Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

14 Cybersecurity Metrics + KPIs to Track

When it comes to protecting sensitive data, preventing data breaches and detecting cyber attacks, you need a way to track whether you're meeting your goals. Key performance indicators (KPIs) are an effective way to measure the success of your cybersecurity program and aid in decision-making. According to PwC, just 22 percent of Chief Executive Officers believe their risk exposure data is comprehensive enough to form decisions. A figure that - alarmingly - hasn't changed in 10 years.

Ignyte UFCU testimonial video

University Federal Credit Union is a #diverse, member-owned cooperative that seeks to bring about #human and social development in full #accordance with International Credit Union Operating Principles. Laura Rea, Senior Manager Assurance Services at UFCU and the #Supervisory Committee were looking for a way to #tie together the #disparate security components and #review them collectively for a better look at the organization’s overall #security posture.

Android Banking Trojans: History, Types, Modus Operandi

One sunny morning, my breakfast was interrupted by a phone call from a friend who is an entrepreneur engaged in the transportation of various goods. He said that $11,000 disappeared from his bank account during the night. The bank support service could not help. They advised my friend to report this incident to the police. The money transfers were made using the mobile application and confirmed via SMS. Everything looked like completely legal financial transactions.

Mac system extensions for threat detection: Part 2

In the previous post, we covered some of the frameworks accessible by kernel extensions that provide information about file system, process, and network events. These frameworks included the Mandatory Access Control Framework, the KAuth framework, and the IP/socket filter frameworks. In this post, we will go into the various tips and tricks that can be used in order to obtain even more information regarding system events.

The top 4 reasons to start monitoring third-party APIs

How resilient is your application? Maybe you've set up a suite of logging tools, an APM, and tests to handle all your own code. What happens when a third-party API goes down? What happens when it stays up, but slows down to the point that your dependent services start to fail? Finding a modern application that doesn't rely on third-party APIs is rare, particularly with the abundance of social login and sharing.

What is the difference between a Vulnerability Assessment & a Penetration Test?

JUMPSEC Jargon Buster - What is the difference between a Vulnerability Assessment & a Penetration Test, Thom explains. Vulnerability assessments typically rely on vulnerability scanning tools to identify technical vulnerabilities making use of pre-configured test cases and signatures. A penetration test takes a contextual view of the target, combining many vulnerabilities and information sources in order to craft specific attacks with the goal of finding security weaknesses. Simply put a penetration test mimiks a skilled attacker, whereas a vulnerability assessment provides a baseline against common known weaknesses.

How does Red Teaming differ from a Penetration Test?

JUMPSEC Jargon Buster - Nikoo explains how Red Teaming differs from a Penetration Test. There are a number of ways that a red teaming exercise differentiate from a pen test. Firstly, the scope of standard penetration test is usually clearly defined with the goal to identify as many vulnerabilities as possible and attempt to exploit them on the stated targets during the engagement.

How to identify phishing emails and what to do

Phishing scams remain one of the most widespread cybercrimes. A phishing scam can be as simple as getting someone to click on a link, attachment, or a picture of cute kittens. I recently received a spam email with the message: “Old friends post embarrassing pictures of Jason Nelson online; click here to see.” Seeing my name in the body or subject line of an email is alarming. That is why scammers word these emails this way.

What are the CIS Controls for Effective Cyber Defense?

The CIS Critical Security Controls are a prioritized set of actions for cybersecurity that form a defense-in-depth set of specific and actionable best practices to mitigate the most common cyber attacks. A principle benefit of the CIS Controls are that they prioritize and focus on a small number of actions that greatly reduce cybersecurity risk.

RDS: Do Not Allow COM Port Redirection- The Policy Expert

Do Not Allow COM Port Redirection will determine whether the redirection of data to client COM ports from the remote computer will be allowed in the RDS session. By default, RDS allows COM port redirection. It can be used, for example, to use a USB dongle in an RDS session.