Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

NSA list: what you need to know about the top vulnerabilities currently targeted by Chinese hackers Part 1

This week NSA published a list of the top 25 vulnerabilities that Chinese hackers are actively exploiting, and unsurprisingly the list included some of the most prominent CVEs that we’ve covered in our previous risk based vulnerability management blogs.

ContainerDrip - Another Example of Why HTTP Basic Authentication is Flawed

The latest exploit in the series of issues with cloud infrastructure software is called “ContainerDrip” (CVE-2020-15157)and in some cases it can cause you to leak your registry secrets to an attacker. The attack is actually a kind of secret or password leak using request forgery. Your client unintentionally makes an HTTP API request to the attacker’s endpoint where this request contains the container image registry secret.

The evolution of bots: generations 1, 2 & 3

Bots are evolving dramatically and becoming more sophisticated and launching ever more complex and targeted attacks at ever increasing rates. This makes detecting bots more important than ever but also more difficult than ever. Bots of the more recent generations are harder to identify without expert bot detection tooling. These bots could put businesses at risk of exposure to threats such as scraping, carding, and credential stuffing.

Sophisticated phishing

Most of us can think of a time when we received a phishing email. In fact, most phishing emails are easy to identify, and automatically go to spam. However, in this ongoing pandemic, hackers are adopting advanced tactics that cleverly conceal their malicious intentions, and fly under the radar by leveraging the victim’s fear, anxiety, or plain negligence.

Track open source security exposure with Snyk and Datadog

Using open source code makes it easier to build applications, but the freely available nature of open source code introduces the risk of pulling potential security vulnerabilities into your environment. Knowing whether or not customers are actually accessing the vulnerable parts of your application is key to triaging security threats without spending hours fixing an issue that doesn’t affect end users.

Internet of Things toys are fun but raise privacy and socio-political concerns

An estimated 38 billion devices are connected to the internet this year, highlighting the fact that the Internet of Things (IoT) is not a farfetched futuristic concept, but the reality for most of the modern world. Many of these connected devices are toys that children enjoy, but no matter how fun they may be, challenges have come to the surface due to privacy concerns and socio-political issues pertaining to gender-neutral toys.

Application Security Decoded: What It Means For IoT Devices, Security & Privacy | Synopsys

In our new video series, “AppSec Decoded,” Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Centre (CyRC), sat down with Laurie Carr, blog managing editor at Synopsys, to discuss the future of IoT devices and what it means for security and privacy.

More Effective Security Awareness: 3 Tips for NCSAM

It’s often said that humans are the weakest link in cybersecurity. Indeed, I’d have a hard time arguing that a computer that was sealed in a box, untouched by human hand, poses much of a security risk. But a computer that is unused has no purpose. It behooves security practitioners to get smarter about how we teach people to use those machines so that both humans and computers can work together to safely accomplish greater things.

How to Comply with the NIST Cybersecurity Framework

Since NIST Cybersecurity Framework is the best solution for better prevention, detection, and response to cybersecurity incidents, various organizations have adopted it to safeguard their IT assets. The 2019 SANS OT/ICS Cybersecurity Survey spells out the NIST CSF as the number one cybersecurity framework in use today. However, it is imperative to consider that how should we comply with NIST CSF in 2020 and beyond? Here is some help!