Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

How are scalping bots threatening your businesses?

Scalper bots, or inventory hoarding bots, are used to disrupt, manipulate, and steal merchandise much faster than any human can. These malicious bots add products to carts, often products that are in high demand or limited supply. This stock is held in a basket and made unavailable to other prospective buyers. Scalper bots perform this process multiple times, causing significant problems for websites and retailers, by hijacking inventory and reselling the items at a higher price.

Synopsys' Seeker IAST wins Best Cloud and Web Application Security category at CybersecAsia Awards

Synopsys is proud to announce that Seeker® IAST won the CybersecAsia 2020 award for Best Cloud and Web Application Security. This award underscores Seeker’s position as an industry leader in functionality and capability, offering best-in-class detection, tracking, and monitoring of sensitive data leakages for today’s modern and complex web, mobile, and cloud-based applications.

Domain controller patch alert! Vulnerability grants domain admin access in 10 seconds

A critical Active Directory vulnerability (CVE-2020-1472) has been making headlines for being the most notorious elevation of privilege bug because it can affect all computers and domain controllers in an organization. This high-risk vulnerability, dubbed Zerologon, gives threat actors easy, instant access to domain controllers without requiring any additional privileges. This attack does not even require a user to be authenticated; the user just needs to be connected to the internal network.

What is threat modeling?

A lot of cybersecurity terminology can sound complex and esoteric. You may hear defensive security specialists, the people who work to secure computers and their networks, talk about threat models and threat modeling a lot. So what is threat modeling? It’s actually pretty simple, and it’s a concept that can not only be applied to computer security, but also to ordinary people in our everyday lives.

CMMC compliance explained: what is the Cybersecurity Maturity Model Certification?

With an escalating cybersecurity threat risk that doesn’t appear to be slowing down, the Department of Defense (DoD) has taken proactive measures in creating the Cybersecurity Maturity Model Certification (CMMC). The CMMC will soon be a requirement for any defense contractors or other vendors that are, or wish to be, working with the DoD .

Be Wise - Prioritize: Taking Application Security To the Next Level

As the number of known vulnerabilities continues to grow every year, software development and application security teams are increasingly relying on vulnerability detection tools throughout development. The result: teams are often overwhelmed with a steady stream of security alerts that must be addressed, and it’s becoming clear that it’s impossible to attempt to fix everything.

Enhancing Observability in DevSecOps

Digital transformation often accelerates innovation at the expense of creating an intelligence gap with massive amounts of unanalyzed data. This is where Continuous Intelligence comes into play. Join Sumo Logic’s Systems Engineer, Suresh Govindachetty, as he demonstrates how Continuous Intelligence helps find and solve information gaps, and how a single platform approach allows organisations to combine devs, operations, and security in ways that ease the burden for all teams across the organisation.

How to Set Up Kubernetes SSO with SAML

Kubernetes has some impressive baked-in role based access controls (RBAC). These controls allow administrators to define nuanced permissions when querying Kubernetes resources, like Pods, Deployments, ReplicaSets, etc. For those familiar with Kubernetes, the value of RBAC is immediately recognizable. A single Kubernetes cluster can contain your organization’s entire CI/CD pipeline, highly available SaaS products, or infrastructure that is in the process of being moved to the cloud.

Barnes & Noble warns customers it has been hacked, customer data may have been accessed

American bookselling giant Barnes & Noble is contacting customers via email, warning them that its network was breached by hackers, and that sensitive information about shoppers may have been accessed. In the email to customers, Barnes & Noble says that it became aware that it had fallen victim to a cybersecurity attack on Saturday October 10th.