Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Separating Hype from Reality in HRM

Human risk management (HRM) has become a more established category in recent years. This development signals a crucial shift towards enabling security teams to accurately quantify and manage workplace risks. With the rise of HRM, a variety of new technologies have also emerged on the market. However, how do you navigate the sea of buzzwords and shiny promises to pick the solution that's right for you?

Managed security service provider (MSSP): Everything you need to know

The security and compliance landscape is ever-evolving, meaning the demands organizations need to meet today can change rapidly. While most IT teams have defined processes to handle these requirements, they may not have the capacity to address all the tasks necessary to maintain the organization’s security posture. ‍ If your organization has encountered a similar situation before, appointing a managed security service provider (MSSP) can be a solution.

Sysdig 2024 Global Threat Report

We know that cloud attacks happen very quickly. Our 2024 global threat year-in-review, the third annual threat report from the Sysdig Threat Research Team (TRT), revisits the team’s hottest findings from the last 12 months and explores how they relate to the broader cyber threat landscape. This year’s report also includes informed predictions about 2025’s security outlook and potential trends.

Alternative to Apple Cloud Storage: Finding the Best Option for Privacy

Last year, Apple sold 234.6 million iPhones, knocking Samsung off the top spot as the most-sold mobile device since 2010. Each Apple device sold has a default Apple cloud storage plan, iCloud, which offers 5GB of free storage as standard for iPhones, iPads, Macbooks, and iMacs. As Apple's default cloud storage, many may wonder if it is right for them based on needs such as file sharing, backups, accessibility, storage size, security, and privacy.

Update: Broadcom Releases Fix for Incomplete Patch of Critical RCE Vulnerability in VMware vCenter Server and Cloud Foundation (CVE-2024-38812)

On October 21, 2024, Broadcom released updated fixes for the critical Remote Code Execution (RCE) vulnerability CVE-2024-38812 in vCenter Server and Cloud Foundation, as the initial patch from September did not fully resolve the issue. This vulnerability is a heap-overflow flaw in the implementation of the DCERPC protocol that a remote attacker can use to send specially crafted network packets to vCenter Server, potentially leading to RCE.

Web Application Security for DevOps: Site and Origin Dynamics and Cross-Site Request Forgery

This is a continuation of the series on web application security. If you haven't already read through part 1, this is a good time to go back. If not, let's move on and answer the question left hanging during our last installment: how do browsers know which site set the cookies in the first place? And what constitutes the same site?

Attributes and Types of Security Testing

Security testing aims to find vulnerabilities and security weaknesses in the software/ application. By subjecting the software or application to controlled security scenarios, cyber security testing ensures that the system is adequately prepared to withstand attacks and unforeseen failures. Security experts and testers use different types of security testing to identify potential threats, measure the probability of exploitation of vulnerabilities, and gauge the overall risks facing the software/ app.