts application security knowledge left, training developers to tackle modern threats in the evolving cybersecurity landscape by exploiting and patching real code, and applying DevSecOps principles to deliver secure code on time. Through hands-on labs that use modern web apps written in your chosen languages, developers learn the skills and strategies that are directly applicable to an organization's code. With detailed progress reporting, email assignments, and a leaderboard, developers are encouraged to continuously level up their secure coding skills. When development is empowered to fix security defects and reduce risk, security teams are better supported to scale AppSec programs, meet compliance requirements, and achieve business outcomes.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.