Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward their possible security implications.

As we approach the new year, many organisations will be working out how to prioritize cybersecurity budgets in 2022. However, with the threat landscape evolving so quickly, what may have offered sufficient protection last year, might no longer be viable. This means security leaders will need to complete an evaluation of their organisation’s security posture.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Social engineering attacks are really common, perhaps due to customer service staff being constantly told to present a helpful persona, especially in these tough times where customer retention is important. Vigilance and process are your best friends here.

Configuration management (CM) is a systems engineering process for establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information throughout its life. Configuration management is a form of IT service management (ITSM) as defined by ITIL that ensures the configuration of system resources, computer systems, servers and other assets are known, good and trusted. It's sometimes referred to as IT automation.

Effective cyber security management requires a careful combination of technology, intelligence and expertise. A Security Operations Centre (SOC) is an effective way to strike this balance, providing the full capabilities needed to detect and respond to threats, 24/7/365.

Over the past few years enterprises and industry leaders have been steadily adopting microservices to drive their business forward. At this point, companies like Amazon, and Google, to name a few, must agree that the microservices style of architecture is much more than a passing trend. Along with the many benefits of updating monolith systems to microservices architecture, there are also new security challenges that organizations need to address.

A sudden surge in acceptance of digital onboarding was observed during 2020.This new reality makes the onboarding of new customers a riskier affair. Over 90% of customers think that companies “could do better” when it comes to onboarding new customers. Either enterprises must collect a lot of information to ensure that onboarding customer is authentic which leads to high dropouts or by collecting less information to maintain user experience they jeopardize their security.

Ransomware is a serious security threat affecting companies of all sizes and industries. While the symptoms (an attack) can be extremely damaging and disruptive, the solution can be simple - proactive prevention through a heavy dose of security hygiene. Here we cover the basics of Ransomware and top tips for securing your organization against it.

We asked our Head of Pen Testing, Jed Kafetz, to outline some of the key benefits of and trends in pen testing and share some tips on how to get into it as a career.