Latest News

DragonForce Ransomware - What You Need To Know

Apr 11, 2024 By Graham Cluley In Tripwire

A relatively new strain of ransomware called DragonForce has making the headlines after a series of high-profile attacks. Like many other ransomware groups, DragonForce attempts to extort money from its victims in two ways - locking companies out of their computers and data through encryption, and exfiltrating data from compromised systems with the threat of releasing it to others via the dark web.

Read Post

Tripwire

Read more about DragonForce Ransomware - What You Need To Know

CVE-2024-3094 Exposed: A Guide to Overcoming XZ/liblzma and Similar Threats Using Calico

Apr 11, 2024 By Reza Ramezanpour In Tigera

Before we start this blog post, let’s acknowledge that the only way to secure your environment from any vulnerability is to update the vulnerable hardware or software with patches that the author or the project community releases. Every other form of mitigation is only a way to provide an extended time for critical applications that cannot be updated immediately.

Read Post

Tigera

Read more about CVE-2024-3094 Exposed: A Guide to Overcoming XZ/liblzma and Similar Threats Using Calico

Equivalency: The Latest FedRamp Memo From DoD

Apr 11, 2024 By Max Aulakh In Ignyte

The Federal Risk and Authorization Management Program has been around for nearly 15 years. In that time, it changed and was updated periodically to keep up with the times. While changes are occasionally made to the underlying security frameworks like FedRAMP, CMMC and the NIST documentation that reviews each security control, there is also communication directly from the Department of Defense and other organizations to issue additional guidance.

Read Post

Ignyte

Read more about Equivalency: The Latest FedRamp Memo From DoD

Nightfall named a "Data Security Solution of the Year"

Apr 11, 2024 By The Nightfall Team In Nightfall

We’re thrilled to announce that Nightfall was selected as the “Data Security Solution of the Year” in the 2024 Data Breakthrough Awards. With enterprises scrambling to stay on the cutting edge of innovation, it’s all too easy to lose sight of data stewardship. In addition to SaaS apps, email, and endpoints, now enterprises must also safeguard their generative AI (GenAI) applications, including both custom and third-party GenAI tools.

Read Post

Nightfall

Read more about Nightfall named a "Data Security Solution of the Year"

DevOps Security Challenges and Best Practices

Apr 11, 2024 By Aranza Trevino In Keeper

Some of the challenges when adopting DevOps security, also known as DevSecOps, are placing too much focus on tools rather than processes, cultural resistance, weak access controls and poor secrets management. While implementing DevOps security comes with its challenges, there are several best practices organizations can follow to make its implementation as effective and seamless as possible, including proper change management, combating secrets sprawl and following the principle of least privilege.

Read Post

Keeper

Read more about DevOps Security Challenges and Best Practices

Hacker Fakes His Own Death To Avoid Child Support Payments

Apr 11, 2024 By Key Dutch In ImmuniWeb

Read also: A former sysadmin sentenced for damaging school's computer network, Russian hacker arrested in Indonesia, and more.

Read Post

ImmuniWeb

Read more about Hacker Fakes His Own Death To Avoid Child Support Payments

Hunting Impacket: Part 1

Apr 11, 2024 By SnapAttack In SnapAttack

Impacket is a collection of Python classes focused on providing tools to understand and manipulate low-level network protocols. This capability enables you to craft or decode packets of a wide variety of protocols such as IP, TCP, UDP, ICMP, and even higher-level protocols like SMB, MSRPC, NetBIOS, and others.

Read Post

SnapAttack

Read more about Hunting Impacket: Part 1

Three Ways To Remove Complexity in TDIR

Apr 11, 2024 By The Graylog Team In Graylog

Gartner identified security technology convergence as one of the key trends both in 2022 and 2023 as a necessity to remove complexity in the industry. Especially for Threat Detection and Incident Response (TDIR), simplification continues to resonate with cyber teams overwhelmed by too many tools and the continuous cutting and pasting from one tool to another.

Read Post

Graylog

Read more about Three Ways To Remove Complexity in TDIR

The Future of Cybersecurity: Leveraging Breach and Attack Simulation for Proactive Defense

Apr 10, 2024 By SecuritySenses In SecuritySenses

The digital landscape is no longer a frontier; it's a full-fledged battlefield. As organizations become increasingly reliant on interconnected technologies, their attack surface expands exponentially. Firewalls and antivirus software, the traditional defense lines, are akin to medieval fortifications in the face of modern artillery. To survive in this ever-evolving warzone, organizations need a proactive approach, a way to anticipate and counter threats before they inflict damage. Enter Breach and Attack Simulation (BAS), a transformative tool poised to revolutionize the future of cybersecurity.

Read Post