Teleport will be live at re:Invent from Nov. 30-Dec. 2. If you are there, please stop by Booth 718 and talk to me and the Teleport team about how we can improve your security and compliance of apps running on AWS. If you can’t make it in person, here is my top 10 list of things you should know about AWS and Teleport. Check out our Teleport on AWS page for more info.
Tuesday, November 30th, is National Computer Security Day. Although this special day has been around since 1988, many people are not only unaware of it, but are still also unaware of some of the basic security required for protecting their computing devices. The rise of remote work has stretched the security perimeters of all corporations, and fortunately, there are products, such as Tripwire Enterprise that can help them to protect the organization, from the full computing systems, to data storage.
Threat actors are constantly evolving their tactics and techniques in the attack lifecycle and infiltrate company infrastructure. While most organizations are already performing vulnerability management based on CVEs by MITRE, few have considered the powerful correlations between threat intelligence, CVEs and the ATT&CK® framework. In this blog we highlight the benefits of bringing them together to drive focused remediation and improve cyber defense.
The US Cybersecurity and Infrastructure Agency (CISA) has issued a directive to federal agencies and other public bodies requiring them to take steps to reduce their risk of exploited vulnerabilities. CISA highlights the startling finding that hackers are exploiting up to 290 different vulnerabilities in these agencies.
At our recent Data Security Summit, Bipul Sinha sat down with author and award-winning The New York Times cybersecurity journalist Nicole Perlroth to discuss learnings from her research and thousands of interviews with security leaders, government officials, hackers, spies, and more.
The real risk of business disruption, brand damage, and potential liabilities caused by ransomware attacks has elevated cybersecurity from a technical or operational issue normally handled by security teams, to a major Board level priority and discussion. Even the most sophisticated and mature organizations that once believed their cybersecurity defenses were robust are now rethinking their preparedness and response capabilities required to address the imminent threat of ransomware attacks.
Cyber Monday and the holiday shopping season are around the corner: don’t be the victim of an online shopping scam or cyber security breach. Cyber Monday is here, and the holiday shopping season is in full swing. With some of the world’s biggest brands vulnerable to a Magecart attack, you can’t be too careful with your credit card information.
An enumeration attack is when cybercriminals use brute-force methods to check if certain data exists on a web server database. For simple enumeration attacks, this data could include usernames and passwords. More sophisticated attacks could uncover hostnames, SNMP, and DNS details, and even confirm poor network setting configurations. Every web application module that communicates with a user database could potentially become an enumeration attack vector if left unsecured.
In a recent Tripwire survey, over 300 respondents from both private and public sectors said that implementing Zero Trust Architecture (ZTA) could materially improve cybersecurity outcomes. This result seems like a positive outcome since we don’t often get such a unanimously high confidence level in a specific security approach from survey data.
