What It Means to be Threat Informed
CISO Global's Chief Technology Officer Jerry Dawkins talks about being threat informed in today's cyber landscape.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
How Investing in Security Testing Can Save You Money and Reputation | Megan Brown
Megan Brown, the Head of International Sales at LogicGate, explains how investing in security testing can have a positive impact on your organization’s cyber risk, legal and compliance issues. She talks about how security testing can help you get better rates and coverage from your cyber insurance providers, as well as meet the expectations of your customers. She also discusses the changing standards of security testing and why you need to go beyond just showing your SOC 2 or ISO certifications. Watch this video to learn more about how investing in security testing can benefit your organization in multiple ways.
NetSPI Finds a Power Platform Vulnerability. 4 Things to Do About It
Recent research from penetration testing company NetSPI found that Azure on-premises data gateways allow Power Platform and Power BI to access customer resources and databases. Threat researchers found that these gateways can communicate with Power Platform through an Azure service called Azure Relay (previously known as Azure Service Bus).
Securing the Internet of Things: Understanding the Basics of IoT Security
The Internet of Things (IoT) is a network of interconnected physical objects that are embedded with different kinds of technology, such as sensors, processors, transceivers, or actuators. This technology allows IoT devices to collect and exchange data with each other over the internet or through dedicated wireless networks, enabling them to interact with the physical world in various ways. As the number of IoT devices continues to grow, so too does the need for proper security measures.
The 3CX Supply Chain Attack - Exploiting an Ancient Vulnerability
Supply chain attacks are one of the top concerns for any organization as they exploit (no pun intended) the inherited trust between organizations. Recent examples of similar attacks include SolarWinds and Kaseya. On March 29th, a new supply chain attack was identified targeting 3CX, a VoIP IPXS developer, with North Korean nation-state actors as the likely perpetrators.
Featured Post
A First Look at the Updated OWASP API Security Top 10
As the pioneer in API security, Salt Security worked closely with the Open Web Application Security Project (OWASP) to help identify, define, and educate the security community about API security threats. In fact, Salt was a key contributor to the original OWASP API Security Top 10 list, released in 2019. The OWASP API Security Top 10 list has had a tremendous impact on the industry, increasing awareness and educating organizations on the fastest-growing API security threats. Given the significance of this list, Salt has been actively involved in the foundation's updated 2023 mapping. We are thrilled to see the publication of the initial release candidate.
Developer Roll Up: March 2023
Spring is in the air and the team at LimaCharlie continues on its quest to change the way that cybersecurity tools and supporting infrastructure are delivered. Join us for this month’s live webinar where Matt Bromiley, our Lead Solutions engineer, will be discussing LimaCharlie's detection and response capabilities. In this live webinar, we will look at: This is part two of a multi-part education series (part 1 here), where we look at different ways to utilize the LimaCharlie platform.
The Snyk Perpetual Key Rotation Machine
At Snyk, we think of developers as citizens of a special community. In that community, your collection of apps is your neighborhood — and your code is your home base; your house. How do you secure a house? With a lock! And how do you make sure no one else can unlock that lock? You keep the key! That’s security ideation at its finest: keys. Just ask Vinz Clortho, Keymaster of Gozer.
How Continuous Monitoring is Changing the Security Testing Landscape | Megan Brown
Megan Brown, the Head of International Sales at LogicGate, shares her insights on the emerging trend of continuous monitoring in the security testing space. She talks about how small startups are creating SaaS platforms that use AI and API connections to provide always-on testing for organizations. She also discusses the benefits and challenges of this approach and why she is curious to see how it evolves. Watch this video to learn more about how continuous monitoring is transforming the way we do security testing.
Discovering the Gems of AboutInfoSec: A Cybersecurity Expert's Perspective
Are you a cybersecurity enthusiast or a professional looking for the latest news, insights, and updates on the ever-evolving world of digital security? If so, AboutInfoSec might just be the website you've been looking for. As a cybersecurity expert with over seven years of experience, I've come across my fair share of online resources, but few have impressed me as much as AboutInfoSec. In this article, I'll share some of the most useful and interesting things I've found on this website.