How to Set Yourself Up for Real XDR Success
Extended detection and response (XDR) is all the rage these days. It seems like almost every security vendor now claims to offer XDR functionality. But are those claims based in reality?
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
How CrowdStrike Protects Customers from Threats Delivered via Log4Shell
Recent CrowdStrike Intelligence team findings regarding the Log4Shell (CVE-2021-44228, CVE-2021-45046) vulnerabilities indicate wide-ranging impact. CrowdStrike helps protect customers from threats delivered via this vulnerability using both machine learning and indicators of attack (IOAs).
CVE-2021-45046: New Log4j Vulnerability Discovered
Shortly after the Apache Software Foundation (ASF) released the bug fix for the vulnerability known as Log4Shell or LogJam (CVE-2021-44228), a new vulnerability was discovered in Log4j Java-based logging library, tracked as CVE-2021-45046. While Log4Shell had the maximum CVSS score of 10, this new vulnerability is rated as 3.7, affecting all versions of Log4j between 2.0-beta9 and 2.12.1, as well as between 2.13.0 and 2.15.0.
Introducing Teleport Access Plane for Linux and Windows Hosts
We are excited to welcome Windows hosts to the Teleport Access Plane. For the past 5 years we’ve helped refine our Access Plane for Linux hosts, providing short-lived certificate-based access, RBAC and developer-friendly access to resources. As we’ve rolled Teleport to larger organizations, we found that people wanted the same convenience and security of Teleport but for Windows hosts.
From Days To Minutes: Digital Media Provider Uses Forward Networks To Overhaul Reconciliation
Editor's Note: As leader of our customer success team, Yadhu works directly with our users and their leadership to solve real-world technology problems. This blog is the first of a new series featuring how our customers are using the Forward Enterprise platform to deliver business value. Enterprise IT teams around the world are frustratingly familiar with the process of vendor contract reconciliation, the annual process of ensuring that the support contracts for devices in the network are accurate.
Ensure 'Store passwords using reversible encryption' is set to 'Disabled'
Password storage and encryption are an essential part of your password policy. Reversible encryption is known for being vulnerable to attacks. Therefore, it is crucial to map its usage and try to avoid it as much as possible.
Ugly Sweaters, Season's Greetings, and Cybersecurity Advice - Millennium Homes
This year’s housing market has real estate agents at Millennium Reality traveling from location to location. Using WatchGuard’s AuthPoint provides secure means to verifying their identities no matter where they are.
The SANS Holiday Hack Challenge 2021 - An Interview with Ed Skoudis
For the past three years, Splunk has contributed an objective to the SANS Holiday Hack Challenge. In this interview, Splunk’s Dave Herrald sits down (virtually) with Ed Skoudis of SANS to discuss the Holiday Hack Challenge, Splunk’s involvement, and stories of CTFs gone by.
Practice vs Maturity in CMMC 2.0 Framework
When CMMC was first introduced by the DoD, its purpose was to “normalize and standardized cybersecurity preparedness across the federal government’s Defense Industrial Base or DIB.” Essentially, they recognized a weakness in cybersecurity hygiene practices in their supply chain, and so CMMC became the standard the DIB would be “graded” by to ensure the protection of sensitive or Controlled Unclassified Information (CUI).
58% of Orgs Are Using a Vulnerable Version of Log4j
On December 9, 2021, a zero-day vulnerability in Log4j 2.x was discovered. This vulnerability is of great concern because if it’s successfully exploited, attackers are able to perform a RCE (Remote Code Execution) attack and compromise the affected server. Since we are a cloud-based Software Composition Analysis (SCA) provider, we have useful customer data that gives insight into the scope of the Log4j vulnerability.