Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the ever-changing world of technology, staying secure is a top priority for many organizations. Identifying and documenting system boundaries is essential for keeping data safe and secure, but what does this mean? In this article, we’ll explore system boundaries, how to identify them, and how to generate system boundary diagrams. By the end of this guide, you’ll be well-versed in understanding system boundaries and creating diagrams that can help keep your information secure!

The team at LimaCharlie continues down the path of changing the way cybersecurity tools and supporting infrastructure are delivered. Details about what has been happening for the month of May, and what is coming up, can be found below. As always, if you have any questions or concerns, please do not hesitate to contact us.

One often-overlooked risk in the bustling ecosystem of open-source software are vulnerabilities introduced through software dependencies. We mention this because today, a malicious actor took over a RubyGems package name with more than two million downloads. Mend.io technology detected the package before it could be used for an attack, but the case of ‘gemnasium-gitlab-service‘ serves as an important reminder of the risk of neglecting dependency management.

Our team has been hard at work creating updates and new features just for you, see what we’ve been up to over the last month.

Most malware security researchers encounter in the wild is written in C or C++. These languages provide low-level system access and control, plus performance, allowing threat actors to create highly efficient and stealthy code. But that doesn’t mean cybercriminals are limited to those two languages. SecurityScorecard recently reverse-engineered the Vjw0rm worm written in JavaScript and the Java-based STRRAT remote access trojan (RAT).

In the past five years, Enterprise Attack Surfaces (EAS) have evolved significantly. EAS refer to the various entry points that cybercriminals can exploit to gain unauthorized access to an organization's digital assets. With the increasing use of cloud-based services, the proliferation of connected devices and the growing reliance on third-party vendors, attack surfaces have become broader, more numerous and more complex.

Amazon Security Lake is a new service from Amazon Web Services (AWS) that is designed to help organizations improve their security posture by automating the collection, normalization, and consolidation of security-related log and event data from integrated AWS services and third-party services (Source Partners). By centralizing all the security data in a single location, organizations can gain greater visibility and identify potential threats more quickly.