Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Influencer marketing is set to be worth $13.8 billion by the end of 2021, rising from $9.7 billion since last year. With many people working from home during the pandemic, monetizing a social media following by creating sponsored posts for brands has become a popular side hustle. This can be seen by the rapid growth of emerging platforms, particularly TikTok which saw over 2 billion downloads in 2020 and a 45% increase in its use by influencers in 2021 to date.

But, as we explored in the first of this two-part series, there are limitations to using the out-of-the-box rules which form part of the technology. In this blog post, we explore how to customise rules, the rule development process and the role of Sigma.

I realized early on that if I didn’t teach my kids how to identify and avoid likely attacks on their laptops and phones, that no one would. Nevertheless, when I see an opportunity for a “teachable security moment” I grab it, and last week this mobile phishes appeared on my phone. I captured a screen shot to share with my children and we played a little “spot the phish” game, where they would point out all the things that made this text suspicious.

In today’s cloud-native, app-first and remote-first world, it has become a considerably more complicated task to verify the identity of a user or a service, and determine policies that say what they are and aren’t allowed to do. Yet, the first half of that problem, authentication, for the most part, is already solved because of standards like Security Assertion Markup Language (SAML), OAuth and Secure Production Identity Framework for Everyone (SPIFFE).

Detectify is driving the future of internet security with automation and crowdsourcing hacker research. It’s focused on helping companies detect anomalies in their web attack surface at scale, and creative automated hacks in the web app layer in time.

John Laban is the Founder & CEO at OpsLevel. This blog post originally appeared on the OpsLevel blog. Snyk is rapidly becoming the de facto standard for businesses that want to build security into their continuous software development processes. And with their developer-first tooling and best-in-class security intelligence, it’s no surprise.

In December 2020, I wrote the article Serialization and deserialization in Java: explaining the Java deserialize vulnerability about the problems Java has with its custom serialization implementation. The serialization framework is so deeply embedded inside Java that knowing how dangerous some implementation can be is important. Insecure deserialization can lead to arbitrary code executions if a gadget chain is created from your classpath classes.

There’s a shift in the world of DevOps. It is no longer enough to create applications and just launch them into the cloud. In a world where entire businesses can exist online, securing your digital assets is as important as creating them. This is where DevSecOps comes in. It is the natural progression of DevOps — with security being a focus as much as the process of creating and launching applications.

67% of the malware downloads Netskope blocks come from popular cloud applications being abused by attackers. One of the services commonly abused by threat actors is Discord, which is abused to host malware such as TroubleGrabber using public attachment URLs. In this blog post, we will analyze a recent DBatLoader (a.k.a. ModiLoader) sample that uses this technique on Discord to deliver a malware known as Warzone (a.k.a. Ave Maria), a Remote Access Trojan created in 2018.

Before I joined the security industry, I was an end user. Coming in with that first-hand experience equips me to talk about secure remote access from multiple perspectives: as a vendor and as a practitioner. This lets me see the technologies available and also understand the drivers and issues engineering orgs face adopting them, particularly with onboarding engineers. I’ve been a support engineer for over 20 years, across Operations and System & Database Administration.