Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

CEOs Will Be Personally Liable for Cyber-Physical Security Incidents by 2024

Digital attack attempts in industrial environments are on the rise. In February 2020, IBM X-Force reported that it had observed a 2,000% increase in the attempts by threat actors to target Industrial Control Systems (ICS) and Operational Technology (OT) assets between 2018 and 2010. This surge eclipsed the total number of attacks against organizations’ industrial environments that had occurred over the previous three years combined.

Parsley Health's innovative patient care includes protecting PHI with Nightfall

Parsley Health launched in 2015 as a new approach to healthcare: a focus on holistic health with a hybrid care model of online and in-office visits. Members pay a flat monthly fee to gain access to doctors and health coaches that help manage chronic health concerns like hormonal imbalances and autoimmune disorders. With medical care including labs and doctor visits combined with lifestyle coaching and nutrition support, people can have flexible tools to maintain a healthy lifestyle.

Solving alias_method and prepend Conflicts in Our Ruby Agent

One way that we monitor API calls from within our customer’s applications is through our agent. The Bearer Agent hooks into every API call in order to read the request, read the response, and in some scenarios act upon that information. The agent replaces methods in the HTTP clients with instrumented versions that call the original methods.

The First Critical Step to Building the Modern SOC

The new Devo eBook, Building the Modern SOC, presents four evolutionary steps for creating a highly automated and efficient security operations center (SOC) that empowers analysts. This is the first in a series of blog posts that will introduce the four steps and highlight some of the most important concepts.

The First Critical Step to Building the Modern SOC

The new Devo eBook, Building the Modern SOC, presents four evolutionary steps for creating a highly automated and efficient security operations center (SOC) that empowers analysts. This is the first in a series of blog posts that will introduce the four steps and highlight some of the most important concepts.

Stories from the SOC - Multi-layered defense detects Windows Trojan

Malware infections are common and are often missed by antivirus software. Their impact to critical infrastructure and applications can be devastating to an organization's network, brand and customers if not remediated. With the everchanging nature of cyberattacks, organizations need a layered security strategy. They shouldn’t depend solely on a single layer of security to keep them protected.

OWASP API Security Top 10 (With examples & fixes)

The OWASP, stands for The Open Web Application Security Project, is a non-profit foundation that works to improve application security by listing guidance such as top OWASP API security vulnerabilities and their prevention. Through community-led projects globally, it is a great source for tools, resources, education & training for developers and technologists to secure the web and mobile applications.

Detectify Security Updates for November 16

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

Sysdig extends image scanning to Google Cloud's Artifact Registry

In support of modern application development built on CI/CD, containers and open source, Google Cloud launched Artifact Registry (now generally available), a new artifact management solution. Sysdig helps DevOps teams using Artifact Registry confidently secure the build pipeline with comprehensive image scanning that identifies container vulnerabilities and misconfigurations to reduce risk.