2021 is a significant year for aviation. It marks the 20th anniversary of the 9/11 attacks, the worst acts of unlawful interference in the history of aviation. It is also the Year of Security Culture for the ICAO community, which aims to enhance security awareness and foster a security culture throughout the industry.
When Splunk told me we would have a “breach holiday” theme for the summer, I didn’t think it would be quite so on the nose… For those of you who have been working on this Kaseya REvil Ransomware incident over the weekend, I salute you. We’ve been doing the same. As usual, my team here at Splunk likes to make sure that we have some actionable material before posting a blog, and this time is no different.
Service mesh technology emerged with the popularization of microservice architectures. Because service mesh facilitates the separation of networking from the business logic, it enables you to focus on your application’s core competency. Microservice applications are distributed over multiple servers, data centers, or continents, making them highly network dependent.
Detectify is helping tech organizations bring safer web products to market by providing crowdsourced, cloud-based, continuous web app security. Here’s a buyer’s guide on how you can get scaleable application security in 2021 and beyond. There are so many appsec tools out there with the same features. It’s hard to see value clearly amongst all the noise.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. While the sensitive security documents were reported as lost, the published reason as to why saying it is not know sounds rather suspicious. I fully expect this will be brushed under a bush somewhere – much like the documents.
With the constant rise of modern cyber threats, many businesses are aiming for zero-trust infrastructure to keep themselves and their customers safe. But a zero-trust environment, where only authorized people can access information and resources, is often more difficult to implement than anticipated. If security teams and network engineers cannot visualize the network and its possible traffic paths and behaviors, they can’t possibly secure the environment.
Scammers are increasingly resourceful when coming up with scam techniques. But they often rely on long-standing persuasion techniques for the scam to work. So, you may hear about a new scam that uses a novel narrative, but there is a good chance that the scam relies on proven scam techniques once the narrative is stripped away. These scam techniques often exploit our characteristics and heuristics, or things that make us human and fallible.
Users with privileged access to an organization’s systems and networks pose a special threat. External threat actors often target privileged accounts using phishing schemes and social engineering techniques, since gaining control over these credentials helps them move more freely inside the network. Moreover, people sometimes misuse their own privileged accounts; this type of cyberattack takes the longest to discover, according to the Verizon Data Breach Investigation Report.
For our latest expert interview on our blog, we’ve welcomed cybersecurity specialist Tom Kirkham to share his wealth of experience on the topic of cybersecurity. Tom is the founder and CEO of IronTech Security, a managed security service provider (MSSP) that focuses on educating and encouraging law firms, court systems, water utilities, and financial firms to establish a security-first environment with cybersecurity training programs for all workers to prevent successful attacks.
