Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

This year's resolution: remove nosey apps from your device

Some apps are plain greedy—like a stranger you invite for a meal who insists on ordering everything expensive on the menu. Except instead of a rib eye, pasta, and chocolate soufflé, it’s your data they’re collecting. Here’s what you can do to set some boundaries and reclaim your privacy in 2025.

How (and Why) Cyber Attacks are Exploiting the Supply Chain

Your business is a link in one or more supply chains. Your business depends on those who supply to you, and in turn those you supply to (and their customers and their customers’ customers) depend on you. Any disruption at any point affects the flow of goods, services, and information affecting others in the supply chain. It’s important that we understand the risk in our supply chain and the potential risk we pose to our customers, especially cyber-related risk. Why?

Emerging Threat: Apache Struts CVE-2024-53677

CVE-2024-53677 is a critical (9.5) remote code execution (RCE) vulnerability affecting Apache Struts, an open-source framework for building Java-based web apps. This vulnerability affects the framework’s file upload logic, allowing attackers to enable paths traversal and perform remote code execution using malicious files.

Cooking up a year of faster, smarter, and tastier security

If there’s one thing I love more than delivering great products, it’s delivering great food. The holidays are my time to channel my inner celebrity chef: I’ll burn a few cookies, over-spice a roast, and then miraculously pull it all together for a meal that leaves everyone asking for seconds (or at least not asking for the takeout menu).

Nailing a Security Compliance Audit with Teleport with George Chamales & Jason Shropshire

Join Jason Shire (COO of Infusion Points) and George Tal (Secure Systems Architect) as they share valuable insights on implementing security compliance with Teleport. Learn why traditional DIY approaches to compliance often fall short and how Teleport can streamline your compliance journey, from FedRAMP to SOC 2. This talk covers practical solutions for common compliance challenges, including access controls, audit logging, session management, and FIPS requirements. Perfect for security professionals, compliance officers, and engineering teams looking to simplify their compliance implementations.

Key Teleport Connect 2024 Takeaways & Closing Remarks with Ev Kontsevoy

Join Teleport's closing keynote for powerful insights on the evolving landscape of cybersecurity. Learn why identity attacks have become the predominant threat, how increasing technological complexity impacts human capabilities, and why unification of identity management is crucial for modern security. This talk explores the human element of security, the importance of breaking down silos, and the critical role security professionals play in driving organizational change. Perfect for security leaders, IT professionals, and anyone interested in understanding the future of infrastructure security.

Securing Infrastructure in the Age of Identity Attacks with Ev Kontsevoy

Learn why identity-based attacks are now more common than malware attacks and discover practical strategies to secure your computing infrastructure. The talk covers the economics of cybersecurity, the impact of complexity on human error, and proven approaches to reduce your attack surface. With real data from industry surveys, learn how leading organizations are successfully preventing identity attacks through passwordless authentication, cryptographic identities, and infrastructure simplification.

Hardening Infrastructure Security Against SSO Identity Provider Compromise w/ Francesco Lacerenza

Francesco Arena, Senior Security Engineer at doyensec, as he dives deep into protecting your infrastructure against SSO identity provider compromises. Learn how to implement robust security measures in Teleport clusters, understand attack scenarios, and discover practical hardening strategies. This talk covers essential topics like MFA implementation, device trust features, and effective detection & response mechanisms. Perfect for security professionals and infrastructure engineers looking to strengthen their security posture against identity-based attacks.

Secure by Design: A Commitment to Robust Cybersecurity

In an age where cyber threats are increasingly sophisticated and prevalent, organizations must prioritize integrating security into the very core of their technology. Security can no longer be an afterthought or a box to check; it needs to be part of the design and development process from the start.