Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For folks who are responsible for threat detection of any kind for their organizations, the cloud can often be a difficult area to approach. At the time of writing, Amazon Web Services contains over two hundred services, while the Azure cloud offers six hundred. Each of these services can generate unique telemetry and each surface can present defenders with a unique attack path to handle. Adding to this complexity is the diversity of cloud workload configurations, as well as varying architecture models.

BMO Bank is the 8th largest bank in the United States, employing over 12,000 individuals. The bank manages more than $3 Billion in annual reserves and works with a huge number of customers as it has over 1,000 physical locations across the country. BMO Bank is based in Chicago, Illinois, but has locations throughout the country. If you bank with BMO, your data may be at risk, because the organization was recently hacked and lost a significant amount of customer data.

Risk mitigation is at the heart of cybersecurity. By connecting to the Internet, implementing upgraded IT systems, or adding a new vendor to your organization, you are automatically exposing your business to some level of cyber risk. With outsourcing on the rise and a growing reliance on vendors who are processing, storing, and transmitting sensitive data, assessing and mitigating risk is becoming increasingly important.

Enterprises implementing containers and Kubernetes in either corporate datacenters or cloud environments typically employ Checkpoint Quantum to secure traffic between their datacenter networks and Checkpoint CloudGuard to safeguard their cloud resources. Often these network security perimeter focused solutions are also used to scrutinize traffic originating from Kubernetes clusters.

Back in 2019, OWASP released its first API Top-10 list. It quickly gained widespread acceptance and acknowledgment from the industry about the challenges faced in protecting APIs. Since then, growth in APIs has continued, and the threat landscape also evolved rapidly. OWASP has released an updated API Top 10 2023 with quite a few changes from 2019 to address the changes and provide new insights and recommendations.

Originally published June 1, 2022 In mid-2022, Forescout Research – Vedere Labs developed R4IoT, a proof-of-concept that showed how IoT devices could become entry points for IT and further OT ransomware attacks. The original blog post, below, explains how we came to create R4IoT and why. Our 2023H1 Threat Review included ample evidence that cross-device attacks like R4IoT are now a reality.

On the one hand, your sales department is pushing for new features at an alarming rate, forcing you into faster deployment processes. On the other hand, you have the looming threat of millions of dollars in damages if your security is breached. Software development is all about finding the middle ground – if you can’t compromise on either side, what should you do?

From the inception of the Internet, data security has become a paramount concern.

In the digital age, Android vulnerability scanners, or as some may call them, android app vulnerability scanners, have become an essential tool for maintaining the security of mobile applications. Given Android’s substantial mobile OS market share, it’s a prime target for cyber threats.

Let’s try something a bit different and take a look at some of Trustwave SpiderLabs’ Open Source Intelligence (OSINT) research findings, and exploitation of vulnerable buckets and domains. I published this research internally on February 3, 2023, and here are my findings. Today, I will share with you how deleted S3 buckets could become a liability or threat to your organization and highlight the importance of cybersecurity in data and asset management.