Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Tsippi Dach explores some notable breaches caused by mis configuration s and how organizations can avoid becoming the next big headline.

According to Microsoft, Zero Trust is now ‘the top security priority’ for 96% of the interviewed security decision makers, while 76% were currently in the process of implementation. 90% of those interviewed stated that they were ‘familiar’ with Zero Trust and able to pass a knowledge test. The nature of this test and the appropriate right answers weren’t provided.

As cyber threats continue to evolve, investing in generic services and off-the-shelf products leaves organisations exposed by failing to deliver the specific outcomes they need. Repeating these investments each year means that the level of security never truly improves, as attackers effectively invest more than the defenders.

Since organizations around the globe began investing more aggressively in their digital transformation by migrating and modernizing applications within the cloud, the value of audit logging has shifted. It has expanded from industries like finance and healthcare to nearly any company with a digital strategy.

WannaCry malware was first discovered in May 2017 and a patch was released roughly two months prior to its public release. However, 230,000 computers were globally affected by WannaCry as of 3/31/2021. It is unfortunate to hear, but many companies remain vulnerable to this attack due to unpatched systems. We often see that by the time some companies update their systems, they have already experienced a breach.

We’re kicking off a new series of blogs featuring some of the best live and recorded content from our consultants with Alex’s ‘The Kill Switch’ talk as seen at the Future of Cybersecurity Event. Alex talks us through a hackers methodology. Focusing on threat sources, threat actors and how to analyse said threats. He then walks through the methodology known as ‘The Kill Chain’.

CISA recently advised U.S. business leaders to protect their companies from destructive malware that has been seen targeting Ukraine. This emphasizes the importance of having the right technologies in place. The automated detection and protection capabilities of the CrowdStrike Falcon platform protect customers from this malware, provide them with visibility into their environments and allow for intelligent monitoring of cloud resources.

Strong, resilient security operations require the proper melding of people, technology, and processes to achieve the goal of reducing the likelihood and impact of cyberthreats. The right security operations center (SOC) will strengthen the overall security resiliency of an organization. The wrong one will tax your team—leading to mistakes, breaches, and losses.

Due diligence is one of the most important steps before starting a partnership with a third-party business, as it reveals any hidden risks or vulnerabilities that could harm your network. In this blog, we will define third-party due diligence, explore the benefits of conducting cybersecurity due diligence, and describe how to get started.

On Jan. 18, 2022, researchers found a heap base buffer overflow flaw (CVE-2022-0185) in the Linux kernel (5.1-rc1+) function “legacy_parse_param” of filesystem context functionality, which allows an out-of-bounds write in kernel memory. Using this primitive, an unprivileged attacker can escalate its privilege to root, bypassing any Linux namespace restrictions.