Panel: Access at Scale
Moderated by Ben Arent, DevRel Manager at Teleport. Panelists: Joseph Conti, Production Engineer at Jump Trading Group; Chris Spann, Production Engineer.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
What Is MAS TRM?
All financial institutions operating in Singapore are required to comply with the MAS TRM guidelines in order to operate legally. In order to ensure the safety of their operations, customers, as well as the wider financial system, financial institutions are required to conduct regular risk assessments and implement appropriate risk management measures.
Democratized Breach Damage: The Economics Behind Ransomware
In this video, we explore the economics behind ransomware and how it has been democratized through the use of cryptocurrencies like Bitcoin. While the recent breach affecting multiple companies is concerning, the real interesting aspect is the commercial, professional cybercrime as a service economy that has emerged as a result. We discuss how the ability to monetize ransomware has led to its rise and how alternative forms of payment like Amazon vouchers were previously used before the widespread adoption of cryptocurrencies. It's not just about the technology aspect - the economics behind ransomware are equally fascinating.
The Big Fix. OWASP TOP 10 Snyk Learn Path (Cryptography & Outdated Components)
OWASP stands for Open Web Application Security Project. This non-profit foundation works to improve software security. They have published a top 10 list that acts as an awareness document for developers. It represents a broad consensus about the most critical security risks. Our goal at Snyk Learn is to educate developers and one way we do that is by covering the OWASP top 10 list.
What is Slowloris DDoS Attack and How Does it Work?
Slowloris is a type of DDoS (Distributed Denial of Service) attack that exploits web servers to handle incoming connections. In a Slowloris attack, the attacker sends many HTTP requests to the target web server, but unlike a regular DDoS attack, the requests are sent slowly over a long period of time. The attack sends incomplete HTTP requests to keep the connections open for as long as possible. The attacker then mimics this pattern by sending many incomplete requests to the server.
7 Battle-Tested Tips for Using a DAST Scanner
While modern web applications are growing in complexity, the threat landscape is also constantly evolving. It can be difficult for developers to identify and remediate vulnerabilities in their code, especially if they need more expertise in security. As a result, manual application security testing has become ever more challenging and intricate.
Why You Shouldn't Turn Off 2FA
You shouldn’t turn off your Two-Factor Authentication (2FA) because it removes the extra layer of security it adds to your account, making it easier for cybercriminals to compromise it. Keep on reading to learn why 2FA should be left enabled for your online accounts and why it should be added to your accounts if it isn’t already.
Cybersecurity Insights from The World Economic Forum in Davos: Part II
On the final day of the World Economic Forum, we shared SecurityScorecard’s five key cybersecurity insights based on the discussions that dominated our time in Davos, Switzerland. Several weeks later, after gathering our thoughts from everything we saw, heard, and contributed to in Davos, we’d like to expand on our cybersecurity perspectives from the Forum and provide five additional insights.
Secure your Kubernetes clusters with the Kubescape Docker extension
Container adoption in enterprises continues to grow, and Kubernetes has become the de facto standard for deploying and operating containerized applications. At the same time, security is shifting left and should be addressed earlier in the software development lifecycle (SDLC). Security has morphed from being a static gateway at the end of the development process to something that (ideally) is embedded every step of the way. This can potentially increase the effort for engineering and DevOps teams.
Fortinet Patches Critical RCE Vulnerabilities in FortiNAC and FortiWeb
On Thursday, February 16, 2023, Fortinet patched two critical unauthenticated remote code execution vulnerabilities, one impacting FortiNAC (CVE-2022-39952) and one impacting FortiWeb (CVE-2021-42756). Both vulnerabilities were discovered by Fortinet’s Product Security team.