%term

I can use VS Code to hack into your development environment

Jun 8, 2021 By Snyk In Snyk

We have been witnessing an ever-growing amount of supply chain security incidents in the wild. And now, those incidents are starting to extend to the place where developers spend most of their time: their integrated development environment, and specifically the Visual Studio Code IDE. Recently, Snyk has discovered and disclosed vulnerabilities that pose a real and imminent threat to developers who use these extensions. The potential compromise is so significantly severe that a remote code execution on a developer’s machine is possible by simply tricking the developer to click a link.

View Video

Snyk

Read more about I can use VS Code to hack into your development environment

JBS Ransomware Attack Started in March and Much Larger in Scope than Previously Identified

Jun 8, 2021 By Ryan Sherstobitoff In SecurityScorecard

SecurityScorecard also found that 1 in 5 of the world’s food processing, production, and distribution companies rated have a known vulnerability in their exposed Internet assets

Read Post

SecurityScorecard

Read more about JBS Ransomware Attack Started in March and Much Larger in Scope than Previously Identified

See how to Amplify your SIEM by Integrating with the ThreatQ Platform

Jun 8, 2021 By Liz Bush In ThreatQuotient

SIEMs have been around for decades, designed to replace manual log correlation to identify suspicious network activity by normalizing alerts across multiple technology vendors. SIEMs correlate massive amounts of data from the sensor grid (your internal security solutions, mission-critical applications and IT infrastructure). As organizations are looking at ways to mine through SIEM data to find threats and breaches, they are bringing in threat intelligence feeds to help.

Read Post

ThreatQuotient

Read more about See how to Amplify your SIEM by Integrating with the ThreatQ Platform

Teleport Terraform Provider

Jun 8, 2021 By Teleport In Teleport

Docs: https://goteleport.com/docs/setup/guides/terraform-provider/

View Video

Teleport

Read more about Teleport Terraform Provider

Ensure Cloud Security With These Key Metrics

Jun 8, 2021 By Mike Mackrory In Sumo Logic

Over the past decade, the way we build and deploy applications has changed dramatically. The explosion of public cloud providers enables us to deploy software without engaging in a drawn-out process to procure and set up infrastructure. Agile, DevOps, Continuous Integration, Continuous Deployment, and other changes to how we work have dramatically accelerated the speed with which we can get new applications and updates in front of our users.

Read Post

Sumo Logic

Read more about Ensure Cloud Security With These Key Metrics

Operationalizing IP Allow Lists for Cloud Environments

Jun 8, 2021 By Jenko Hwong In Netskope

If applying IP allow lists to the cloud excites you as much Another One Bites the Dust on volume 11, read on. In this blog, I’ll discuss some considerations regarding operationalizing, automating, and increasing the efficacy of IP allow lists in your cloud infrastructure. Although this discussion will be in the context of cloud infrastructure providers such as AWS, GCP, and Azure, it should also be applicable to other cloud infrastructure and application environments.

Read Post

Netskope

Read more about Operationalizing IP Allow Lists for Cloud Environments

Cloud Threats Memo: RDP Misconfigurations and Initial Access Brokers

Jun 8, 2021 By Paolo Passeri In Netskope

A recent study by Sophos has added more fuel to the RDP fire, confirming that the exploitation of this service, when not adequately protected, remains one of the preferred techniques to compromise an organization. Not only has the exposure of RDP servers, driven by the pandemic, led to an exponential increase of brute-force attacks against this service, but it has also encouraged a flourishing market of initial access brokers.

Read Post