Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Bots have been in the news a lot lately. Before committing to the Twitter takeover, Elon Musk cited huge bot numbers as a hurdle in completing the deal. Social media bots have also been blamed for interfering in elections and other political processes in recent years. Despite the current focus on bots, they’re not a new phenomenon. Bots have been around for decades — and some have caused serious damage to businesses around the world.

During the pandemic, approximately 60% of full-time and part-time employees in the U.S. worked remotely. Firms weren’t ready for their employees to work remotely, but many employers quickly realized the benefits of remote work. As remote work became more common, the number of cyber criminals increased drastically. IT professionals have never been more cautious with their work security.

On Tuesday, November 8, 2022, VMware disclosed three critical-severity vulnerabilities impacting VMware Workspace ONE Assist Server versions 21.x and 22.x. If successfully exploited, the reported vulnerabilities could lead to a threat actor obtaining administrative access to the application without the need to authenticate.

For far too long, the cybersecurity industry has subscribed to a flawed methodology — one that is based on the notion that organizations can avoid security threats through obscurity and secrecy. The assumption is that keeping security controls and processes covert makes products and data inherently more secure against cyber threats within the networks we defend. However, even the most sophisticated cybersecurity defenses are no match for well-funded, highly motivated adversaries.

Hack weeks and hack-a-thons are like foosball tables; if you don’t have them, are you even a tech company? These events, once revered for innovation, are now relegated to being blasé and often perceived as little more than playtime for engineers. As someone who’s worked in tech for longer than I care to admit, I had started to ignore them - until I came to Forward Networks.

The Medibank hack began with the theft of credentials belonging to an individual with privileged access to Medibank’s internal systems. These credentials were sold and purchased on the dark web by an unconfirmed buyer who used them to gain access to Medibank’s internal system.

The modern approach to application security includes strategies and technologies that help development teams prioritize the vulnerabilities they should address and fix. By giving these teams tools that efficiently identify security vulnerabilities that present the biggest risk, they can address them as quickly as possible. Ori Bach, EVP of Product at Mend, and Harry Mower, Director, AWS CodeSuite, got together for a fireside chat to discuss how to implement these strategies.

The awaited OpenSSL 3.0.7 patch was released on Nov. 1. The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786), which affect all OpenSSL v3 versions up to 3.0.6. These vulnerabilities are remediated in version 3.0.7, which was released Nov. 1. The vulnerabilities fixed include two stack-based buffer overflows in the name constraint checking portion of X.509 certificate verification.

We’ve all heard of the “dark web,” but many of us have no idea what it is and even less of how to access it. The Dark Web, a global challenge to law enforcement, is a region of the World Wide Web accessible only through special software permitting anonymity. Your search engine cannot index the Dark Web’s pages. They are not viewable on your standard web browser, requiring special software or configuration for access.

The length of an average SOC 2 audit depends on a lot of variables, but with Vanta, customers can get a SOC 2 Type I report in weeks, and a SOC 2 Type II report within months. ‍ Audit timelines are difficult to project because each organization has different capabilities, resources, and goals. But after helping thousands of businesses tackle SOC 2 audits, we’ve developed a reliable timeline of what most customers can expect. ‍