Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The University of Hawaii Maui College is one of ten branches of the Hawaii public university college system. The school is located in Maui and serves more than 2,500 students annually. This public university is one of many that recently suffered from a data breach exposing students to possible identity theft risks.

The Docker developer ecosystem is continuously growing, and container security is becoming even more important as the Docker developer ecosystem evolves. The developer-friendly Snyk security integration with Docker is invaluable in today’s landscape. Snyk has made significant updates to the Docker Desktop Extension and continues to evolve the extension to ensure the applications and images pushed to the container registry don't have critical vulnerabilities.

Privileged accounts are the root of most threat vectors. So, it’s critical to take proper precautions to prevent catastrophic breaches. However, it often takes extra time and effort to fully recognize and mitigate Privileged Access Management security risks that put your organization at risk.

Welcome to the first DDoS threat report of 2023. DDoS attacks, or distributed denial-of-service attacks, are a type of cyber attack that aim to overwhelm Internet services such as websites with more traffic than they can handle, in order to disrupt them and make them unavailable to legitimate users. In this report, we cover the latest insights and trends about the DDoS attack landscape as we observed across our global network.

Last week, on March 31st, NetSPI researchers announced that they found a cross-tenant Azure vulnerability in the Microsoft Power Platform connectors infrastructure, which allowed them to then access “at least 1,300 secrets/certificates in 180+ vaults”. In this article, we set out to analyze the root cause behind this vulnerability, explain its impact, and provide our own recommendations for Power Platform users and administrators.

In a world where attackers can move fast, security teams need to move faster. According to SANS research from 2022, adversaries can perform intrusion actions within a five-hour window. While analysts need the Millennium Falcon of security technologies that enable threat detection and response in under twelve parsecs, increasingly complex IT environments make the 1-10-60 Framework feel unachievable.

Today, we are happy to announce that version 2.2 of the OT Security Add-On for Splunk is now available on Splunkbase. This update adds capabilities based on industry best practices and customer feedback and is designed to help companies mature in their OT security journey.

The rumors are true: it can get lonely at the top. As a CISO, I have many teams below me, a board of directors to keep happy and an organization to protect. This is nothing new, and at this stage of my career, I’ve become familiar with the many challenges — and even greater rewards — that go hand in hand with leading. Of course, it helps that I’ve been managing from the jump.

A vulnerability is any flaw or weakness within the technology system that cybercriminals can exploit to gain unauthorized access to a network, information assets and software applications. For any organization today, there are plenty of vulnerabilities. Knowing where and how vulnerabilities can exist, you can start to get ahead of them. So, let’s look at the 5 most important types of vulnerabilities.