Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Too many organizations fail to see advanced threats as they make their way into and through their systems. This is partially because organizations have too many tools feeding them more information than their staff can handle, and partially because those tools are siloed off and improperly managed, preventing comprehensive information and complete understanding of what’s happening within an organization’s IT infrastructure.

For many financial institutions and retail businesses, there is a need to balance the risks associated with payment fraud and advanced persistent threats against the economic imperative to provide excellent customer experiences in a competitive market. When good users are mistakenly flagged as fraudsters and can’t access payment services, customers get angry and brands lose revenue. These false declines result in lost customers, damaged reputation and lower revenue.

Typosquatting goes by many names: URL hijacking, domain mimicry and domain typo-squatting, to name a few. However, they all mean the same thing: malicious attackers register domain names similar to popular websites but with common typos and variations. Typosquatting aims to trick users who mistype the legitimate URL into visiting and using the fraudulent site. It is a widespread practice.

Authentication and authorization are two processes that play a significant role in any web application. These concepts ensure that only trusted individuals are granted access to the resources of the application. Plus, with all the web applications and services we use regularly, it is increasingly difficult to manage credentials for multiple user accounts. SAML technology provides a means for securely logging into multiple applications using a single set of credentials.

The market for Software-as-a-Service (SaaS) applications, or apps, was valued at $186B in 2022, and expected to grow to $700B by 2030, a CAGR of 18%. As organizations adopt more SaaS apps for business-critical operations, they expose sensitive data across an ever larger and more diversified variety of egress points in the cloud. And as attackers tend to follow the data, they are targeting SaaS apps like never before.

Welcome to our technical blog, where we’ll be diving into the world of Graylog and how you can secure your Graylog Server with Transport Layer Security (TLS). As an admin or a tech-savvy user, you know the importance of protecting your Graylog Server and the logs it manages from unauthorized access.

In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. This move prompted malware authors to seek out new ways to distribute their payloads, resulting in an increase in the use of other infection vectors, such as password-encrypted zip files and ISO files.

Kubernetes, and containerization in general, has a wealth of benefits for many teams operating cloud-native applications. From a threat detection standpoint, however, it is often difficult for newcomers to this space to gain the relevant hands-on experience without trampling over production environments. The Sumo Logic team has previously authored articles on Kubernetes DevSecOps vulnerabilities and best practices as well as Kubernetes logging and monitoring.

POV: an important prospect requires all of their partners to get a SOC 2 audit. You’ve just met with your auditing firm and you’ve been tasked with evidence collection, which sounds like tracking down a lot of people and documents. No one can tell you when the RFP knowledge base was last updated. The sales team is asking how long it will take, and can it go faster? You sit back and wonder the same thing: is it possible, and if so, how?

The Cybersecurity and Infrastructure Security Agency (CISA) shared the findings of an investigation by numerous cybersecurity agencies worldwide on May 9th, exposing the malicious cyberespionage operations carried out by the Russian FSB utilizing the “Snake” malware. The US-CERT Alert (AA23-129A) Hunting Russian Intelligence “Snake” Malware provided information about this investigation and takedown (along with attacker TTPs and IOCs).