Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Managed security service provider (MSSP): Everything you need to know

The security and compliance landscape is ever-evolving, meaning the demands organizations need to meet today can change rapidly. While most IT teams have defined processes to handle these requirements, they may not have the capacity to address all the tasks necessary to maintain the organization’s security posture. ‍ If your organization has encountered a similar situation before, appointing a managed security service provider (MSSP) can be a solution.

Sysdig 2024 Global Threat Report

We know that cloud attacks happen very quickly. Our 2024 global threat year-in-review, the third annual threat report from the Sysdig Threat Research Team (TRT), revisits the team’s hottest findings from the last 12 months and explores how they relate to the broader cyber threat landscape. This year’s report also includes informed predictions about 2025’s security outlook and potential trends.

Alternative to Apple Cloud Storage: Finding the Best Option for Privacy

Last year, Apple sold 234.6 million iPhones, knocking Samsung off the top spot as the most-sold mobile device since 2010. Each Apple device sold has a default Apple cloud storage plan, iCloud, which offers 5GB of free storage as standard for iPhones, iPads, Macbooks, and iMacs. As Apple's default cloud storage, many may wonder if it is right for them based on needs such as file sharing, backups, accessibility, storage size, security, and privacy.

Update: Broadcom Releases Fix for Incomplete Patch of Critical RCE Vulnerability in VMware vCenter Server and Cloud Foundation (CVE-2024-38812)

On October 21, 2024, Broadcom released updated fixes for the critical Remote Code Execution (RCE) vulnerability CVE-2024-38812 in vCenter Server and Cloud Foundation, as the initial patch from September did not fully resolve the issue. This vulnerability is a heap-overflow flaw in the implementation of the DCERPC protocol that a remote attacker can use to send specially crafted network packets to vCenter Server, potentially leading to RCE.

Web Application Security for DevOps: Site and Origin Dynamics and Cross-Site Request Forgery

This is a continuation of the series on web application security. If you haven't already read through part 1, this is a good time to go back. If not, let's move on and answer the question left hanging during our last installment: how do browsers know which site set the cookies in the first place? And what constitutes the same site?

Attributes and Types of Security Testing

Security testing aims to find vulnerabilities and security weaknesses in the software/ application. By subjecting the software or application to controlled security scenarios, cyber security testing ensures that the system is adequately prepared to withstand attacks and unforeseen failures. Security experts and testers use different types of security testing to identify potential threats, measure the probability of exploitation of vulnerabilities, and gauge the overall risks facing the software/ app.

Top 10 Static Application Security Testing (SAST) Tools in 2025

Imagine you’re all prepared to roll out your latest feature, and suddenly, right before launch, you discover a security vulnerability concealed in your code. Depending on the severity, developers can spend anywhere from 7 hours to days or even months finding and fixing these vulnerabilities. A critical vulnerability could set your release back by weeks, while a simple fix might take a day.

Hooked by the Call: A Deep Dive into The Tricks Used in Callback Phishing Emails

Previously, Trustwave SpiderLabs covered a massive fake order spam scheme that impersonated a tech support company and propagated via Google Groups. Since then, we have observed more spam campaigns using this hybrid form of cyberattack with varying tactics, techniques, and procedures (TTP). Between July and September, we witnessed a 140% increase in these spam campaigns. In this blog, we will showcase the different spam techniques used in these phishing emails.

Creative Approaches to Keeping Cybersecurity Awareness Engaging

In this recorded session, we explore innovative methods to make cybersecurity awareness both effective and engaging. Learn how to incorporate interactive training, gamification, real-world scenarios, and creative communication strategies to keep your team informed and vigilant against potential cyber threats. These fresh approaches will help foster a strong culture of security within your organization while keeping employees motivated and actively involved in maintaining cybersecurity.