%term

Defending Against Malicious and Accidental Insiders - ISMG Interview At RSA Conference 2019

Mar 22, 2019 By Veriato In Veriato

Malicious and accidental insiders alike have drawn renewed attention to the Insider Threat. Patrick Knight of Veriato offers new insight on the scale of the problem and how to tackle it.

View Video

Veriato

Read more about Defending Against Malicious and Accidental Insiders - ISMG Interview At RSA Conference 2019

Proof of Concept: CVE-2017-9791 Apache Struts OGNL Expression Injection

Mar 21, 2019 By Detectify In Detectify

Object-Graph Navigation Language (OGNL) is an expression language for handling Java objects. When an OGNL expression injection vulnerability is present, it is possible for the attacker to inject OGNL expressions. Many critical Apache Struts CVEs are the result of GNL expression injection. Watch our short attack demo video where we explain Apache Struts OGNL expression injection and how it works.

View Video

Detectify

Read more about Proof of Concept: CVE-2017-9791 Apache Struts OGNL Expression Injection

Apache Struts Vulnerabilities

Mar 21, 2019 By Detectify In Detectify

Apache Struts is a well-known development framework for Java-based web applications that is mostly used in enterprise environments. If you search for Apache Struts CVEs on MITRE, you currently get 77 results, and most of the critical ones are due to OGNL expression injection, which is very similar to SSTI (Server Side Template Injection) attacks. In this article we will go through the security history of Apache Struts, common Apache Struts security issues and the impact of these vulnerabilities.

Read Post

Detectify

Read more about Apache Struts Vulnerabilities

When Is a Data Breach a Data Breach?

Mar 21, 2019 By Tripwire Guest Authors In Tripwire

A data breach remains a common headline in the news cycle. A different company, website or social network reports a security issue almost daily. If it feels like using the internet has become a risky endeavor, the feeling is accurate. But what exactly classifies an event as a data breach? The world wide web is littered with different security gaps and vulnerabilities. But that doesn’t mean they have been exposed or attacked yet.

Read Post

Tripwire

Read more about When Is a Data Breach a Data Breach?

Five ways AI is being used in the cybersecurity industry

Mar 21, 2019 By Veriato In Veriato

At a point in time, smart devices and robotics were common elements in the storyline of futuristic fictional novels. Today, those concepts are the modern norm across the technology industry. Similarly, in cybersecurity, pioneering professionals held on to seemingly far-fetched dreams where logs were easy to analyze, and false positives didn’t exist. While these challenges still exist, artificial intelligence (AI) is making these once far-fetched dreams the new norm in the security industry.

Read Post

Veriato

Read more about Five ways AI is being used in the cybersecurity industry

Devo for The Modern SOC

Mar 20, 2019 By Devo In Devo

SecOps professionals must draw insight from both traditional security data and business data to effectively secure the enterprise. With Devo, you can enable your analysts with the visibility, speed, and practitioner-led workflows they need.

View Video

Devo

Read more about Devo for The Modern SOC

Is the Private or Public Cloud Right for Your Business?

Mar 20, 2019 By Tripwire Guest Authors In Tripwire

It wasn’t a very long time ago when cloud computing was a niche field that only the most advanced organizations were dabbling with. Now the cloud is very much the mainstream, and it is rare to find a business that uses IT that doesn’t rely on it for a part of their infrastructure. But if you are going to add cloud services to your company, you will need to choose between the private cloud and the public cloud.

Read Post

Tripwire

Read more about Is the Private or Public Cloud Right for Your Business?

The Myth of a Single Container Security Solution

Mar 20, 2019 By Christopher Liljenstolpe In Tigera

A proper container security strategy involves evaluating all components in the system.

Read Post

Tigera

Read more about The Myth of a Single Container Security Solution

Big Data in Auditing and Analytics

Mar 20, 2019 By Karen Walsh In RiskOptics

As organizations seek to evolve their risk management strategies to drive stronger compliance programs, they increasingly seek to automate their compliance documentation. In cybersecurity, however, traditional data collection methods fail since cybercriminals continuously evolve their threat methodologies.

Read Post

RiskOptics

Read more about Big Data in Auditing and Analytics

The NIST cybersecurity framework (CSF) and what it can do for you

Mar 19, 2019 By Carisa Brockman In AT&T Cybersecurity

The NIST Cybersecurity Framework (CSF) has only been around for four years and while developed for critical infrastructure, resulting from Executive Order 13636, it has been widely adopted across both private and public sectors and organizational sizes. It is used inside of the US government, with 20 states using it (at last count).

Read Post

AT&T Cybersecurity

Read more about The NIST cybersecurity framework (CSF) and what it can do for you

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Defending Against Malicious and Accidental Insiders - ISMG Interview At RSA Conference 2019

Proof of Concept: CVE-2017-9791 Apache Struts OGNL Expression Injection

Apache Struts Vulnerabilities

When Is a Data Breach a Data Breach?

Five ways AI is being used in the cybersecurity industry

Devo for The Modern SOC

Is the Private or Public Cloud Right for Your Business?

The Myth of a Single Container Security Solution

Big Data in Auditing and Analytics

The NIST cybersecurity framework (CSF) and what it can do for you

Monthly Archive

Follow Us