Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

How Egnyte and Microsoft Tackle Content Governance for Teams

I sometimes wish someone with gravitas had said, “There is no content without security.” That would have looked good coming from Churchill or Lincoln. But their lack of foresight about content services doesn’t diminish a very important fact, one that carries its own brand of import: the importance of security and governance for a company’s critical data.

Bot Detection - Tips to secure your payment ecosystem from account takeover attacks

With an estimated 37.9% of all internet traffic attributed to bots, and bad bots accounting for more than 50% of that, retailers and financial organizations are struggling to defend against a constant barrage of account takeovers, credential stuffing, card cracking attacks and fake account creation.

SCADA Cybersecurity Framework

SCADA stands for Supervisory Control and Data Acquisition. It is a control system architecture that comprises computer systems, networked data communications, and Graphical User Interface (GUI) for a high-level process supervisory management. In addition, SCADA also incorporates other peripheral devices such as discrete Proportional Integral Derivative (PID) and Programmable Logic Controllers (PLC) to interface with process machinery or plant.

Using Splunk to Detect Abuse of AWS Permanent and Temporary Credentials

Amazon Web Services provides its users with the ability to create temporary credentials via the use of AWS Security Token Service (AWS STS). These temporary credentials work pretty much in the same manner like permanent credentials created from AWS IAM Service. There are however two differences.

How Working Remote May Have Helped Twitter's Hackers

The takeover of high profile Twitter profiles last month on July 15 made headlines when public figures like former President Barack Obama, Jeff Bezos, and Elon Musk began announcing that they wanted to “give back” to the community. But instead of making a donation to a COVID-related charity or something similar, they were promising that if people would send them Bitcoin, then they would return twice as much as they were given.

Remote Code Execution in a Popular Chat App: Easy as Sending a File

Zalo is a chat application on the rise and exceedingly popular in South-East Asia with a user base of over 100 million. In a number of countries, including Vietnam and Myanmar, the application rivals WhatsApp and Facebook Messenger as the most popular chat application. Zalo’s functionality continues to expand with Zalo Pay and Zalo Shop emerging among many new features on the burgeoning super app.

Introducing Datadog Compliance Monitoring

Governance, risk, and compliance (GRC) are major inhibitors for organizations moving to the cloud—and for good reason. Cloud environments are complex, and even a single misconfigured security group can result in a serious data breach. In fact, asset misconfigurations were the leading cause of cloud security breaches in 2019. This puts a lot of pressure on developer and operations teams to properly secure their services and maintain regulatory compliance.

New ESG Survey Report: Modern Application Development Security

As organizations continue to adopt DevSecOps, a methodology that shifts security measures to the beginning of the software development lifecycle (SDLC), roles and processes are evolving. Developers are expected to take on increased security measures – such as application security (AppSec) scans, flaw remediation, and secure coding – and security professionals are expected to take on more of a security oversight role.

New Agent Tesla Variants Capable of Stealing Data from VPNs, Browsers

Some new variants of the Agent Tesla infostealer family are capable of stealing data from multiple VPN clients and web browsers. SentinelOne observed that attackers continue to deploy Agent Tesla across various stages of their operations, as this malware enables criminals with even low levels of technical expertise to manipulate and manage their victims’ infected devices.

Cyber Security Approach for SMEs

I was asked the following recently in an interview for the Irish tech online magazine 'Silicon Republic’; How can companies make sure they are spending on cyber security in the right way? I thought it was a great question. In the article, I answered in general, however it got me thinking on elaborating on this with the particular focus for SMEs, who especially at this time are feeling the pinch of the revenues lost by COVID-19.