Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SecOps

Automated Developer-First Security: Our Partnership with Snyk

Today’s developers move at increasingly rapid speed – making it more critical than ever to identify and resolve code vulnerabilities early in the software development lifecycle. By tackling security early – instead of waiting until testing and deployment – engineering teams can reduce unnecessary patching and maintenance cycles, reduce risks, and ensure timely delivery of new features.

7 Cybersecurity Best Practices Financial Firms Should Live By

According to the 2021 IBM X-Force Threat Intelligence Index , the finance and insurance industry sector experienced the most cyber attacks for the fourth year in a row. It’s no mystery why: Hackers go where the money is. And according to Verizon's 2021 Data Breach Investigations Report (DBIR), financial gain was the most common motive in data breaches across all industries: 93 percent of breaches involving companies with fewer than 1,000 employees were financially motivated.

5 Common Ways You're Putting Your Company's Cybersecurity at Risk (and How to Do Better)

As the attack surface expands and cyber threats continue to evolve, most organizations make security awareness training a key part of their cybersecurity programs. Especially now with growing evidence that social engineering tactics reap big rewards for bad actors and cataclysmic outcomes for enterprises of every size. To wit, a study has found that 88% of all data breaches involve mistakes by employees.

How to Automate Intune Device Reports with Torq

Whether for managing remote teams, supporting ‘bring your own device’ (BYOD) policies, or simply another layer in a data protection strategy, services like Microsoft Intune offer greater control over the devices on your network. But using the data from these services often requires tedious prep work, and this process is likely repeated multiple times a week, if not daily. Tedious, repetitive, structured: these are all signs that a process can and should be automated.

Outsourcing your SOC

With businesses constantly at risk of cyber threats, leveraging a Security Operations Centre (SOC) is one way for organisations to proactively monitor and manage their threat landscape. Whether it’s in-house or outsourced, a SOC can help companies implement a process-driven security framework that secures business information against the constant threat of a cyber attack.

How Legal Organizations Can Address The Evolving Threat Landscape

Of the many industries attracting threat actor attention, the legal sector is gaining heightened interest from run-of-the-mill cybercriminals and nation-state actors alike. In late February, the State Bar of California disclosed that it experienced a breach allowing access to thousands of case records and case profile data, along with confidential court records.

Critical Authentication Bypass Vulnerability in VMware Products - CVE-2022-22972

On Wednesday, May 18, 2022, VMware published an advisory (VMSA-2022-0014) to address multiple vulnerabilities, including CVE-2022-22972, an authentication bypass vulnerability affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation. This vulnerability was assigned a CVSSv3 score of 9.8, making it a critical vulnerability.

Latest Features Enhance Workflow Creation, Add Modern Controls

The consensus on the state of cybersecurity professionals tends to fall somewhere between “burdened by high volumes of responsibility” and “dangerously understaffed and suffering from unhealthy levels of stress,” depending on how optimistic your source is.

Critical Unauthenticated RCE Vulnerability in Zyxel Firewalls - CVE-2022-30525

On Thursday, May 12, 2022, Zyxel released a patch advisory for an unauthenticated remote code execution (RCE) vulnerability in their line of Firewall products tracked as CVE-2022-30525. The exploitation of this vulnerability can allow a threat actor to modify specific files and execute code remotely on a vulnerable appliance. Proof of Concept (PoC) exploit code for this vulnerability has been made publicly available via multiple sources.